lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220831074324.GD16715@pengutronix.de> Date: Wed, 31 Aug 2022 09:43:24 +0200 From: Oleksij Rempel <o.rempel@...gutronix.de> To: Vladimir Oltean <olteanv@...il.com> Cc: Arun.Ramadoss@...rochip.com, andrew@...n.ch, linux-kernel@...r.kernel.org, UNGLinuxDriver@...rochip.com, vivien.didelot@...il.com, san@...v.dk, linux@...linux.org.uk, f.fainelli@...il.com, kuba@...nel.org, edumazet@...gle.com, pabeni@...hat.com, netdev@...r.kernel.org, Woojung.Huh@...rochip.com, davem@...emloft.net Subject: Re: [Patch net-next v2 0/9] net: dsa: microchip: add support for phylink mac config and link up On Tue, Aug 30, 2022 at 06:05:46PM +0200, Oleksij Rempel wrote: > On Tue, Aug 30, 2022 at 12:58:30PM +0300, Vladimir Oltean wrote: > > Hello, > > > > On Tue, Aug 30, 2022 at 08:15:59AM +0000, Arun.Ramadoss@...rochip.com wrote: > ... > > > Hi Oleksij, > > > Is this Bug related to fix in > > > https://lore.kernel.org/lkml/20220829105810.577903823@linuxfoundation.org/ > > > . > > > It is observed in ksz8794 switch. I think after applying this bug fix > > > patch it should work. I don't have ksz8 series to test. I ran the > > > regression only for ksz9 series switches. > > > > I find it unlikely that the cited patch will fix a NULL pointer > > dereference in ksz_get_gbit(). But rather, some pointer to a structure > > is NULL, and we then dereference a member located at its offset 0x5, no? > > > > My eyes are on this: > > > > const u8 *bitval = dev->info->xmii_ctrl1; > > > > data8 |= FIELD_PREP(P_GMII_1GBIT_M, bitval[P_GMII_NOT_1GBIT]); > > ~~~~~~~~~~~~~~~~ > > this is coincidentally > > also 5 > > ack. > > > See, looking at the struct ksz_chip_data[] array element for KSZ8873 > > that Oleksij mentions as broken, I do not see xmii_ctrl1 and xmii_ctrl2 > > as being pointers to anything. > > > > [KSZ8830] = { > > .chip_id = KSZ8830_CHIP_ID, > > .dev_name = "KSZ8863/KSZ8873", > > .num_vlans = 16, > > .num_alus = 0, > > .num_statics = 8, > > .cpu_ports = 0x4, /* can be configured as cpu port */ > > .port_cnt = 3, > > .ops = &ksz8_dev_ops, > > .mib_names = ksz88xx_mib_names, > > .mib_cnt = ARRAY_SIZE(ksz88xx_mib_names), > > .reg_mib_cnt = MIB_COUNTER_NUM, > > .regs = ksz8863_regs, > > .masks = ksz8863_masks, > > .shifts = ksz8863_shifts, > > .supports_mii = {false, false, true}, > > .supports_rmii = {false, false, true}, > > .internal_phy = {true, true, false}, > > }, > > > > Should we point them to ksz8795_xmii_ctrl0 and ksz8795_xmii_ctrl1? I don't know. > > Could you find out what these should be set to? > > xmii_ctrl0/1 are missing and it make no sense to add it. > KSZ8873 switch is controlling CPU port MII configuration over global, > not port based register. > > I'll better define separate ops for this chip. Hm, not only KSZ8830/KSZ8863/KSZ8873 are affected. ksz8795 compatible series with defined .xmii_ctrl0/.xmii_ctrl1 are broken too. Because it is writing to the global config register over ksz_pwrite8 function. It means, we are writing to 0xa6 instead of 0x06. And to 0xf6 instead of 0x56. -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists