Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp3763500ybh; Tue, 6 Aug 2019 00:54:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqwCfPXz5HX1rHE1+4DHI0xINtzsyAUvw1kBNifNz6MD8fb0jktGkzPzv6VxHjQTRTeXHGtU X-Received: by 2002:aa7:8dcc:: with SMTP id j12mr2311812pfr.137.1565078078363; Tue, 06 Aug 2019 00:54:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565078078; cv=none; d=google.com; s=arc-20160816; b=kOBuHy701cRt3gvk9kat5oj5935BwIc+JqbrhAq0KHfJuEpcBSB39fSuWC0B7LtvKL a8faDcGOS9dyPZHNxm6Rx7oB1r/RUbdfAm5csgl/GBOlULBckr3Ei95to/b/wWM92uyB o7ORhDYdq9c8TUq/DEd7ffpuemrpEWhJc/4g/8A2RyvvMRE06DRxFKoFjEYKnf+Ub4pL N7zm1eLENsBNYHL4293TmZPp4zpbyE0j0e9ul5Ok+fWp3ApMMJ+hQns5e2tpLRgFp17D gxGDV0UNug0zWVeJqp2+PM4nfn/6IKFLzm9kFc7/1Q4DHwmZJ2WPsJ20PR1XV2YR63/f 384A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=7+datAreaSpiXeoB+C4CQXkpe6lKvnTpEZ0XKcwa1as=; b=JiDI7h5DRu+9FePLTwe4OEpF1xEMFJ7xIeoMPy0jl+6qw+CjgpfwTqGfTpSoeoG2cD wG+QTDYS7OfQN5/76Dk7EgLCkyeqrKanYGu1pPoHXWqknhgocm887IZgCCvi1iD8Vqth K7cESn7qUIcMztO9D57xk073ybxc9Iwz4fEwSBzRQVO8+jy2dPl1o78yvpTLCSTHFvY8 6XbCGirDM/g70K4E9dFFaMYIv/aE17A8DiGGKBtJEpL58ShdTFQjiUg8u36wUoYiaZAz ZOPTV1+8w8XAuwLOMJCT8iE9j7StMuJgfS79ManjMCFMOb5uumsQ1DXmaYHRczd16b6g sK6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1n7Hj6wU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q2si14299158pjq.89.2019.08.06.00.54.22; Tue, 06 Aug 2019 00:54:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1n7Hj6wU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732141AbfHFHxk (ORCPT + 99 others); Tue, 6 Aug 2019 03:53:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:45056 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726834AbfHFHxk (ORCPT ); Tue, 6 Aug 2019 03:53:40 -0400 Received: from wens.tw (mirror2.csie.ntu.edu.tw [140.112.30.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3B1F62070C; Tue, 6 Aug 2019 07:53:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565078018; bh=aJ0gQzi7CraBWdrdtCA4IL3fP5WniL7j6VEH8TSyJcA=; h=From:To:Cc:Subject:Date:From; b=1n7Hj6wUYdRi13ylYAbZAQKJOegww1bDawoCRtkzjFJsy0basJ/Y1n6NPdrwGXndS Jv19YVFircA6CLaZOJIrTwJQqgJ5VSUyJmiCWI7Cy5CyX9yht1tzMWcHYK/+m1EmFj rVpzuGb35YaLm2Nw03cPYhqNetxNCAMKVHp+yiZg= Received: by wens.tw (Postfix, from userid 1000) id AF4E35FC97; Tue, 6 Aug 2019 15:53:35 +0800 (CST) From: Chen-Yu Tsai To: Andrew Lunn , Vivien Didelot , Florian Fainelli , "David S. Miller" Cc: Chen-Yu Tsai , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH net v2] net: dsa: Check existence of .port_mdb_add callback before calling it Date: Tue, 6 Aug 2019 15:53:25 +0800 Message-Id: <20190806075325.9011-1-wens@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chen-Yu Tsai With the recent addition of commit 75dad2520fc3 ("net: dsa: b53: Disable all ports on setup"), users of b53 (BCM53125 on Lamobo R1 in my case) are forced to use the dsa subsystem to enable the switch, instead of having it in the default transparent "forward-to-all" mode. The b53 driver does not support mdb bitmap functions. However the dsa layer does not check for the existence of the .port_mdb_add callback before actually using it. This results in a NULL pointer dereference, as shown in the kernel oops below. The other functions seem to be properly guarded. Do the same for .port_mdb_add in dsa_switch_mdb_add_bitmap() as well. b53 is not the only driver that doesn't support mdb bitmap functions. Others include bcm_sf2, dsa_loop, lantiq_gswip, mt7530, mv88e6060, qca8k, realtek-smi, and vitesse-vsc73xx. 