From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Wong Vee Khee <vee.khee.wong@linux.intel.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 048/103] net: stmmac: fix kernel panic due to NULL pointer dereference of plat->est
Date: Wed, 1 Sep 2021 14:27:58 +0200 [thread overview]
Message-ID: <20210901122302.188539211@linuxfoundation.org> (raw)
In-Reply-To: <20210901122300.503008474@linuxfoundation.org>
From: Wong Vee Khee <vee.khee.wong@linux.intel.com>
[ Upstream commit 82a44ae113b7b35850f4542f0443fcab221e376a ]
In the case of taprio offload is not enabled, the error handling path
causes a kernel crash due to kernel NULL pointer deference.
Fix this by adding check for NULL before attempt to access 'plat->est'
on the mutex_lock() call.
The following kernel panic is observed without this patch:
RIP: 0010:mutex_lock+0x10/0x20
Call Trace:
tc_setup_taprio+0x482/0x560 [stmmac]
kmem_cache_alloc_trace+0x13f/0x490
taprio_disable_offload.isra.0+0x9d/0x180 [sch_taprio]
taprio_destroy+0x6c/0x100 [sch_taprio]
qdisc_create+0x2e5/0x4f0
tc_modify_qdisc+0x126/0x740
rtnetlink_rcv_msg+0x12b/0x380
_raw_spin_lock_irqsave+0x19/0x40
_raw_spin_unlock_irqrestore+0x18/0x30
create_object+0x212/0x340
rtnl_calcit.isra.0+0x110/0x110
netlink_rcv_skb+0x50/0x100
netlink_unicast+0x191/0x230
netlink_sendmsg+0x243/0x470
sock_sendmsg+0x5e/0x60
____sys_sendmsg+0x20b/0x280
copy_msghdr_from_user+0x5c/0x90
__mod_memcg_state+0x87/0xf0
___sys_sendmsg+0x7c/0xc0
lru_cache_add+0x7f/0xa0
_raw_spin_unlock+0x16/0x30
wp_page_copy+0x449/0x890
handle_mm_fault+0x921/0xfc0
__sys_sendmsg+0x59/0xa0
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
---[ end trace b1f19b24368a96aa ]---
Fixes: b60189e0392f ("net: stmmac: Integrate EST with TAPRIO scheduler API")
Cc: <stable@vger.kernel.org> # 5.10.x
Signed-off-by: Wong Vee Khee <vee.khee.wong@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c
index 8c2eae2a7efd..22c34474e617 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c
@@ -781,11 +781,13 @@ static int tc_setup_taprio(struct stmmac_priv *priv,
return 0;
disable:
- mutex_lock(&priv->plat->est->lock);
- priv->plat->est->enable = false;
- stmmac_est_configure(priv, priv->ioaddr, priv->plat->est,
- priv->plat->clk_ptp_rate);
- mutex_unlock(&priv->plat->est->lock);
+ if (priv->plat->est) {
+ mutex_lock(&priv->plat->est->lock);
+ priv->plat->est->enable = false;
+ stmmac_est_configure(priv, priv->ioaddr, priv->plat->est,
+ priv->plat->clk_ptp_rate);
+ mutex_unlock(&priv->plat->est->lock);
+ }
return ret;
}
--
2.30.2
next prev parent reply other threads:[~2021-09-01 12:41 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-01 12:27 [PATCH 5.10 000/103] 5.10.62-rc1 review Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 001/103] net: qrtr: fix another OOB Read in qrtr_endpoint_post Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 002/103] bpf: Fix ringbuf helper function compatibility Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 003/103] bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 004/103] ASoC: rt5682: Adjust headset volume button threshold Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 005/103] ASoC: component: Remove misplaced prefix handling in pin control functions Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 006/103] ARC: Fix CONFIG_STACKDEPOT Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 007/103] netfilter: conntrack: collect all entries in one cycle Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 008/103] once: Fix panic when module unload Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 009/103] blk-iocost: fix lockdep warning on blkcg->lock Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 010/103] ovl: fix uninitialized pointer read in ovl_lookup_real_one() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 011/103] net: mscc: Fix non-GPL export of regmap APIs Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 012/103] can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 013/103] ceph: correctly handle releasing an embedded cap flush Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 014/103] riscv: Ensure the value of FP registers in the core dump file is up to date Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 015/103] Revert "btrfs: compression: dont try to compress if we dont have enough pages" Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 016/103] drm/amdgpu: Cancel delayed work when GFXOFF is disabled Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 017/103] Revert "USB: serial: ch341: fix character loss at high transfer rates" Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 018/103] USB: serial: option: add new VID/PID to support Fibocom FG150 Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 019/103] usb: renesas-xhci: Prefer firmware loading on unknown ROM state Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 020/103] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 021/103] usb: dwc3: gadget: Stop EP0 transfers during pullup disable Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 022/103] scsi: core: Fix hang of freezing queue between blocking and running device Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 023/103] RDMA/bnxt_re: Add missing spin lock initialization Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 024/103] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 025/103] RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 026/103] ice: do not abort devlink info if board identifier cant be found Greg Kroah-Hartman
