From patchwork Fri Mar 26 09:10:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohammad Athari Bin Ismail X-Patchwork-Id: 12166029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50769C433DB for ; Fri, 26 Mar 2021 09:13:04 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D946461A32 for ; Fri, 26 Mar 2021 09:13:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D946461A32 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:MIME-Version:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=5IVau/dFNMsl6r1ThvOft/LdUigMLpl6MstGBvcibCM=; b=Kd6TA5ywp7IUPNWLUjQu7WUsvK OxQokmaRAzvMIZrcheXmwOdVhr2UFfnz76RejxgoWLKFGHCY5lv/UUH5U/BTmWdImoKmcWBgiuvX8 GdlzPRx3HJTLvHIfxS88EIyhbIeS5g1OxWnFgDmp0Kr2Yax87yswbMkDauRUogi/lX54lvz+5gAtI 9uF85nN8Z5wi1H+wK9g2UOkDmpDDhc1SV0jX86/7E63Q5e2XXPMUykuYSgtxmldgy4fYKC9Bn1VUQ hL8PAPRYmudrAmgco2gE5h1V/Y4TE8azKCYP3W1Lrj6XQ7/SgvE2CwbSJsZT7t7NTR2KPKCClYy2t aVBjwLww==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lPiUv-00358a-5U; Fri, 26 Mar 2021 09:11:17 +0000 Received: from mga14.intel.com ([192.55.52.115]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lPiUq-00356z-LS for linux-arm-kernel@lists.infradead.org; Fri, 26 Mar 2021 09:11:14 +0000 IronPort-SDR: sDjd3giog6RYV7Z9wFgJTGxBgS9j1vwCy/TFNDDrzxADlZ67TTsgJ9gT+mtV+ujAM7jPCNx97D lYKaWJ7usHOw== X-IronPort-AV: E=McAfee;i="6000,8403,9934"; a="190547916" X-IronPort-AV: E=Sophos;i="5.81,280,1610438400"; d="scan'208";a="190547916" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Mar 2021 02:11:05 -0700 IronPort-SDR: TSNpPYngjz1bCdJYwcrM5FrvgT970Uy9njyWKJv1snBYWQKILjtzkcJJTfKHnTNHnPflxV6olg KIYvnOQdJP1Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,280,1610438400"; d="scan'208";a="594113441" Received: from mismail5-ilbpg0.png.intel.com ([10.88.229.82]) by orsmga005.jf.intel.com with ESMTP; 26 Mar 2021 02:10:57 -0700 From: mohammad.athari.ismail@intel.com To: Giuseppe Cavallaro , Alexandre Torgue , Jose Abreu , "David S . Miller" , Jakub Kicinski , Maxime Coquelin , Russell King , Marek Szyprowski Cc: Ong Boon Leong , Voon Weifeng , vee.khee.wong@intel.com, Tan Tee Min , netdev@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, mohammad.athari.ismail@intel.com Subject: [PATCH net-next] net: stmmac: Fix kernel panic due to NULL pointer dereference of fpe_cfg Date: Fri, 26 Mar 2021 17:10:46 +0800 Message-Id: <20210326091046.26391-1-mohammad.athari.ismail@intel.com> X-Mailer: git-send-email 2.17.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210326_091113_181304_79F09D8B X-CRM114-Status: GOOD ( 13.89 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Mohammad Athari Bin Ismail In this patch, "net: stmmac: support FPE link partner hand-shaking procedure", priv->plat->fpe_cfg wouldn`t be "devm_kzalloc"ed if dma_cap->frpsel is 0 (Flexible Rx Parser is not supported in SoC) in tc_init(). So, fpe_cfg will be remain as NULL and accessing it will cause kernel panic. To fix this, move the "devm_kzalloc"ing of priv->plat->fpe_cfg before dma_cap->frpsel checking in tc_init(). Additionally, checking of priv->dma_cap.fpesel is added before calling stmmac_fpe_link_state_handle() as only FPE supported SoC is allowed to call the function. Below is the kernel panic dump reported by Marek Szyprowski : meson8b-dwmac ff3f0000.ethernet eth0: PHY [0.0:00] driver [RTL8211F Gigabit Ethernet] (irq=35) meson8b-dwmac ff3f0000.ethernet eth0: No Safety Features support found meson8b-dwmac ff3f0000.ethernet eth0: PTP not supported by HW meson8b-dwmac ff3f0000.ethernet eth0: configuring for phy/rgmii link mode Unable