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = (ptrval) [00000000] *pgd=00000000 Internal error: Oops: 80000005 [#1] SMP ARM Modules linked in: rtl8xxxu rtl8192cu rtl_usb rtl8192c_common rtlwifi mac80211 cfg80211 CPU: 1 PID: 134 Comm: kworker/1:2 Not tainted 5.3.0-rc1-00247-gd3519030752a #1 Hardware name: Allwinner sun7i (A20) Family Workqueue: events switchdev_deferred_process_work PC is at 0x0 LR is at dsa_switch_event+0x570/0x620 pc : [<00000000>] lr : [] psr: 80070013 sp : ee871db8 ip : 00000000 fp : ee98d0a4 r10: 0000000c r9 : 00000008 r8 : ee89f710 r7 : ee98d040 r6 : ee98d088 r5 : c0f04c48 r4 : ee98d04c r3 : 00000000 r2 : ee89f710 r1 : 00000008 r0 : ee98d040 Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 6deb406a DAC: 00000051 Process kworker/1:2 (pid: 134, stack limit = 0x(ptrval)) Stack: (0xee871db8 to 0xee872000) 1da0: ee871e14 103ace2d 1dc0: 00000000 ffffffff 00000000 ee871e14 00000005 00000000 c08524a0 00000000 1de0: ffffe000 c014bdfc c0f04c48 ee871e98 c0f04c48 ee9e5000 c0851120 c014bef0 1e00: 00000000 b643aea2 ee9b4068 c08509a8 ee2bf940 ee89f710 ee871ecb 00000000 1e20: 00000008 103ace2d 00000000 c087e248 ee29c868 103ace2d 00000001 ffffffff 1e40: 00000000 ee871e98 00000006 00000000 c0fb2a50 c087e2d0 ffffffff c08523c4 1e60: ffffffff c014bdfc 00000006 c0fad2d0 ee871e98 ee89f710 00000000 c014c500 1e80: 00000000 ee89f3c0 c0f04c48 00000000 ee9e5000 c087dfb4 ee9e5000 00000000 1ea0: ee89f710 ee871ecb 00000001 103ace2d 00000000 c0f04c48 00000000 c087e0a8 1ec0: 00000000 efd9a3e0 0089f3c0 103ace2d ee89f700 ee89f710 ee9e5000 00000122 1ee0: 00000100 c087e130 ee89f700 c0fad2c8 c1003ef0 c087de4c 2e928000 c0fad2ec 1f00: c0fad2ec ee839580 ef7a62c0 ef7a9400 00000000 c087def8 c0fad2ec c01447dc 1f20: ef315640 ef7a62c0 00000008 ee839580 ee839594 ef7a62c0 00000008 c0f03d00 1f40: ef7a62d8 ef7a62c0 ffffe000 c0145b84 ffffe000 c0fb2420 c0bfaa8c 00000000 1f60: ffffe000 ee84b600 ee84b5c0 00000000 ee870000 ee839580 c0145b40 ef0e5ea4 1f80: ee84b61c c014a6f8 00000001 ee84b5c0 c014a5b0 00000000 00000000 00000000 1fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [] (dsa_switch_event) from [] (notifier_call_chain+0x48/0x84) [] (notifier_call_chain) from [] (raw_notifier_call_chain+0x18/0x20) [] (raw_notifier_call_chain) from [] (dsa_port_mdb_add+0x48/0x74) [] (dsa_port_mdb_add) from [] (__switchdev_handle_port_obj_add+0x54/0xd4) [] (__switchdev_handle_port_obj_add) from [] (switchdev_handle_port_obj_add+0x8/0x14) [] (switchdev_handle_port_obj_add) from [] (dsa_slave_switchdev_blocking_event+0x94/0xa4) [] (dsa_slave_switchdev_blocking_event) from [] (notifier_call_chain+0x48/0x84) [] (notifier_call_chain) from [] (blocking_notifier_call_chain+0x50/0x68) [] (blocking_notifier_call_chain) from [] (switchdev_port_obj_notify+0x44/0xa8) [] (switchdev_port_obj_notify) from [] (switchdev_port_obj_add_now+0x90/0x104) [] (switchdev_port_obj_add_now) from [] (switchdev_port_obj_add_deferred+0x14/0x5c) [] (switchdev_port_obj_add_deferred) from [] (switchdev_deferred_process+0x64/0x104) [] (switchdev_deferred_process) from [] (switchdev_deferred_process_work+0xc/0x14) [] (switchdev_deferred_process_work) from [] (process_one_work+0x218/0x50c) [] (process_one_work) from [] (worker_thread+0x44/0x5bc) [] (worker_thread) from [] (kthread+0x148/0x150) [] (kthread) from [] (ret_from_fork+0x14/0x2c) Exception stack(0xee871fb0 to 0xee871ff8) 1fa0: 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 Code: bad PC value ---[ end trace 1292c61abd17b130 ]--- [] (dsa_switch_event) from [] (notifier_call_chain+0x48/0x84) corresponds to $ arm-linux-gnueabihf-addr2line -C -i -e vmlinux c08533ec linux/net/dsa/switch.c:156 linux/net/dsa/switch.c:178 linux/net/dsa/switch.c:328 Fixes: e6db98db8a95 ("net: dsa: add switch mdb bitmap functions") Signed-off-by: Chen-Yu Tsai --- Changes since v1: - Moved the check to the beginning of dsa_switch_mdb_add() Looks like we could also move the ops check out of dsa_switch_mdb_prepare_bitmap(), though I suppose keeping the code the way it is now is clearer. --- net/dsa/switch.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/dsa/switch.c b/net/dsa/switch.c index 4ec5b7f85d51..231af5268656 100644 --- a/net/dsa/switch.c +++ b/net/dsa/switch.c @@ -164,6 +164,9 @@ static int dsa_switch_mdb_add(struct dsa_switch *ds, struct switchdev_trans *trans = info->trans; int port; + if (!ds->ops->port_mdb_add) + return -EOPNOTSUPP; + /* Build a mask of Multicast group members */ bitmap_zero(ds->bitmap, ds->num_ports); if (ds->index == info->sw_index) -- 2.20.1