| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220831074324.GD16715@pengutronix.de>
Date: Wed, 31 Aug 2022 09:43:24 +0200
From: Oleksij Rempel <o.rempel@...gutronix.de>
To: Vladimir Oltean <olteanv@...il.com>
Cc: Arun.Ramadoss@...rochip.com, andrew@...n.ch,
linux-kernel@...r.kernel.org, UNGLinuxDriver@...rochip.com,
vivien.didelot@...il.com, san@...v.dk, linux@...linux.org.uk,
f.fainelli@...il.com, kuba@...nel.org, edumazet@...gle.com,
pabeni@...hat.com, netdev@...r.kernel.org,
Woojung.Huh@...rochip.com, davem@...emloft.net
Subject: Re: [Patch net-next v2 0/9] net: dsa: microchip: add support for
phylink mac config and link up
On Tue, Aug 30, 2022 at 06:05:46PM +0200, Oleksij Rempel wrote:
> On Tue, Aug 30, 2022 at 12:58:30PM +0300, Vladimir Oltean wrote:
> > Hello,
> >
> > On Tue, Aug 30, 2022 at 08:15:59AM +0000, Arun.Ramadoss@...rochip.com wrote:
> ...
> > > Hi Oleksij,
> > > Is this Bug related to fix in
> > > https://lore.kernel.org/lkml/20220829105810.577903823@linuxfoundation.org/
> > > .
> > > It is observed in ksz8794 switch. I think after applying this bug fix
> > > patch it should work. I don't have ksz8 series to test. I ran the
> > > regression only for ksz9 series switches.
> >
> > I find it unlikely that the cited patch will fix a NULL pointer
> > dereference in ksz_get_gbit(). But rather, some pointer to a structure
> > is NULL, and we then dereference a member located at its offset 0x5, no?
> >
> > My eyes are on this:
> >
> > const u8 *bitval = dev->info->xmii_ctrl1;
> >
> > data8 |= FIELD_PREP(P_GMII_1GBIT_M, bitval[P_GMII_NOT_1GBIT]);
> > ~~~~~~~~~~~~~~~~
> > this is coincidentally
> > also 5
>
> ack.
>
> > See, looking at the struct ksz_chip_data[] array element for KSZ8873
> > that Oleksij mentions as broken, I do not see xmii_ctrl1 and xmii_ctrl2
> > as being pointers to anything.
> >
> > [KSZ8830] = {
> > .chip_id = KSZ8830_CHIP_ID,
> > .dev_name = "KSZ8863/KSZ8873",
> > .num_vlans = 16,
> > .num_alus = 0,
> > .num_statics = 8,
> > .cpu_ports = 0x4, /* can be configured as cpu port */
> > .port_cnt = 3,
> > .ops = &ksz8_dev_ops,
> > .mib_names = ksz88xx_mib_names,
> > .mib_cnt = ARRAY_SIZE(ksz88xx_mib_names),
> > .reg_mib_cnt = MIB_COUNTER_NUM,
> > .regs = ksz8863_regs,
> > .masks = ksz8863_masks,
> > .shifts = ksz8863_shifts,
> > .supports_mii = {false, false, true},
> > .supports_rmii = {false, false, true},
> > .internal_phy = {true, true, false},
> > },
> >
> > Should we point them to ksz8795_xmii_ctrl0 and ksz8795_xmii_ctrl1? I don't know.
> > Could you find out what these should be set to?
>
> xmii_ctrl0/1 are missing and it make no sense to add it.
> KSZ8873 switch is controlling CPU port MII configuration over global,
> not port based register.
>
> I'll better define separate ops for this chip.
Hm, not only KSZ8830/KSZ8863/KSZ8873 are affected. ksz8795 compatible
series with defined .xmii_ctrl0/.xmii_ctrl1 are broken too. Because it
is writing to the global config register over ksz_pwrite8 function. It
means, we are writing to 0xa6 instead of 0x06. And to 0xf6 instead of
0x56.
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists