On 21.07.2020 9:23, Yoshihiro Shimoda wrote:
According to the report of [1], this driver is possible to cause the following error in ravb_tx_timeout_work(). ravb e6800000.ethernet ethernet: failed to switch device to config mode This error means that the hardware could not change the state from "Operation" to "Configuration" while some tx and/or rx queue are operating. After that, ravb_config() in ravb_dmac_init() will fail, and then any descriptors will be not allocaled anymore so that NULL pointer dereference happens after that on ravb_start_xmit(). To fix the issue, the ravb_tx_timeout_work() should check the return values of ravb_stop_dma() and ravb_dmac_init(). If ravb_stop_dma() fails, ravb_tx_timeout_work() re-enables TX and RX and just exits. If ravb_dmac_init() fails, just exits. [1] https://lore.kernel.org/linux-renesas-soc/20200518045452.2390-1-dirk.behme@xxxxxxxxxxxx/ Reported-by: Dirk Behme <dirk.behme@xxxxxxxxxxxx> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@xxxxxxxxxxx> Reviewed-by: Sergei Shtylyov <sergei.shtylyov@xxxxxxxxx>
ACK, this tag is still good for v3.
--- Changes from RFC v2: - Check the return value of ravb_init_dmac() too. - Update the subject and description. - Fix the comment in the code. - Add Reviewed-by Sergei. https://patchwork.kernel.org/patch/11673621/ Changes from RFC v1: - Check the return value of ravb_stop_dma() and exit if the hardware condition can not be initialized in the tx timeout. - Update the commit subject and description. - Fix some typo. https://patchwork.kernel.org/patch/11570217/ Unfortunately, I still didn't reproduce the issue yet. But, I got review from Sergei in v2. So, I removed RFC on this patch.
Sorry for the sloppy code. :-| MBR, Sergei
