| Message ID | 55E8A1B6.2080008@maciej.szmigiero.name |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Thu, Sep 03, 2015 at 09:38:30PM +0200, Maciej S. Szmigiero wrote: > If fec MDIO write method succeeds its return value comes from > call to pm_runtime_get_sync(). > But pm_runtime_get_sync() can also return 1. > > In case of Micrel KSZ9031 PHY this value will then > be returned along the call chain of phy_write() -> > ksz9031_extended_write() -> ksz9031_center_flp_timing() -> > ksz9031_config_init() -> phy_init_hw() -> phy_attach_direct() -> > phy_connect_direct(). > > Then phy_connect() will cast it into a pointer using ERR_PTR(), > which then fec_enet_mii_probe() will try to dereference > resulting in an oops. > > Fix it by normalizing return value of pm_runtime_get_sync() > to be zero if positive in MDIO write method. > > Signed-off-by: Maciej Szmigiero <mail@maciej.szmigiero.name> Fixes: 8fff755e9f8d ("net: fec: Ensure clocks are enabled while using mdio bus") Acked-by: Andrew Lunn <andrew@lunn.ch> Thanks Andrew -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name> Date: Thu, 03 Sep 2015 21:38:30 +0200 > If fec MDIO write method succeeds its return value comes from > call to pm_runtime_get_sync(). > But pm_runtime_get_sync() can also return 1. > > In case of Micrel KSZ9031 PHY this value will then > be returned along the call chain of phy_write() -> > ksz9031_extended_write() -> ksz9031_center_flp_timing() -> > ksz9031_config_init() -> phy_init_hw() -> phy_attach_direct() -> > phy_connect_direct(). > > Then phy_connect() will cast it into a pointer using ERR_PTR(), > which then fec_enet_mii_probe() will try to dereference > resulting in an oops. > > Fix it by normalizing return value of pm_runtime_get_sync() > to be zero if positive in MDIO write method. > > Signed-off-by: Maciej Szmigiero <mail@maciej.szmigiero.name> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c index 91925e3..6cc3340 100644 --- a/drivers/net/ethernet/freescale/fec_main.c +++ b/drivers/net/ethernet/freescale/fec_main.c @@ -1816,11 +1816,13 @@ static int fec_enet_mdio_write(struct mii_bus *bus, int mii_id, int regnum, struct fec_enet_private *fep = bus->priv; struct device *dev = &fep->pdev->dev; unsigned long time_left; - int ret = 0; + int ret; ret = pm_runtime_get_sync(dev); if (ret < 0) return ret; + else + ret = 0; fep->mii_timeout = 0; reinit_completion(&fep->mdio_done);
If fec MDIO write method succeeds its return value comes from call to pm_runtime_get_sync(). But pm_runtime_get_sync() can also return 1. In case of Micrel KSZ9031 PHY this value will then be returned along the call chain of phy_write() -> ksz9031_extended_write() -> ksz9031_center_flp_timing() -> ksz9031_config_init() -> phy_init_hw() -> phy_attach_direct() -> phy_connect_direct(). Then phy_connect() will cast it into a pointer using ERR_PTR(), which then fec_enet_mii_probe() will try to dereference resulting in an oops. Fix it by normalizing return value of pm_runtime_get_sync() to be zero if positive in MDIO write method. Signed-off-by: Maciej Szmigiero <mail@maciej.szmigiero.name> --- drivers/net/ethernet/freescale/fec_main.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html