RE: net: macb: linux-next: null pointer dereference in phylink_major_config()

From: Parshuram Raju Thombare
Date: Wed Nov 04 2020 - 08:53:58 EST


Hi Nicolas,

Thanks for reporting this.
It seems NULL pointer dereference is happening in following line.

437 static void phylink_major_config(struct phylink *pl, bool restart,
438 const struct phylink_link_state *state)
439 {
......
457 err = pl->pcs_ops->pcs_config(pl->pcs, pl->cur_link_an_mode,
458 state->interface,
459 state->advertising,
460 !!(pl->link_config.pause &
461 MLO_PAUSE_AN));

Because of pcs_config = NULL in pcs_ops registered for non 10GBASE-R modes here.

777 if (interface == PHY_INTERFACE_MODE_10GBASER)
778 bp->phylink_pcs.ops = &macb_phylink_usx_pcs_ops;
779 else
780 bp->phylink_pcs.ops = &macb_phylink_pcs_ops;
781
782 phylink_set_pcs(bp->phylink, &bp->phylink_pcs);

This should have been something
if (interface == PHY_INTERFACE_MODE_10GBASER)
bp->phylink_pcs.ops = &macb_phylink_usx_pcs_ops;
else if (interface == PHY_INTERFACE_MODE_SGMII)
bp->phylink_pcs.ops = &macb_phylink_pcs_ops;
else
bp->phylink_pcs.ops = NULL;

if (bp->phylink_pcs.ops)
phylink_set_pcs(bp->phylink, &bp->phylink_pcs);


