lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 24 Nov 2023 16:55:01 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Greg Ungerer <gerg@...nel.org>
Cc: rmk+kernel@...linux.org.uk, hkallweit1@...il.com, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
	netdev@...r.kernel.org
Subject: Re: [PATCHv2 2/2] net: dsa: mv88e6xxx: fix marvell 6350 probe crash

On Fri, Nov 24, 2023 at 02:15:29PM +1000, Greg Ungerer wrote:
> As of commit b92143d4420f ("net: dsa: mv88e6xxx: add infrastructure for
> phylink_pcs") probing of a Marvell 88e6350 switch causes a NULL pointer
> de-reference like this example:
> 
>     ...
>     mv88e6085 d0072004.mdio-mii:11: switch 0x3710 detected: Marvell 88E6350, revision 2
>     8<--- cut here ---
>     Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
>     [00000000] *pgd=00000000
>     Internal error: Oops: 5 [#1] ARM
>     Modules linked in:
>     CPU: 0 PID: 8 Comm: kworker/u2:0 Not tainted 6.7.0-rc2-dirty #26
>     Hardware name: Marvell Armada 370/XP (Device Tree)
>     Workqueue: events_unbound deferred_probe_work_func
>     PC is at mv88e6xxx_port_setup+0x1c/0x44
>     LR is at dsa_port_devlink_setup+0x74/0x154
>     pc : [<c057ea24>]    lr : [<c0819598>]    psr: a0000013
>     sp : c184fce0  ip : c542b8f4  fp : 00000000
>     r10: 00000001  r9 : c542a540  r8 : c542bc00
>     r7 : c542b838  r6 : c5244580  r5 : 00000005  r4 : c5244580
>     r3 : 00000000  r2 : c542b840  r1 : 00000005  r0 : c1a02040
>     ...
> 
> The Marvell 6350 switch has no SERDES interface and so has no
> corresponding pcs_ops defined for it. But during probing a call is made
> to mv88e6xxx_port_setup() which unconditionally expects pcs_ops to exist -
> though the presence of the pcs_ops->pcs_init function is optional.
> 
> Modify code to check for pcs_ops first, before checking for and calling
> pcs_ops->pcs_init. Modify checking and use of pcs_ops->pcs_teardown
> which may potentially suffer the same problem.
> 
> Fixes: b92143d4420f ("net: dsa: mv88e6xxx: add infrastructure for phylink_pcs")
> Signed-off-by: Greg Ungerer <gerg@...nel.org>

Reviewed-by: Andrew Lunn <andrew@...n.ch>

    Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