Re: net: phy: realtek: regression, kernel null pointer dereference

From: Heiner Kallweit
Date: Fri May 10 2019 - 16:29:39 EST

Next message: Lukas Bulwahn: "Re: [Linux-kernel-mentees] [PATCH] Staging: kpc2000: kpc_dma: resolve checkpath errors and warnings"
Previous message: David Miller: "Re: [PATCH] net: qrtr: use protocol endiannes variable"
In reply to: Vicente Bergas: "net: phy: realtek: regression, kernel null pointer dereference"
Next in thread: Vicente Bergas: "Re: net: phy: realtek: regression, kernel null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10.05.2019 17:05, Vicente Bergas wrote:
> Hello,
> there is a regression on linux v5.1-9573-gb970afcfcabd with a kernel null
> pointer dereference.
> The issue is the commit f81dadbcf7fd067baf184b63c179fc392bdb226e
> Ânet: phy: realtek: Add rtl8211e rx/tx delays config
> which uncovered a bug in phy-core when attempting to call
> Âphydev->drv->read_page
> which can be null.
> The patch to drivers/net/phy/phy-core.c below fixes the kernel null pointer
> dereference. After applying the patch, there is still no network. I have
> also tested the patch to drivers/net/phy/realtek.c, but no success. The
> system hangs forever while initializing eth0.
>
> Any suggestions?
>
The page operation callbacks are missing in the RTL8211E driver.
I just submitted a fix adding these callbacks to few Realtek PHY drivers
including RTl8211E. This should fix the issue.
Nevertheless your proposed patch looks good to me, just one small change
would be needed and it should be splitted.

The change to phy-core I would consider a fix and it should be fine to
submit it to net (net-next is closed currently).

Adding the warning to the Realtek driver is fine, but this would be
something for net-next once it's open again.

> Regards,
> ÂVicenÃ.
>
Heiner

> --- a/drivers/net/phy/phy-core.c
> +++ b/drivers/net/phy/phy-core.c
> @@ -648,11 +648,17 @@
>
> static int __phy_read_page(struct phy_device *phydev)
> {
> +ÂÂÂ if (!phydev->drv->read_page)
> +ÂÂÂÂÂÂÂ return -EOPNOTSUPP;
> +ÂÂÂ
> ÂÂÂÂreturn phydev->drv->read_page(phydev);
> }
>
> static int __phy_write_page(struct phy_device *phydev, int page)
> {
> +ÂÂÂ if (!phydev->drv->write_page)
> +ÂÂÂÂÂÂÂ return -EOPNOTSUPP;
> +
> ÂÂÂÂreturn phydev->drv->write_page(phydev, page);
> }
> --- a/drivers/net/phy/realtek.c
> +++ b/drivers/net/phy/realtek.c
> @@ -214,8 +214,10 @@
> ÂÂÂÂ * for details).
> ÂÂÂÂ */
> ÂÂÂÂoldpage = phy_select_page(phydev, 0x7);
> -ÂÂÂ if (oldpage < 0)
> -ÂÂÂÂÂÂÂ goto err_restore_page;
> +ÂÂÂ if (oldpage < 0) {
> +ÂÂÂÂÂÂÂ dev_warn(&phydev->mdio.dev, "Unable to set rgmii delays\n");

Here phydev_warn() should be used.

> +ÂÂÂÂÂÂÂ return 0;
> +ÂÂÂ }
>
> ÂÂÂÂret = phy_write(phydev, RTL821x_EXT_PAGE_SELECT, 0xa4);
> ÂÂÂÂif (ret)
>
>

Next message: Lukas Bulwahn: "Re: [Linux-kernel-mentees] [PATCH] Staging: kpc2000: kpc_dma: resolve checkpath errors and warnings"
Previous message: David Miller: "Re: [PATCH] net: qrtr: use protocol endiannes variable"
In reply to: Vicente Bergas: "net: phy: realtek: regression, kernel null pointer dereference"
Next in thread: Vicente Bergas: "Re: net: phy: realtek: regression, kernel null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]