2021-09-01 19:42 ` Pavel Machek
2021-09-01 20:10 ` Pavel Machek
2021-09-01 20:49 ` Keller, Jacob E
2021-09-02 5:56 ` Pavel Machek
2021-09-01 12:27 ` [PATCH 5.10 027/103] net: usb: pegasus: fixes of set_register(s) return value evaluation; Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 028/103] igc: fix page fault when thunderbolt is unplugged Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 029/103] igc: Use num_tx_queues when iterating over tx_ring queue Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 030/103] e1000e: Fix the max snoop/no-snoop latency for 10M Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 031/103] e1000e: Do not take care about recovery NVM checksum Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 032/103] RDMA/efa: Free IRQ vectors on error flow Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 033/103] ip_gre: add validation for csum_start Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 034/103] xgene-v2: Fix a resource leak in the error handling path of xge_probe() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 035/103] net: marvell: fix MVNETA_TX_IN_PRGRS bit number Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 036/103] ucounts: Increase ucounts reference counter before the security hook Greg Kroah-Hartman
2021-09-01 14:25 ` Eric W. Biederman
2021-09-01 16:40 ` Greg Kroah-Hartman
2021-09-01 17:26 ` Eric W. Biederman
2021-09-02 13:04 ` Sasha Levin
2021-09-02 14:28 ` Alexey Gladkov
2021-09-02 18:06 ` Eric W. Biederman
2021-09-03 4:57 ` Greg Kroah-Hartman
2021-09-03 5:00 ` Greg Kroah-Hartman
2021-09-03 6:50 ` Greg Kroah-Hartman
2021-09-03 14:14 ` Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 037/103] net/sched: ets: fix crash when flipping from strict to quantum Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 038/103] ipv6: use siphash in rt6_exception_hash() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 039/103] ipv4: use siphash instead of Jenkins in fnhe_hashfun() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 040/103] cxgb4: dont touch blocked freelist bitmap after free Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 041/103] rtnetlink: Return correct error on changing device netns Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 042/103] net: hns3: clear hardware resource when loading driver Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 043/103] net: hns3: add waiting time before cmdq memory is released Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 044/103] net: hns3: fix duplicate node in VLAN list Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 045/103] net: hns3: fix get wrong pfc_en when query PFC configuration Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 046/103] Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 047/103] net: stmmac: add mutex lock to protect est parameters Greg Kroah-Hartman
2021-09-01 20:09 ` Pavel Machek
2021-09-02 13:51 ` Sasha Levin
2021-09-01 12:27 ` Greg Kroah-Hartman [this message]
2021-09-01 12:27 ` [PATCH 5.10 049/103] drm/i915: Fix syncmap memory leak Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 050/103] usb: gadget: u_audio: fix race condition on endpoint stop Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 051/103] dt-bindings: sifive-l2-cache: Fix select matching Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 052/103] perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 053/103] clk: renesas: rcar-usb2-clock-sel: Fix kernel NULL pointer dereference Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 054/103] iwlwifi: pnvm: accept multiple HW-type TLVs Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 055/103] opp: remove WARN when no valid OPPs remain Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 056/103] cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 057/103] virtio: Improve vq->broken access to avoid any compiler optimization Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 058/103] virtio_pci: Support surprise removal of virtio pci device Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 059/103] virtio_vdpa: reject invalid vq indices Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 060/103] vringh: Use wiov->used to check for read/write desc order Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 061/103] tools/virtio: fix build Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 062/103] qed: qed ll2 race condition fixes Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 063/103] qed: Fix null-pointer dereference in qed_rdma_create_qp() Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 