Regards,
Parshuram Thombare

>-----Original Message-----
>From: Nicolas.Ferre@xxxxxxxxxxxxx <Nicolas.Ferre@xxxxxxxxxxxxx>
>Sent: Wednesday, November 4, 2020 6:59 PM
>To: Parshuram Raju Thombare <pthombar@xxxxxxxxxxx>; kuba@xxxxxxxxxx;
>linux-arm-kernel@xxxxxxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx
>Cc: Claudiu.Beznea@xxxxxxxxxxxxx; Santiago.Esteban@xxxxxxxxxxxxx;
>andrew@xxxxxxx; davem@xxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
>linux@xxxxxxxxxxxxxxx; harini.katakam@xxxxxxxxxx; michal.simek@xxxxxxxxxx
>Subject: net: macb: linux-next: null pointer dereference in phylink_major_config()
>
>EXTERNAL MAIL
>
>
>Hi,
>
>Heads-up on this kernel Oops that happened and has been observed on
>linux-next since 20201103 and was not existing in 20201030.
>
>I didn't went further until now but wanted to report it
>as soon as possible.
>Could it be related to newly included patch
>e4e143e26ce8 ("net: macb: add support for high speed interface")?
>
>Tell us if you saw it on other platforms or if you couldn't reproduce it.
>
>[..]
>Linux version 5.10.0-rc2-next-20201104 (root@linux-ci-43h78-cjbps) (arm-linux-
>gnueabihf-gcc (GNU Toolchain for the A-profile Architecture 8.3-2019.03 (arm-
>rel-8.36)) 8.3.0, GNU ld (GNU Toolchain for the A-profile Architecture 8.3-
>2019.03 (arm-rel-8.36)) 2.32.0.20190321) #2 Wed Nov 4 07:31:39 UTC 2020
>
>[..]
>OF: fdt: Machine model: Atmel SAMA5D4 Xplained
>
>[..]
>libphy: Fixed MDIO Bus: probed
>libphy: MACB_mii_bus: probed
>macb f8020000.ethernet eth0: Cadence GEM rev 0x00020120 at 0xf8020000 irq
>27 (fc:c2:3d:0d:eb:27)
>
>[..]
>
>Configuring network interfaces...
>macb f8020000.ethernet eth0: PHY [f8020000.ethernet-ffffffff:01] driver [Micrel
>KSZ8081 or KSZ8091] (irq=46)
>macb f8020000.ethernet eth0: configuring for phy/rmii link mode
>8<--- cut here ---
>Unable to handle kernel NULL pointer dereference at virtual address 00000000
>pgd = 8fd7a220
>[00000000] *pgd=00000000
>Internal error: Oops: 80000005 [#1] ARM
>Modules linked in:
>CPU: 0 PID: 250 Comm: ip Not tainted 5.10.0-rc2-next-20201104 #2
>Hardware name: Atmel SAMA5
>PC is at 0x0
>LR is at phylink_major_config+0x84/0x1a8
>pc : [<00000000>] lr : [<c0509ebc>] psr: a0050013
>sp : c1cdb8f0 ip : c09530c4 fp : c09530d4
>r10: c12204e0 r9 : 00000000 r8 : 00000001
>r7 : 00000001 r6 : 00000000 r5 : c1cdb918 r4 : c1266800
>r3 : c1cdb918 r2 : 00000007 r1 : 00000000 r0 : c1221100
>Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
>Control: 10c53c7d Table: 21d60059 DAC: 00000051
>Process ip (pid: 250, stack limit = 0x362b1cfa)
>Stack: (0xc1cdb8f0 to 0xc1cdc000)
>b8e0: 00000001 c0a58564 c1cdb8f0 c1266800
>b900: c0d03208 c1cdb918 c1220000 c050b3c8 c0a4bc38 00000000 00000000
>00000000
>b920: 00000000 00000000 00000000 00000000 00000007 ffffffff 000000ff
>00000000
>b940: 00000000 a0250c4f c12204e0 00000000 dfbf0318 c051c450 c12206a4
>c1220000
>b960: c1221000 c1220668 00000001 c051fbac 00000000 fffffff1 c1220000
>c0d03208
>b980: c09530d4 c1cdbd48 00001002 c1cdbd48 c1cdbd48 c064af9c 00000000
>00000000
>b9a0: 00000000 c1220000 c1cdbd48 a0250c4f 00000000 c1220000 00000001
>00001003
>b9c0: c0d03208 c064b368 00000000 00000000 00000000 00000000 00000000
>a0250c4f
>b9e0: 00000000 c1220000 00001002 00000000 c1220138 c1cdbc68 c1082810
>c064b3e0
>ba00: c0d03208 c1cdbb88 c1220000 c1d29900 c1cdbc68 c0656f20 00000000
>00000000
>ba20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>ba40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>ba60: 00000000 a0250c4f 00000000 c1082820 c1d29900 c1082800 c1cdbd48
>a0250c4f
>ba80: c1cdbd48 c1082800 c1220000 00000000 c1cdbd48 00000000 00000000
>00000000
>baa0: c097c1dc c065d2c4 c1cdbb88 c1cdbc68 00000000 c1220000 c0d3cce0
>c1082810
>bac0: 00000000 c0d03208 c1d44a00 c1d29900 00000009 c070df20 c1d29900
>00000000
>bae0: 00000000 00000000 00000000 00000000 00000000 00000000 c1bd0000
>c0d3d72c
>bb00: 00000180 c03a6a70 c1d29900 c1bd03c0 c1d29900 c03a6ab4 c1d29900
>c065c0d0
>bb20: 00000003 a0250c4f c0656170 c1cdbb54 c0d03208 c068a824 f601f5ae
>c101e000
>bb40: c1cdbb38 00040000 02940000 00000000 00010000 00000000 c068a2c8
>c0688238
>bb60: c1cc7c00 c0d03208 a0250c4f c1cc7c00 c1d29900 000003bc c1087400
>c1087564
>bb80: f601f5ae c0d03208 00000000 00000000 00000000 00000000 00000000
>00000000
