• Mohammad Athari Bin Ismail's avatar
    net: stmmac: Fix kernel panic due to NULL pointer dereference of fpe_cfg · 63c173ff
    Mohammad Athari Bin Ismail authored
    In this patch, "net: stmmac: support FPE link partner hand-shaking
    procedure", priv->plat->fpe_cfg wouldn`t be "devm_kzalloc"ed if
    dma_cap->frpsel is 0 (Flexible Rx Parser is not supported in SoC) in
    tc_init(). So, fpe_cfg will be remain as NULL and accessing it will cause
    kernel panic.
    
    To fix this, move the "devm_kzalloc"ing of priv->plat->fpe_cfg before
    dma_cap->frpsel checking in tc_init(). Additionally, checking of
    priv->dma_cap.fpesel is added before calling stmmac_fpe_link_state_handle()
    as only FPE supported SoC is allowed to call the function.
    
    Below is the kernel panic dump reported by Marek Szyprowski
    <m.szyprowski@samsung.com>:
    
    meson8b-dwmac ff3f0000.ethernet eth0: PHY [0.0:00] driver [RTL8211F Gigabit Ethernet] (irq=35)
    meson8b-dwmac ff3f0000.ethernet eth0: No Safety Features support found
    meson8b-dwmac ff3f0000.ethernet eth0: PTP not supported by HW
    meson8b-dwmac ff3f0000.ethernet eth0: configuring for phy/rgmii link mode
    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000001
    Mem abort info:
    ...
    user pgtable: 4k pages, 48-bit VAs, pgdp=00000000044eb000
    [0000000000000001] pgd=0000000000000000, p4d=0000000000000000
    Internal error: Oops: 96000004 [#1] PREEMPT SMP
    Modules linked in: dw_hdmi_i2s_audio dw_hdmi_cec meson_gxl realtek meson_gxbb_wdt snd_soc_meson_axg_sound_card dwmac_generic axg_audio meson_dw_hdmi crct10dif_ce snd_soc_meson_card_utils snd_soc_meson_axg_tdmout panfrost rc_odroid gpu_sched reset_meson_audio_arb meson_ir snd_soc_meson_g12a_tohdmitx snd_soc_meson_axg_frddr sclk_div clk_phase snd_soc_meson_codec_glue dwmac_meson8b snd_soc_meson_axg_fifo stmmac_platform meson_rng meson_drm stmmac rtc_meson_vrtc rng_core meson_canvas pwm_meson dw_hdmi mdio_mux_meson_g12a pcs_xpcs snd_soc_meson_axg_tdm_interface snd_soc_meson_axg_tdm_formatter nvmem_meson_efuse display_connector
    CPU: 1 PID: 7 Comm: kworker/u8:0 Not tainted 5.12.0-rc4-next-20210325+
    Hardware name: Hardkernel ODROID-C4 (DT)
    Workqueue: events_power_efficient phylink_resolve
    pstate: 20400009 (nzCv daif +PAN -UAO -TCO BTYPE=--)
    pc : stmmac_mac_link_up+0x14c/0x348 [stmmac]
    lr : stmmac_mac_link_up+0x284/0x348 [stmmac] ...
    Call trace:
     stmmac_mac_link_up+0x14c/0x348 [stmmac]
     phylink_resolve+0x104/0x420
     process_one_work+0x2a8/0x718
     worker_thread+0x48/0x460
     kthread+0x134/0x160
     ret_from_fork+0x10/0x18
    Code: b971ba60 350007c0 f958c260 f9402000 (39400401)
    ---[ end trace 0c9deb6c510228aa ]---
    
    Fixes: 5a558611 ("net: stmmac: support FPE link partner hand-shaking
    procedure")
    Reported-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
    Signed-off-by: default avatarMohammad Athari Bin Ismail <mohammad.athari.ismail@intel.com>
    Tested-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    63c173ff
stmmac_main.c 166 KB