Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4744264pxv; Tue, 20 Jul 2021 10:35:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzekWT7KN/SXFS04/W7L0oRnsWQsV9bXVk2ha6/5C2O5R7n/KOyOjl2PbPUtn83GDTDSs7a X-Received: by 2002:a17:906:14cf:: with SMTP id y15mr33199202ejc.124.1626802500605; Tue, 20 Jul 2021 10:35:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626802500; cv=none; d=google.com; s=arc-20160816; b=Y3neOUZtO8nfHkky6/xCJ/0j7N0+TraHA7qplDMUkQtQtBx/jY67oKve64nJ89mIR3 lnVYs0bNhq/RxQPmKRma76wChBvg8EkkV0PByfwyMkgfxXqHEE9AdsY6C77nczdzB2eK MGAaowW9Ze0udqSJRePnsNWj4GAq1ZMi0CV9fZjED0J6wZ14XKnaeAUFx0cKRLiSu0im BKTpuL27X4FQ4NG1/MsTzWXS0itQO2JRNCY9Y7V69biEF7XLAz+YVeZ+wDTF5+0Kio1r Y34s9+ih3UhqBRXLcqDzU266v9t+D0WQ7Gil0Jvl2pXmmGw3q3vHHxmiDAjjIUJP+nK+ fQjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:message-id :in-reply-to:subject:cc:to:from:date; bh=EG8HJQ68XlkIezCMNNfWPZlNKPSbkOkrPlYmbfm7A7w=; b=UpQmqq8HIIOLlVxm4kOO5fXy73E508FsgO7pZVpyJwOdNCWsZzskOhH6AFVD0OS9r5 2C8JNIhznbF3dy3rlnFbhY1zzO3EKF3oqL9xAttOnhvRmHpEo5H0S2h9tlwC44Um6kl7 DQc6+JQ3C9YsMqkqYDpgeeiHtCJi4EPiDcKy0efIjHm+gCa2j5Fb7MUATOJVnmqoVaOy HW7Bk9CGKEp6O/+edGcBNucMVRYrcnGFyWspdzTQ120M1k5qbL35X8N6G8o+DDMc40O5 D6zp5MiTGeK6PgKY5fyruoU29TIJxM3lYYsgdI9QrWgyRywNeJF+oKSzVvyeYf+jUyCN ZZmg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z17si2265665edr.452.2021.07.20.10.34.36; Tue, 20 Jul 2021 10:35:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230440AbhGTQwH (ORCPT + 99 others); Tue, 20 Jul 2021 12:52:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56096 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229623AbhGTQvl (ORCPT ); Tue, 20 Jul 2021 12:51:41 -0400 Received: from angie.orcam.me.uk (angie.orcam.me.uk [IPv6:2001:4190:8020::34]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5C75DC061574 for ; Tue, 20 Jul 2021 10:32:19 -0700 (PDT) Received: by angie.orcam.me.uk (Postfix, from userid 500) id 40D5392009C; Tue, 20 Jul 2021 19:32:18 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by angie.orcam.me.uk (Postfix) with ESMTP id 39CE492009B; Tue, 20 Jul 2021 19:32:18 +0200 (CEST) Date: Tue, 20 Jul 2021 19:32:18 +0200 (CEST) From: "Maciej W. Rozycki" To: Zheyu Ma cc: Shannon Nelson , klassert@kernel.org, David Miller , kuba@kernel.org, jeffrey.t.kirsher@intel.com, netdev@vger.kernel.org, Linux Kernel Mailing List Subject: Re: [PATCH] net: 3com: 3c59x: add a check against null pointer dereference In-Reply-To: Message-ID: References: <1623498978-30759-1-git-send-email-zheyuma97@gmail.com> <7ca72971-e072-2489-99cc-3b25e111d333@pensando.io> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 15 Jun 2021, Zheyu Ma wrote: > > > When the driver is processing the interrupt, it will read the value of > > > the register to determine the status of the device. If the device is in > > > an incorrect state, the driver may mistakenly enter this branch. At this > > > time, the dma buffer has not been allocated, which will result in a null > > > pointer dereference. [...] > > > diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c > > > index 741c67e546d4..e27901ded7a0 100644 > > > --- a/drivers/net/ethernet/3com/3c59x.c > > > +++ b/drivers/net/ethernet/3com/3c59x.c > > > @@ -2300,7 +2300,7 @@ _vortex_interrupt(int irq, struct net_device *dev) > > > } > > > > > > if (status & DMADone) { > > > - if (ioread16(ioaddr + Wn7_MasterStatus) & 0x1000) { > > > + if ((ioread16(ioaddr + Wn7_MasterStatus) & 0x1000) && vp->tx_skb_dma) { > > > iowrite16(0x1000, ioaddr + Wn7_MasterStatus); /* Ack the event. */ > > > dma_unmap_single(vp->gendev, vp->tx_skb_dma, (vp->tx_skb->len + 3) & ~3, DMA_TO_DEVICE); > > > pkts_compl++; > > > > This means you won't be ack'ing the event - is this unacknowledged event > > going to cause an issue later? > > > > First, I'm not an expert in networking, but from my perspective, I > don't think this will cause a problem. Because when the driver enters > this branch, It means that it thinks that the hardware has already > performed a DMA operation, and the driver only needs to do some > follow-up work, but this is not the case. At this time, > 'vp->tx_skb_dma' is still a null pointer, so there is no need for > follow-up work at this time, it is meaningless, and it is appropriate > not to perform any operations at this time. What are the circumstances you observe this behaviour under? The state of hardware is supposed to be consistent with the state of the driver. If an inconsistency happens, then there are various possible causes such as: 1. The driver has a bug (in which case you need to track the bug down and fix it). 2. The hardware does not behave as specified, e.g. due to an erratum (in which case you need to track the problem down and work it around in the driver). 3. The hardware may have been disturbed, e.g. due to EMC interference (in which case you may implement a recovery attempt by reinitialising the hardware once an odd state has been discovered). 4. The hardware is broken (throw it away). For #4 the solution is obvious. For #3 you might want to implement a hardware reset path rather than ignoring the inconsistent state and only prevent the driver from crashing. If you have a way to reproduce the issue, which I gather you do, then it's likely not #3 as that would be intermittent, and then you'll have to investigate what is causing the problem to see if it is #1 or #2 (or maybe #4), and act accordingly. Someone more familiar with this hardware (is there a spec available?) might be able to assist you once you have figured out what the exact scenario leading to the failure you have observed is. HTH, Maciej