>bba0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bbc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bbe0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bc00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bc20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bc40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bc60: 00000000 00000000 c1082800 00000000 00000000 00000000 00000000
>00000000
>bc80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
>00000000
>bca0: 00000000 00000000 c0d03208 c064ce3c 00000000 a0250c4f 00000000
>c1d44a00
>bcc0: c1d29900 c1082800 c1cdbd48 c1d29900 c1cdbd48 c1082800 c0d5fb34
>c065d548
>bce0: 00000000 00000000 c0d03208 c0d5fb34 c1d29900 c0657e90 c1d09ac0
>c10800c0
>bd00: c0d03208 c1cdbf60 000003bc c0d03208 c1d41bbc c1cdbd3c c0d03208
>a0250c4f
>bd20: 00000000 c1d29900 c0d03208 c0657c48 c1082800 00000020 00000000
>c0d03208
>bd40: 00000000 c068cb10 00000000 00000000 00000000 00000000 00000000
>00000000
>bd60: 00000000 00000000 00000000 a0250c4f c1087400 00000020 c1d29900
>c1cc7400
>bd80: c1cc7564 c068c270 7fffffff a0250c4f 00000008 c1cdbf58 c0d03208
>c1cc7400
>bda0: c1d29900 00000020 00000000 c068c4d8 00000001 c035ca40 00000000
>c1cdbe64
>bdc0: 00000000 c1cdbe64 c1024780 00000000 000000fa 00000000 00000000
>a0250c4f
>bde0: 00000000 c1cdbf58 c068c318 00000000 c0d03208 c15b9a80 c1cdbe0c
>00000000
>be00: 00000020 c0628408 00000000 00000000 c0d03208 c0629af8 c1cdbe60
>c1cdbf60
>be20: 00000000 c101e000 bea7176c a0250c4f 00000000 c0d03208 c1cdbf58
>00000000
>be40: c15b9a80 00000000 00000000 00000128 00546cc0 c0629b84 00000000
>02940000
>be60: 00000000 bea7179c 00000020 c068a2c8 c0688238 00040000 02940000
>00000000
>be80: 00010000 00000000 c068a2c8 a0250c4f 00000007 ffffffff c15b9c70
>c097b500
>bea0: c0d03208 00000010 00000000 00000000 5ac3c35a a0050013 00000000
>c1cdbebc
>bec0: c1cdbebc a0250c4f fffffe30 c1c76300 002e0003 c15b9c70 c15e4110
>c101b490
>bee0: fffffe30 c0d03208 5ac3c35a c01cdc68 00000000 c15b9c70 00000000
>00000000
>bf00: c1d0aaa8 00000000 c1c804c4 c1c80180 00000000 c1c804c4 5ac3c35a
>c012ed04
>bf20: ffffe000 a0250c4f c0100264 c0d03208 bea71718 00000000 c15b9a80
>c0100264
>bf40: c1cda000 c0629f7c 00000000 00000000 00000000 fffffff7 c1cdbea4
>0000000c
>bf60: 00000005 00000000 00000000 c1cdbe6c 00000000 c1cdbfb0 00000000
>c1c76301
>bf80: 00000000 00000000 00000000 a0250c4f b6f644d0 00000000 00000010
>b6f644d0
>bfa0: 00000128 c0100060 00000000 00000010 00000003 bea71718 00000000
>00000000
>bfc0: 00000000 00000010 b6f644d0 00000128 00547008 5aa2f689 00000000
>00546cc0
>bfe0: 00000128 bea716b8 b6e8cd7f b6e0eba6 60050030 00000003 00000000
>00000000
>[<c0509ebc>] (phylink_major_config) from [<c050b3c8>]
>(phylink_start+0x190/0x33c)
>[<c050b3c8>] (phylink_start) from [<c051c450>]
>(macb_phylink_connect+0x40/0xb4)
>[<c051c450>] (macb_phylink_connect) from [<c051fbac>]
>(macb_open+0x1e0/0x2a0)
>[<c051fbac>] (macb_open) from [<c064af9c>] (__dev_open+0xfc/0x180)
>[<c064af9c>] (__dev_open) from [<c064b368>]
>(__dev_change_flags+0x16c/0x1cc)
>[<c064b368>] (__dev_change_flags) from [<c064b3e0>]
>(dev_change_flags+0x18/0x48)
>[<c064b3e0>] (dev_change_flags) from [<c0656f20>] (do_setlink+0x2d8/0xbdc)
>[<c0656f20>] (do_setlink) from [<c065d2c4>] (__rtnl_newlink+0x4e8/0x72c)
>[<c065d2c4>] (__rtnl_newlink) from [<c065d548>] (rtnl_newlink+0x40/0x5c)
>[<c065d548>] (rtnl_newlink) from [<c0657e90>]
>(rtnetlink_rcv_msg+0x248/0x2c0)
>[<c0657e90>] (rtnetlink_rcv_msg) from [<c068cb10>]
>(netlink_rcv_skb+0xb8/0x110)
>[<c068cb10>] (netlink_rcv_skb) from [<c068c270>]
>(netlink_unicast+0x188/0x230)
>[<c068c270>] (netlink_unicast) from [<c068c4d8>]
>(netlink_sendmsg+0x1c0/0x408)
>[<c068c4d8>] (netlink_sendmsg) from [<c0628408>]
>(____sys_sendmsg+0x1a4/0x238)
>[<c0628408>] (____sys_sendmsg) from [<c0629b84>]
>(___sys_sendmsg+0x6c/0x98)
>[<c0629b84>] (___sys_sendmsg) from [<c0629f7c>] (__sys_sendmsg+0x50/0x8c)
>[<c0629f7c>] (__sys_sendmsg) from [<c0100060>] (ret_fast_syscall+0x0/0x58)
>Exception stack(0xc1cdbfa8 to 0xc1cdbff0)
>bfa0: 00000000 00000010 00000003 bea71718 00000000 00000000
>bfc0: 00000000 00000010 b6f644d0 00000128 00547008 5aa2f689 00000000
>00546cc0
>bfe0: 00000128 bea716b8 b6e8cd7f b6e0eba6
>Code: bad PC value
>---[ end trace f10e0fdf87618077 ]---
>
>Best regards,
>--
>Nicolas Ferre