All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Fainelli <f.fainelli@gmail.com>
To: "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>
Cc: "stable@vger.kernel.org" <stable@vger.kernel.org>,
	Mao Wenan <maowenan@huawei.com>,
	"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH for v4.9 LTS 035/111] net: phy: Fix lack of reference count on PHY driver
Date: Mon, 5 Jun 2017 09:56:18 -0700	[thread overview]
Message-ID: <ea9ff9d0-0484-ddcf-0299-536700b261c9@gmail.com> (raw)
In-Reply-To: <20170605121509.jshvm2h3gsmdpyvt@sasha-lappy>

On 06/05/2017 05:15 AM, Levin, Alexander (Sasha Levin) wrote:
> On Sun, Jun 04, 2017 at 10:17:49AM -0700, Florian Fainelli wrote:
>> Hi Alex,
>>
>> On 06/04/2017 01:12 AM, Levin, Alexander (Sasha Levin) wrote:
>>> From: Mao Wenan <maowenan@huawei.com>
>>>
>>> [ Upstream commit cafe8df8b9bc9aa3dffa827c1a6757c6cd36f657 ]
>>>
>>> There is currently no reference count being held on the PHY driver,
>>> which makes it possible to remove the PHY driver module while the PHY
>>> state machine is running and polling the PHY. This could cause crashes
>>> similar to this one to show up:
>>>
>>> [   43.361162] BUG: unable to handle kernel NULL pointer dereference at 0000000000000140
>>> [   43.361162] IP: phy_state_machine+0x32/0x490
>>> [   43.361162] PGD 59dc067
>>> [   43.361162] PUD 0
>>> [   43.361162]
>>> [   43.361162] Oops: 0000 [#1] SMP
>>> [   43.361162] Modules linked in: dsa_loop [last unloaded: broadcom]
>>> [   43.361162] CPU: 0 PID: 1299 Comm: kworker/0:3 Not tainted 4.10.0-rc5+ #415
>>> [   43.361162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>>> BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014
>>> [   43.361162] Workqueue: events_power_efficient phy_state_machine
>>> [   43.361162] task: ffff880006782b80 task.stack: ffffc90000184000
>>> [   43.361162] RIP: 0010:phy_state_machine+0x32/0x490
>>> [   43.361162] RSP: 0018:ffffc90000187e18 EFLAGS: 00000246
>>> [   43.361162] RAX: 0000000000000000 RBX: ffff8800059e53c0 RCX:
>>> ffff880006a15c60
>>> [   43.361162] RDX: ffff880006782b80 RSI: 0000000000000000 RDI:
>>> ffff8800059e5428
>>> [   43.361162] RBP: ffffc90000187e48 R08: ffff880006a15c40 R09:
>>> 0000000000000000
>>> [   43.361162] R10: 0000000000000000 R11: 0000000000000000 R12:
>>> ffff8800059e5428
>>> [   43.361162] R13: ffff8800059e5000 R14: 0000000000000000 R15:
>>> ffff880006a15c40
>>> [   43.361162] FS:  0000000000000000(0000) GS:ffff880006a00000(0000)
>>> knlGS:0000000000000000
>>> [   43.361162] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [   43.361162] CR2: 0000000000000140 CR3: 0000000005979000 CR4:
>>> 00000000000006f0
>>> [   43.361162] Call Trace:
>>> [   43.361162]  process_one_work+0x1b4/0x3e0
>>> [   43.361162]  worker_thread+0x43/0x4d0
>>> [   43.361162]  ? __schedule+0x17f/0x4e0
>>> [   43.361162]  kthread+0xf7/0x130
>>> [   43.361162]  ? process_one_work+0x3e0/0x3e0
>>> [   43.361162]  ? kthread_create_on_node+0x40/0x40
>>> [   43.361162]  ret_from_fork+0x29/0x40
>>> [   43.361162] Code: 56 41 55 41 54 4c 8d 67 68 53 4c 8d af 40 fc ff ff
>>> 48 89 fb 4c 89 e7 48 83 ec 08 e8 c9 9d 27 00 48 8b 83 60 ff ff ff 44 8b
>>> 73 98 <48> 8b 90 40 01 00 00 44 89 f0 48 85 d2 74 08 4c 89 ef ff d2 8b
>>>
>>> Keep references on the PHY driver module right before we are going to
>>> utilize it in phy_attach_direct(), and conversely when we don't use it
>>> anymore in phy_detach().
>>>
>>> Signed-off-by: Mao Wenan <maowenan@huawei.com>
>>> [florian: rebase, rework commit message]
>>> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
>>> Signed-off-by: David S. Miller <davem@davemloft.net>
>>>
>>> Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
>>
>> This commit alone will cause problems, you will also need to pick this
>> one on top of it:
>>
>> 6d9f66ac7fec2a6ccd649e5909806dfe36f1fc25 ("net: phy: Fix PHY module
>> checks and NULL deref in phy_attach_direct()")
> 
> Should I also be grabbing a7dac9f9c1
> ("phy: fix error case of phy_led_triggers_(un)register")?
> 
> It says it fixes a commit that's not in -stable, but it looks like it's
> still relevant even without that commit.

