• Huazhong Tan's avatar
    net: hns3: Fix NULL deref when unloading driver · c8a8045b
    Huazhong Tan authored
    When the driver is unloading, if there is a calling of ndo_open occurs
    between phy_disconnect() and unregister_netdev(), it will end up
    causing the kernel to eventually hit a NULL deref:
    
    [14942.417828] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048
    [14942.529878] Mem abort info:
    [14942.551166]   ESR = 0x96000006
    [14942.567070]   Exception class = DABT (current EL), IL = 32 bits
    [14942.623081]   SET = 0, FnV = 0
    [14942.639112]   EA = 0, S1PTW = 0
    [14942.643628] Data abort info:
    [14942.659227]   ISV = 0, ISS = 0x00000006
    [14942.674870]   CM = 0, WnR = 0
    [14942.679449] user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000224ad6ad
    [14942.695595] [0000000000000048] pgd=00000021e6673003, pud=00000021dbf01003, pmd=0000000000000000
    [14942.723163] Internal error: Oops: 96000006 [#1] PREEMPT SMP
    [14942.729358] Modules linked in: hns3(O) hclge(O) pv680_mii(O) hnae3(O) [last unloaded: hclge]
    [14942.738907] CPU: 1 PID: 26629 Comm: kworker/u4:13 Tainted: G           O      4.18.0-rc1-12928-ga960791-dirty #145
    [14942.749491] Hardware name: Huawei Technologies Co., Ltd. D05/D05, BIOS Hi1620 FPGA TB BOOT BIOS B763 08/17/2018
    [14942.760392] Workqueue: events_power_efficient phy_state_machine
    [14942.766644] pstate: 80c00009 (Nzcv daif +PAN +UAO)
    [14942.771918] pc : test_and_set_bit+0x18/0x38
    [14942.776589] lr : netif_carrier_off+0x24/0x70
    [14942.781033] sp : ffff0000121abd20
    [14942.784518] x29: ffff0000121abd20 x28: 0000000000000000
    [14942.790208] x27: ffff0000164d3cd8 x26: ffff8021da68b7b8
    [14942.795832] x25: 0000000000000000 x24: ffff8021eb407800
    [14942.801445] x23: 0000000000000000 x22: 0000000000000000
    [14942.807046] x21: 0000000000000001 x20: 0000000000000000
    [14942.812672] x19: 0000000000000000 x18: ffff000009781708
    [14942.818284] x17: 00000000004970e8 x16: ffff00000816ad48
    [14942.823900] x15: 0000000000000000 x14: 0000000000000008
    [14942.829528] x13: 0000000000000000 x12: 0000000000000f65
    [14942.835149] x11: 0000000000000001 x10: 00000000000009d0
    [14942.840753] x9 : ffff0000121abaa0 x8 : 0000000000000000
    [14942.846360] x7 : ffff000009781708 x6 : 0000000000000003
    [14942.851970] x5 : 0000000000000020 x4 : 0000000000000004
    [14942.857575] x3 : 0000000000000002 x2 : 0000000000000001
    [14942.863180] x1 : 0000000000000048 x0 : 0000000000000000
    [14942.868875] Process kworker/u4:13 (pid: 26629, stack limit = 0x00000000c909dbf3)
    [14942.876464] Call trace:
    [14942.879200]  test_and_set_bit+0x18/0x38
    [14942.883376]  phy_link_change+0x38/0x78
    [14942.887378]  phy_state_machine+0x3dc/0x4f8
    [14942.891968]  process_one_work+0x158/0x470
    [14942.896223]  worker_thread+0x50/0x470
    [14942.900219]  kthread+0x104/0x130
    [14942.903905]  ret_from_fork+0x10/0x1c
    [14942.907755] Code: d2800022 8b400c21 f9800031 9ac32044 (c85f7c22)
    [14942.914185] ---[ end trace 968c9e12eb740b23 ]---
    
    So this patch fixes it by modifying the timing to do phy_connect_direct()
    and phy_disconnect().
    
    Fixes: 256727da ("net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC")
    Signed-off-by: default avatarHuazhong Tan <tanhuazhong@huawei.com>
    Signed-off-by: default avatarPeng Li <lipeng321@huawei.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    c8a8045b
hnae3.h 18.9 KB