| Message ID | 20211223222141.1253092-1-nathan@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ARM: davinci: da850-evm: Avoid NULL pointer dereference | expand |
On Thu, Dec 23, 2021 at 11:22 PM Nathan Chancellor <nathan@kernel.org> wrote: > > With newer versions of GCC, there is a panic in da850_evm_config_emac() > when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: > > Unable to handle kernel NULL pointer dereference at virtual address 00000020 > pgd = (ptrval) > [00000020] *pgd=00000000 > Internal error: Oops: 5 [#1] PREEMPT ARM > Modules linked in: > CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1 > Hardware name: Generic DT based system > PC is at da850_evm_config_emac+0x1c/0x120 > LR is at do_one_initcall+0x50/0x1e0 > > The emac_pdata pointer in soc_info is NULL because davinci_soc_info only > gets populated on davinci machines but da850_evm_config_emac() is called > on all machines via device_initcall(). > > Move the rmii_en assignment below the machine check so that it is only > dereferenced when running on a supported SoC. > > Cc: stable@vger.kernel.org > Fixes: bae105879f2f ("davinci: DA850/OMAP-L138 EVM: implement autodetect of RMII PHY") > Link: https://lore.kernel.org/r/YcS4xVWs6bQlQSPC@archlinux-ax161/ > Reviewed-by: Arnd Bergmann <arnd@arndb.de> > Signed-off-by: Nathan Chancellor <nathan@kernel.org> > --- > arch/arm/mach-davinci/board-da850-evm.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/mach-davinci/board-da850-evm.c b/arch/arm/mach-davinci/board-da850-evm.c > index 428012687a80..7f7f6bae21c2 100644 > --- a/arch/arm/mach-davinci/board-da850-evm.c > +++ b/arch/arm/mach-davinci/board-da850-evm.c > @@ -1101,11 +1101,13 @@ static int __init da850_evm_config_emac(void) > int ret; > u32 val; > struct davinci_soc_info *soc_info = &davinci_soc_info; > - u8 rmii_en = soc_info->emac_pdata->rmii_en; > + u8 rmii_en; > > if (!machine_is_davinci_da850_evm()) > return 0; > > + rmii_en = soc_info->emac_pdata->rmii_en; > + > cfg_chip3_base = DA8XX_SYSCFG0_VIRT(DA8XX_CFGCHIP3_REG); > > val = __raw_readl(cfg_chip3_base); > > base-commit: a7904a538933c525096ca2ccde1e60d0ee62c08e > -- > 2.34.1 > Reviewed-by: Bartosz Golaszewski <brgl@bgdev.pl>
On Thu, Dec 23, 2021 at 03:21:41PM -0700, Nathan Chancellor wrote: > With newer versions of GCC, there is a panic in da850_evm_config_emac() > when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: > > Unable to handle kernel NULL pointer dereference at virtual address 00000020 > pgd = (ptrval) > [00000020] *pgd=00000000 > Internal error: Oops: 5 [#1] PREEMPT ARM > Modules linked in: > CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1 > Hardware name: Generic DT based system > PC is at da850_evm_config_emac+0x1c/0x120 > LR is at do_one_initcall+0x50/0x1e0 > > The emac_pdata pointer in soc_info is NULL because davinci_soc_info only > gets populated on davinci machines but da850_evm_config_emac() is called > on all machines via device_initcall(). > > Move the rmii_en assignment below the machine check so that it is only > dereferenced when running on a supported SoC. > > Cc: stable@vger.kernel.org > Fixes: bae105879f2f ("davinci: DA850/OMAP-L138 EVM: implement autodetect of RMII PHY") > Link: https://lore.kernel.org/r/YcS4xVWs6bQlQSPC@archlinux-ax161/ > Reviewed-by: Arnd Bergmann <arnd@arndb.de> > Signed-off-by: Nathan Chancellor <nathan@kernel.org> > --- > arch/arm/mach-davinci/board-da850-evm.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/mach-davinci/board-da850-evm.c b/arch/arm/mach-davinci/board-da850-evm.c > index 428012687a80..7f7f6bae21c2 100644 > --- a/arch/arm/mach-davinci/board-da850-evm.c > +++ b/arch/arm/mach-davinci/board-da850-evm.c > @@ -1101,11 +1101,13 @@ static int __init da850_evm_config_emac(void) > int ret; > u32 val; > struct davinci_soc_info *soc_info = &davinci_soc_info; > - u8 rmii_en = soc_info->emac_pdata->rmii_en; > + u8 rmii_en; > > if (!machine_is_davinci_da850_evm()) > return 0; > > + rmii_en = soc_info->emac_pdata->rmii_en; > + > cfg_chip3_base = DA8XX_SYSCFG0_VIRT(DA8XX_CFGCHIP3_REG); > > val = __raw_readl(cfg_chip3_base); > > base-commit: a7904a538933c525096ca2ccde1e60d0ee62c08e > -- > 2.34.1 > > Could someone pick this patch up? This is still broken on mainline and -next. Cheers, Nathan
diff --git a/arch/arm/mach-davinci/board-da850-evm.c b/arch/arm/mach-davinci/board-da850-evm.c index 428012687a80..7f7f6bae21c2 100644 --- a/arch/arm/mach-davinci/board-da850-evm.c +++ b/arch/arm/mach-davinci/board-da850-evm.c @@ -1101,11 +1101,13 @@ static int __init da850_evm_config_emac(void) int ret; u32 val; struct davinci_soc_info *soc_info = &davinci_soc_info; - u8 rmii_en = soc_info->emac_pdata->rmii_en; + u8 rmii_en; if (!machine_is_davinci_da850_evm()) return 0; + rmii_en = soc_info->emac_pdata->rmii_en; + cfg_chip3_base = DA8XX_SYSCFG0_VIRT(DA8XX_CFGCHIP3_REG); val = __raw_readl(cfg_chip3_base);
With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: Unable to handle kernel NULL pointer dereference at virtual address 00000020 pgd = (ptrval) [00000020] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1 Hardware name: Generic DT based system PC is at da850_evm_config_emac+0x1c/0x120 LR is at do_one_initcall+0x50/0x1e0 The emac_pdata pointer in soc_info is NULL because davinci_soc_info only gets populated on davinci machines but da850_evm_config_emac() is called on all machines via device_initcall(). Move the rmii_en assignment below the machine check so that it is only dereferenced when running on a supported SoC. Cc: stable@vger.kernel.org Fixes: bae105879f2f ("davinci: DA850/OMAP-L138 EVM: implement autodetect of RMII PHY") Link: https://lore.kernel.org/r/YcS4xVWs6bQlQSPC@archlinux-ax161/ Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Nathan Chancellor <nathan@kernel.org> --- arch/arm/mach-davinci/board-da850-evm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) base-commit: a7904a538933c525096ca2ccde1e60d0ee62c08e