No, you don't have to pick this one, it does indeed fix something that
was only introduced in 4.10 and newer.

Thanks!
-- 
Florian

  reply	other threads:[~2017-06-05 16:56 UTC|newest]

Thread overview: 86+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-04  8:11 [PATCH for v4.9 LTS 001/111] ibmvnic: Fix endian errors in error reporting output Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 002/111] ibmvnic: Fix endian error when requesting device capabilities Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 003/111] net: xilinx_emaclite: fix freezes due to unordered I/O Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 004/111] net: xilinx_emaclite: fix receive buffer overflow Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 005/111] tools lib bpf: Sync {tools,}/include/uapi/linux/bpf.h Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 006/111] bpf: kernel header files need to be copied into the tools directory Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 007/111] tcp: tcp_probe: use spin_lock_bh() Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 008/111] ipv6: Handle IPv4-mapped src to in6addr_any dst Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 009/111] ipv6: Inhibit IPv4-mapped src address on the wire Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 010/111] tipc: Fix tipc_sk_reinit race conditions Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 011/111] gfs2: Use rhashtable walk interface in glock_hash_walk Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 012/111] NET: Fix /proc/net/arp for AX.25 Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 013/111] ibmvnic: Call napi_disable instead of napi_enable in failure path Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 014/111] ibmvnic: Initialize completion variables before starting work Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 015/111] NET: mkiss: Fix panic Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 016/111] net: hns: Fix the device being used for dma mapping during TX Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 017/111] sierra_net: Skip validating irrelevant fields for IDLE LSIs Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 018/111] sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 020/111] i2c: piix4: Fix request_region size Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 019/111] i2c: piix4: Request the SMBUS semaphore inside the mutex Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 021/111] powerpc/powernv: Properly set "host-ipi" on IPIs Levin, Alexander (Sasha Levin)
2017-06-04  8:11 ` [PATCH for v4.9 LTS 022/111] kernel/ucount.c: mark user_header with kmemleak_ignore() Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 023/111] net: thunderx: Fix PHY autoneg for SGMII QLM mode Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 024/111] ipv6: addrconf: fix generation of new temporary addresses Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 025/111] mm: fix KPF_SWAPCACHE in /proc/kpageflags Levin, Alexander (Sasha Levin)
2017-06-04 22:42   ` Hugh Dickins
2017-06-05 12:00     ` Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 027/111] ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping switches Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 026/111] vfio/spapr_tce: Set window when adding additional groups to container Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 028/111] ARM: defconfigs: make NF_CT_PROTO_SCTP and NF_CT_PROTO_UDPLITE built-in Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 029/111] PM / runtime: Avoid false-positive warnings from might_sleep_if() Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 030/111] jump label: pass kbuild_cflags when checking for asm goto support Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 031/111] shmem: fix sleeping from atomic context Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 032/111] kasan: respect /proc/sys/kernel/traceoff_on_warning Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 033/111] log2: make order_base_2() behave correctly on const input value zero Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 034/111] ethtool: do not vzalloc(0) on registers dump Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 035/111] net: phy: Fix lack of reference count on PHY driver Levin, Alexander (Sasha Levin)
2017-06-04 17:17   ` Florian Fainelli
2017-06-05 12:15     ` Levin, Alexander (Sasha Levin)
2017-06-05 16:56       ` Florian Fainelli [this message]
2017-06-05 19:58         ` Levin, Alexander (Sasha Levin)
2017-06-05 22:21           ` Florian Fainelli