064/103] Revert "drm/amd/pm: fix workload mismatch on vega10" Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 065/103] drm/amd/pm: change the workload type for some cards Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 066/103] blk-mq: dont grab rqs refcount in blk_mq_check_expired() Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 067/103] drm: Copy drm_wait_vblank to user before returning Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 068/103] drm/nouveau/disp: power down unused DP links during init Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 069/103] drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 070/103] net/rds: dma_map_sg is entitled to merge entries Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 071/103] btrfs: fix race between marking inode needs to be logged and log syncing Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 072/103] pipe: avoid unnecessary EPOLLET wakeups under normal loads Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 073/103] pipe: do FASYNC notifications for every pipe IO, not just state changes Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 074/103] mtd: spinand: Fix incorrect parameters for on-die ECC Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 075/103] tipc: call tipc_wait_for_connect only when dlen is not 0 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 076/103] vt_kdsetmode: extend console locking Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 077/103] Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 078/103] riscv: Fixup wrong ftrace remove cflag Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 079/103] riscv: Fixup patch_text panic in ftrace Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 080/103] perf env: Fix memory leak of bpf_prog_info_linear member Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 081/103] perf symbol-elf: Fix memory leak by freeing sdt_note.args Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 082/103] perf record: Fix memory leak in vDSO found using ASAN Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 083/103] perf tools: Fix arm64 build error with gcc-11 Greg Kroah-Hartman
2021-09-01 12:28 ` Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 084/103] perf annotate: Fix jump parsing for C++ code Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 085/103] powerpc/perf: Invoke per-CPU variable access with disabled interrupts Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 086/103] srcu: Provide internal interface to start a Tree SRCU grace period Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 087/103] srcu: Provide polling interfaces for Tree SRCU grace periods Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 088/103] srcu: Provide internal interface to start a Tiny SRCU grace period Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 089/103] srcu: Make Tiny SRCU use multi-bit grace-period counter Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 090/103] srcu: Provide polling interfaces for Tiny SRCU grace periods Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 091/103] tracepoint: Use rcu get state and cond sync for static call updates Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 092/103] usb: typec: ucsi: acpi: Always decode connector change information Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 093/103] usb: typec: ucsi: Work around PPM losing " Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 094/103] usb: typec: ucsi: Clear pending after acking connector change Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 095/103] net: dsa: mt7530: fix VLAN traffic leaks again Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 096/103] lkdtm: Enable DOUBLE_FAULT on all architectures Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 097/103] arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 098/103] btrfs: fix NULL pointer dereference when deleting device by invalid id Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 099/103] kthread: Fix PF_KTHREAD vs to_kthread() race Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 100/103] Revert "floppy: reintroduce O_NDELAY fix" Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 101/103] Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 102/103] net: dont unconditionally copy_from_user a struct ifreq for socket ioctls Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 103/103] audit: move put_tree() to avoid trim_trees refcount underflow and UAF Greg Kroah-Hartman
2021-09-01 16:59 ` [PATCH 5.10 000/103] 5.10.62-rc1 review Fox Chen
2021-09-01 19:24 ` Jon Hunter
2021-09-01 20:08 ` Pavel Machek
2021-09-01 21:21 ` Shuah Khan
2021-09-01 21:48 ` Florian Fainelli
2021-09-02 1:07 ` Samuel Zou
2021-09-02 8:06 ` Naresh Kamboju
2021-09-02 11:55 ` Sudip Mukherjee
2021-09-02 21:58 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210901122302.188539211@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vee.khee.wong@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.