Re: [PATCH] [stable, netdev 4.4+] lan78xx: make sure RX_ADDRL & RX_ADDRH regs are always up to date

From: Sasha Levin
Date: Wed Nov 07 2018 - 19:18:00 EST

Next message: Stephen Boyd: "Re: [PATCH v9 3/5] clk: imx: add SCCG PLL type"
Previous message: Eric Wong: "Re: radeon vs radeonfb Mobility quirks (Thinkpad X32)"
In reply to: Paolo Pisati: "[PATCH] [stable, netdev 4.4+] lan78xx: make sure RX_ADDRL & RX_ADDRH regs are always up to date"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 07, 2018 at 05:50:57PM +0100, Paolo Pisati wrote:

[partial backport upstream 760db29bdc97b73ff60b091315ad787b1deb5cf5]

Upon invocation, lan78xx_init_mac_address() checks that the mac address present
in the RX_ADDRL & RX_ADDRH registers is a valid address, if not, it first tries
to read a new address from an external eeprom or the otp area, and in case both
read fail (or the address read back is invalid), it randomly generates a new
one.

Unfortunately, due to the way the above logic is laid out,
if both read_eeprom() and read_otp() fail, a new mac address is correctly
generated but is never written back to RX_ADDRL & RX_ADDRH, leaving the chip in an
incosistent state and with an invalid mac address (e.g. the nic appears to be
completely dead, and doesn't receive any packet, etc):

lan78xx_init_mac_address()
...
if (lan78xx_read_eeprom(addr ...) || lan78xx_read_otp(addr ...)) {
if (is_valid_ether_addr(addr) {
// nop...
} else {
random_ether_addr(addr);
}

// correctly writes back the new address
lan78xx_write_reg(RX_ADDRL, addr ...);
lan78xx_write_reg(RX_ADDRH, addr ...);
} else {
// XXX if both eeprom and otp read fail, we land here and skip
// XXX the RX_ADDRL & RX_ADDRH update completely
random_ether_addr(addr);
}

This bug went unnoticed because lan78xx_read_otp() was buggy itself and would
never fail, up until 4bfc338 "lan78xx: Correctly indicate invalid OTP"
fixed it and as a side effect uncovered this bug.

4.18+ is fine, since the bug was implicitly fixed in 760db29 "lan78xx: Read MAC
address from DT if present" when the address change logic was reorganized, but
it's still present in all stable trees below that: linux-4.4.y, linux-4.9.y,
linux-4.14.y, etc up to linux-4.18.y (not included).

Signed-off-by: Paolo Pisati <p.pisati@xxxxxxxxx>

So why not just take 760db29bdc completely? It looks safer than taking a
partial backport, and will make applying future patches easier.

I tried to do it and it doesn't look like there are any dependencies
that would cause an issue.

--
Thanks,
Sasha

Next message: Stephen Boyd: "Re: [PATCH v9 3/5] clk: imx: add SCCG PLL type"
Previous message: Eric Wong: "Re: radeon vs radeonfb Mobility quirks (Thinkpad X32)"
In reply to: Paolo Pisati: "[PATCH] [stable, netdev 4.4+] lan78xx: make sure RX_ADDRL & RX_ADDRH regs are always up to date"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]