2017-06-06  0:33           ` Florian Fainelli
2017-06-06  1:16             ` Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 036/111] drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 037/111] net: fix ndo_features_check/ndo_fix_features comment ordering Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 039/111] fscache: Fix dead object requeue Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 038/111] scsi: mpt3sas: Force request partial completion alignment Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 041/111] FS-Cache: Initialise stores_lock in netfs cookie Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 040/111] fscache: Clear outstanding writes when disabling a cookie Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 042/111] ipv6: fix flow labels when the traffic class is non-0 Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 043/111] drm/nouveau: prevent userspace from deleting client object Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 044/111] drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 045/111] sparc64: Handle PIO & MEM non-resumable errors Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 046/111] sparc64: Zero pages on allocation for mondo and error queues Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 047/111] net/mlx4_core: Avoid command timeouts during VF driver device shutdown Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 048/111] gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 049/111] net: ethtool: add support for 2500BaseT and 5000BaseT link modes Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 050/111] pinctrl: baytrail: Rectify debounce support (part 2) Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 051/111] [media] cec: fix wrong last_la determination Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 052/111] drm: Add fake controlD* symlinks for backwards compat Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 053/111] drm: prevent double-(un)registration for connectors Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 054/111] drm: Don't race connector registration Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 055/111] pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 056/111] net: adaptec: starfire: add checks for dma mapping errors Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 057/111] drm/i915: Check for NULL i915_vma in intel_unpin_fb_obj() Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 059/111] net/mlx5: Return EOPNOTSUPP when failing to get steering name-space Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 058/111] net/mlx5: E-Switch, Err when retrieving steering name-space fails Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 060/111] parisc, parport_gsc: Fixes for printk continuation lines Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 061/111] net: phy: micrel: add support for KSZ8795 Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 062/111] ARM64: dts: amlogic: Add Meson GX dtsi from GXBB Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 064/111] ARM64: dts: meson-gxbb-odroidc2: fix GbE tx link breakage Levin, Alexander (Sasha Levin)
2017-06-04 20:45   ` Jerome Brunet
2017-06-05 12:20     ` Levin, Alexander (Sasha Levin)
2017-06-11 14:31     ` Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 063/111] ARM64: dts: meson-gx: Add firmware reserved memory zones Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 065/111] gtp: add genl family modules alias Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 067/111] drm/nouveau: Rename acpi_work to hpd_work Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 066/111] drm/nouveau: Intercept ACPI_VIDEO_NOTIFY_PROBE Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 069/111] drm/nouveau: Don't enabling polling twice on runtime resume Levin, Alexander (Sasha Levin)
2017-06-04  8:57   ` Lukas Wunner
2017-06-05 12:23     ` Levin, Alexander (Sasha Levin)
2017-06-11 14:31     ` Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 068/111] drm/nouveau: Handle fbcon suspend/resume in seperate worker Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 070/111] drm/ast: Fixed system hanged if disable P2A Levin, Alexander (Sasha Levin)
2017-06-04  8:12 ` [PATCH for v4.9 LTS 071/111] ravb: unmap descriptors when freeing rings Levin, Alexander (Sasha Levin)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ea9ff9d0-0484-ddcf-0299-536700b261c9@gmail.com \
    --to=f.fainelli@gmail.com \
    --cc=alexander.levin@verizon.com \
    --cc=davem@davemloft.net \
    --cc=maowenan@huawei.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.