to handle kernel NULL pointer dereference at virtual address 0000000000000001 Mem abort info: ... user pgtable: 4k pages, 48-bit VAs, pgdp=00000000044eb000 [0000000000000001] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: dw_hdmi_i2s_audio dw_hdmi_cec meson_gxl realtek meson_gxbb_wdt snd_soc_meson_axg_sound_card dwmac_generic axg_audio meson_dw_hdmi crct10dif_ce snd_soc_meson_card_utils snd_soc_meson_axg_tdmout panfrost rc_odroid gpu_sched reset_meson_audio_arb meson_ir snd_soc_meson_g12a_tohdmitx snd_soc_meson_axg_frddr sclk_div clk_phase snd_soc_meson_codec_glue dwmac_meson8b snd_soc_meson_axg_fifo stmmac_platform meson_rng meson_drm stmmac rtc_meson_vrtc rng_core meson_canvas pwm_meson dw_hdmi mdio_mux_meson_g12a pcs_xpcs snd_soc_meson_axg_tdm_interface snd_soc_meson_axg_tdm_formatter nvmem_meson_efuse display_connector CPU: 1 PID: 7 Comm: kworker/u8:0 Not tainted 5.12.0-rc4-next-20210325+ Hardware name: Hardkernel ODROID-C4 (DT) Workqueue: events_power_efficient phylink_resolve pstate: 20400009 (nzCv daif +PAN -UAO -TCO BTYPE=--) pc : stmmac_mac_link_up+0x14c/0x348 [stmmac] lr : stmmac_mac_link_up+0x284/0x348 [stmmac] ... Call trace: stmmac_mac_link_up+0x14c/0x348 [stmmac] phylink_resolve+0x104/0x420 process_one_work+0x2a8/0x718 worker_thread+0x48/0x460 kthread+0x134/0x160 ret_from_fork+0x10/0x18 Code: b971ba60 350007c0 f958c260 f9402000 (39400401) ---[ end trace 0c9deb6c510228aa ]--- Fixes: 5a5586112b92 ("net: stmmac: support FPE link partner hand-shaking procedure") Reported-by: Marek Szyprowski Signed-off-by: Mohammad Athari Bin Ismail Tested-by: Marek Szyprowski --- .../net/ethernet/stmicro/stmmac/stmmac_main.c | 6 ++++-- .../net/ethernet/stmicro/stmmac/stmmac_tc.c | 20 +++++++++---------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c index 170296820af0..27faf5e49360 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c @@ -997,7 +997,8 @@ static void stmmac_mac_link_down(struct phylink_config *config, stmmac_eee_init(priv); stmmac_set_eee_pls(priv, priv->hw, false); - stmmac_fpe_link_state_handle(priv, false); + if (priv->dma_cap.fpesel) + stmmac_fpe_link_state_handle(priv, false); } static void stmmac_mac_link_up(struct phylink_config *config, @@ -1097,7 +1098,8 @@ static void stmmac_mac_link_up(struct phylink_config *config, stmmac_set_eee_pls(priv, priv->hw, true); } - stmmac_fpe_link_state_handle(priv, true); + if (priv->dma_cap.fpesel) + stmmac_fpe_link_state_handle(priv, true); } static const struct phylink_mac_ops stmmac_phylink_mac_ops = { diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c index 1d84ee359808..4e70efc45458 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c @@ -254,6 +254,16 @@ static int tc_init(struct stmmac_priv *priv) priv->flow_entries_max); } + if (!priv->plat->fpe_cfg) { + priv->plat->fpe_cfg = devm_kzalloc(priv->device, + sizeof(*priv->plat->fpe_cfg), + GFP_KERNEL); + if (!priv->plat->fpe_cfg) + return -ENOMEM; + } else { + memset(priv->plat->fpe_cfg, 0, sizeof(*priv->plat->fpe_cfg)); + } + /* Fail silently as we can still use remaining features, e.g. CBS */ if (!dma_cap->frpsel) return 0; @@ -298,16 +308,6 @@ static int tc_init(struct stmmac_priv *priv) dev_info(priv->device, "Enabling HW TC (entries=%d, max_off=%d)\n", priv->tc_entries_max, priv->tc_off_max); - if (!priv->plat->fpe_cfg) { - priv->plat->fpe_cfg = devm_kzalloc(priv->device, - sizeof(*priv->plat->fpe_cfg), - GFP_KERNEL); - if (!priv->plat->fpe_cfg) - return -ENOMEM; - } else { - memset(priv->plat->fpe_cfg, 0, sizeof(*priv->plat->fpe_cfg)); - } - return 0; }