From patchwork Sat Oct 24 22:42:33 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
X-Patchwork-Id: 7481681
X-Patchwork-Delegate: geert@linux-m68k.org
Return-Path: <linux-sh-owner@kernel.org>
X-Original-To: patchwork-linux-sh@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 4CFC09F37F
	for <patchwork-linux-sh@patchwork.kernel.org>;
	Sat, 24 Oct 2015 22:42:41 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 4D5BC206E5
	for <patchwork-linux-sh@patchwork.kernel.org>;
	Sat, 24 Oct 2015 22:42:40 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 31EB3206D7
	for <patchwork-linux-sh@patchwork.kernel.org>;
	Sat, 24 Oct 2015 22:42:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752745AbbJXWmi (ORCPT
	<rfc822;patchwork-linux-sh@patchwork.kernel.org>);
	Sat, 24 Oct 2015 18:42:38 -0400
Received: from mail-lf0-f49.google.com ([209.85.215.49]:32918 "EHLO
	mail-lf0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752520AbbJXWmh (ORCPT
	<rfc822;linux-sh@vger.kernel.org>); Sat, 24 Oct 2015 18:42:37 -0400
Received: by lffv3 with SMTP id v3so114893731lff.0
	for <linux-sh@vger.kernel.org>; Sat, 24 Oct 2015 15:42:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cogentembedded_com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:organization:user-agent
	:mime-version:content-transfer-encoding:content-type;
	bh=E7yftigRTZ7c5KmPpplYyFeqLptCA8K8cbeoH4vxFO0=;
	b=bLk6bYgGatNI6yNHWH6CnnLc1bEE8iZlnwiFXCuIVfGpoTKDH7VK8LosCfXl/jIElv
	yP+A3QjjGcY/UaX7dZWZSHI20VBO4luNg7H8/Pew+KpHCRvc4hsum+XNcUqISkUTp/HL
	gqj8UhWYogNXLifzbZ2C5Zx3yoX5lH3wOSB2yP806/Y87YJ5PXyJCk8uR8tXP1vhEtQT
	+VeOC5KRdWIPf9cDD9eBPSk2vmuAtwT0feXEl8vh7v3SWuD3DAixGUO6DpLcXyUd9yTB
	iZPRLaXmrdkSLZDJzXEXijgwGVVhs19aEK3ux9UDgYgDJSjNdGIHkkDW+u9/yNLSUfC1
	zrMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:organization
	:user-agent:mime-version:content-transfer-encoding:content-type;
	bh=E7yftigRTZ7c5KmPpplYyFeqLptCA8K8cbeoH4vxFO0=;
	b=mtJHa1UCNVstzWEB5ddFC87Z+CW32mBftmJHh7p6t2eTW/qKP2PIiEP+9maXbBIFEv
	51q3LXo6xlboT6HNRMDBToWeQdo0Kuuxbs5foBcbXB2x23c3qRSKag7xv3/aQib2PAwK
	Jh5UXkyjI7W5sc+9wO1l6ZCzBduPk9OTfntyX43q84ZCoGDeVMszdtBVZiOgrvPuxrLt
	xeXNTQcvJN9x43TEYtjVLbo5ayWuSrQ6q02GVDl36WCVCDZKUKzQfQl497OMC2UMcHOA
	scrQQH9pUW0RxEacb7Bh6Psfb/m1eYFpqTVhl9/paxjdlqKYIIhVeLnlSOEhjGqJHMwC
	8HeQ==
X-Gm-Message-State: 
 ALoCoQmEqtwi1BnWyRHjrbelcWjgE36KO78svwCGgtFLwW41ohv0bGb3nGWKTQVSjYsrhF3cCOXh
X-Received: by 10.112.72.99 with SMTP id c3mr12306245lbv.113.1445726556291;
	Sat, 24 Oct 2015 15:42:36 -0700 (PDT)
Received: from wasted.cogentembedded.com ([83.149.8.78])
	by smtp.gmail.com with ESMTPSA id
	jk6sm4521461lbc.36.2015.10.24.15.42.34
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 24 Oct 2015 15:42:35 -0700 (PDT)
From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
To: netdev@vger.kernel.org, yashi@atmark-techno.com
Cc: linux-sh@vger.kernel.org
Subject: [PATCH RFT v2] sh_eth: fix kernel oops in skb_put()
Date: Sun, 25 Oct 2015 01:42:33 +0300
Message-ID: <2611049.bTOQ0T0Nsl@wasted.cogentembedded.com>
Organization: Cogent Embedded Inc.
User-Agent: KMail/4.14.9 (Linux/4.1.8-100.fc21.x86_64; KDE/4.14.9; x86_64; ;
	)
MIME-Version: 1.0
Sender: linux-sh-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-sh.vger.kernel.org>
X-Mailing-List: linux-sh@vger.kernel.org
X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,RCVD_IN_SORBS_WEB,RP_MATCHES_RCVD,T_DKIM_INVALID,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In a low memory situation the following kernel oops occurs:

Unable to handle kernel NULL pointer dereference at virtual address 00000050
pgd = 8490c000
[00000050] *pgd=4651e831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT ARM
Modules linked in:
CPU: 0    Not tainted  (3.4-at16 #9)
PC is at skb_put+0x10/0x98
LR is at sh_eth_poll+0x2c8/0xa10
pc : [<8035f780>]    lr : [<8028bf50>]    psr: 60000113
sp : 84eb1a90  ip : 84eb1ac8  fp : 84eb1ac4
r10: 0000003f  r9 : 000005ea  r8 : 00000000
r7 : 00000000  r6 : 940453b0  r5 : 00030000  r4 : 9381b180
r3 : 00000000  r2 : 00000000  r1 : 000005ea  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c53c7d  Table: 4248c059  DAC: 00000015
Process klogd (pid: 2046, stack limit = 0x84eb02e8)
[...]

This is because netdev_alloc_skb() fails and 'mdp->rx_skbuff[entry]' is left
NULL but sh_eth_rx() later uses it without checking. Add such check...

Reported-by: Yasushi SHOJI <yashi@atmark-techno.com>
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
---
This patch is against DaveM's 'net.git' repo.

 drivers/net/ethernet/renesas/sh_eth.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-sh" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Index: net/drivers/net/ethernet/renesas/sh_eth.c
===================================================================
--- net.orig/drivers/net/ethernet/renesas/sh_eth.c
+++ net/drivers/net/ethernet/renesas/sh_eth.c
@@ -1481,6 +1481,7 @@ static int sh_eth_rx(struct net_device *
 		if (mdp->cd->shift_rd0)
 			desc_status >>= 16;
 
+		skb = mdp->rx_skbuff[entry];
 		if (desc_status & (RD_RFS1 | RD_RFS2 | RD_RFS3 | RD_RFS4 |
 				   RD_RFS5 | RD_RFS6 | RD_RFS10)) {
 			ndev->stats.rx_errors++;
@@ -1496,12 +1497,11 @@ static int sh_eth_rx(struct net_device *
 				ndev->stats.rx_missed_errors++;
 			if (desc_status & RD_RFS10)
 				ndev->stats.rx_over_errors++;
-		} else {
+		} else	if (skb) {
 			if (!mdp->cd->hw_swap)
 				sh_eth_soft_swap(
 					phys_to_virt(ALIGN(rxdesc->addr, 4)),
 					pkt_len + 2);
-			skb = mdp->rx_skbuff[entry];
 			mdp->rx_skbuff[entry] = NULL;
 			if (mdp->cd->rpadir)
 				skb_reserve(skb, NET_IP_ALIGN);