[PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state()

dillon.minfei@gmail.com posted 1 patch 1 month, 2 weeks ago
drivers/net/ethernet/freescale/fec_main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state()
Posted by dillon.minfei@gmail.com 1 month, 2 weeks ago
From: Dillon Min <dillon.minfei@gmail.com>

fec_ptp_init() called at probe stage when 'bufdesc_ex' is true.
so, need add 'bufdesc_ex' check before call fec_ptp_save_state(),
else 'tmreg_lock' will not be init by spin_lock_init().

run into kernel panic:
[    5.735628] Hardware name: Freescale MXS (Device Tree)
[    5.740816] Call trace:
[    5.740853]  unwind_backtrace from show_stack+0x10/0x14
[    5.748788]  show_stack from dump_stack_lvl+0x44/0x60
[    5.753970]  dump_stack_lvl from register_lock_class+0x80c/0x888
[    5.760098]  register_lock_class from __lock_acquire+0x94/0x2b84
[    5.766213]  __lock_acquire from lock_acquire+0xe0/0x2e0
[    5.771630]  lock_acquire from _raw_spin_lock_irqsave+0x5c/0x78
[    5.777666]  _raw_spin_lock_irqsave from fec_ptp_save_state+0x14/0x68
[    5.784226]  fec_ptp_save_state from fec_restart+0x2c/0x778
[    5.789910]  fec_restart from fec_probe+0xc68/0x15e0
[    5.794977]  fec_probe from platform_probe+0x58/0xb0
[    5.800059]  platform_probe from really_probe+0xc4/0x2cc
[    5.805473]  really_probe from __driver_probe_device+0x84/0x19c
[    5.811482]  __driver_probe_device from driver_probe_device+0x30/0x110
[    5.818103]  driver_probe_device from __driver_attach+0x94/0x18c
[    5.824200]  __driver_attach from bus_for_each_dev+0x70/0xc4
[    5.829979]  bus_for_each_dev from bus_add_driver+0xc4/0x1ec
[    5.835762]  bus_add_driver from driver_register+0x7c/0x114
[    5.841444]  driver_register from do_one_initcall+0x4c/0x224
[    5.847205]  do_one_initcall from kernel_init_freeable+0x198/0x224
[    5.853502]  kernel_init_freeable from kernel_init+0x10/0x108
[    5.859370]  kernel_init from ret_from_fork+0x14/0x38
[    5.864524] Exception stack(0xc4819fb0 to 0xc4819ff8)
[    5.869650] 9fa0:                                     00000000 00000000 00000000 00000000
[    5.877901] 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    5.886148] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    5.892838] 8<--- cut here ---
[    5.895948] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read

Fixes: a1477dc87dc4 ("net: fec: Restart PPS after link state change")
Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
---
 drivers/net/ethernet/freescale/fec_main.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index 60fb54231ead..1b55047c0237 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -1077,7 +1077,8 @@ fec_restart(struct net_device *ndev)
 	u32 rcntl = OPT_FRAME_SIZE | 0x04;
 	u32 ecntl = FEC_ECR_ETHEREN;
 
-	fec_ptp_save_state(fep);
+	if (fep->bufdesc_ex)
+		fec_ptp_save_state(fep);
 
 	/* Whack a reset.  We should wait for this.
 	 * For i.MX6SX SOC, enet use AXI bus, we use disable MAC
@@ -1340,7 +1341,8 @@ fec_stop(struct net_device *ndev)
 			netdev_err(ndev, "Graceful transmit stop did not complete!\n");
 	}
 
-	fec_ptp_save_state(fep);
+	if (fep->bufdesc_ex)
+		fec_ptp_save_state(fep);
 
 	/* Whack a reset.  We should wait for this.
 	 * For i.MX6SX SOC, enet use AXI bus, we use disable MAC
-- 
2.25.1