net: wireless: support of_get_mac_address new ERR_PTR error #42

mrjimenez · 2019-12-19T20:42:22Z

Wireless using rt2x00dev.c was segfaulting because of_get_mac_address() now returns an error code, so testing for NULL does not work anymore.

Please backport this patch so that we can use WiFi again in the Arietta board, for example.

...
INIT: version 2.88 booting
ieee80211 phy0: rt2x00_set_rt: Info - RT chipset 5390, rev 0502 detected
Unable to handle kernel paging request at virtual address fffffffe
pgd = (ptrval)
[fffffffe] *pgd=27ffd871, *pte=00000000, *ppte=00000000
Internal error: Oops: 37 [#1] PREEMPT ARM
Modules linked in:
CPU: 0 PID: 35 Comm: kworker/0:1 Not tainted 4.19.15+ #1
Hardware name: Atmel AT91SAM9
Workqueue: usb_hub_wq hub_event
PC is at rt2x00lib_set_mac_address+0x18/0x74
LR is at rt2x00lib_set_mac_address+0x14/0x74
pc : [] lr : [] psr: a0000013
sp : c7929b78 ip : 00000000 fp : c07adcb4
r10: c05b419c r9 : c708bc00 r8 : c7ae6400
r7 : c7016f40 r6 : 00000000 r5 : c7016f3c r4 : c7bc0c04
r3 : c6613a1c r2 : c6613a1c r1 : 60000013 r0 : fffffffe
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 0005317f Table: 270b0000 DAC: 00000053
Process kworker/0:1 (pid: 35, stack limit = 0x(ptrval))
Stack: (0xc7929b78 to 0xc792a000)
9b60: c7016c40 c0344804
9b80: 00000502 c002e3e4 c7016c40 00000000 ffffffe0 c7016420 c7ae6400 c7026200
9ba0: c05b419c c034e1ec c7016c40 c0336f28 00000000 c70876e0 00000000 00000000
9bc0: 40000013 c7ae6478 c07adcb4 c7016c40 c7090e10 c7026200 c7016420 c7ae6400
9be0: c7026200 c05b419c c07adcb4 c033c268 c7026220 00000000 c7ae6400 c07adb1c
9c00: 00000000 c034d67c c7026220 c035d9b0 c7026220 00000000 00000000 c07d3a20
9c20: c07adb1c 00000003 fffffdfb c02c1064 c7026220 c07adb1c c7929cac c02c14e0
9c40: c7026254 c07d39fc 00000000 c02c13c8 c07adb1c c7026220 c05b419c c078e028
9c60: 00000000 c7929cac c02c14e0 c7026254 c07d39fc 00000000 c07adcb4 c02bf55c
9c80: 00000001 c794629c c7b6c834 c6613a1c c07adcb4 c7026220 c07adccc c078e028
9ca0: 00000001 c02c11e8 c7026220 c7026220 00000001 c6613a1c c7026220 c07adccc
9cc0: c7026220 c078e028 c7ae6478 c02c0370 c7026220 00000000 c7026228 c02be57c
9ce0: 00000000 c00df9e8 c7baa780 c0359a00 00000000 c6613a1c c7ae6400 c7ae6400
9d00: c7026854 c7026200 c7026854 c7ae6478 c06d7419 c7026220 c7b96800 c035bd50
9d20: 00000001 00000000 00000000 00000000 00001388 c014e954 c7026800 c7026850
9d40: 00000000 c7026854 00000004 c7ae6478 00000001 c7026850 c7baa784 00000001
9d60: 00000003 c7ae6400 00000001 00000000 c07d3a20 c07ae438 00000003 fffffdfb
9d80: c07adb8c c0365c94 c7ae6478 00000000 00000000 c02c1064 c7ae6478 c07ae438
9da0: c7929e14 c02c14e0 c7ae64ac c7810380 00000000 c02c13c8 c07ae438 c7ae6478
9dc0: c07adb8c c078e028 00000000 c7929e14 c02c14e0 c7ae64ac c7810380 00000000
9de0: c07adb8c c02bf55c 00000001 c794629c c79c32f4 c6613a1c c07adb8c c7ae6478
9e00: c07adccc c078e028 00000001 c02c11e8 c7ae6478 c7ae6478 00000001 c6613a1c
9e20: c7ae6478 c07adccc c7ae6478 c078e028 c7b96478 c02c0370 c7ae6478 00000000
9e40: c7ae6480 c02be57c c7b9ba60 39383128 c700313a c078e028 ffff6ad4 c6613a1c
9e60: c7929e80 c7ae6400 c7ae6478 c7baa820 c7b61e00 c7b96400 00000000 c7b61b94
9e80: c7b61a00 c035306c 00000003 00000001 c7b61a00 00000000 c7b61ef4 c7b61ef4
9ea0: 00000002 c7ae6400 c7b61e00 c7b96400 00000000 c7b61b94 c7b61a00 c0354718
9ec0: 00000008 c002dbe4 c7b61e00 00000001 c7b96400 c7b96800 00000000 c7b48020
9ee0: c7b48000 c7b964ac c7b61b94 00000003 c7b61b94 c7b61a08 00000064 00000002
9f00: c7929f4c 00000501 c78ab3e0 c6613a1c 00000000 c7816800 c7b61ef4 c0794338
9f20: c7ee6c00 00000000 00000000 c7b61ef8 00000008 c002dffc c7816800 c7b61ef4
9f40: c7816800 c7816814 ffffe000 c0794338 c079a300 c0794338 c079434c c002efb8
9f60: c790c0a0 c7887b80 c789da80 c7928000 c7816800 c002ecc8 c7831ec0 c7887b98
9f80: 00000000 c0033450 00000000 c789da80 c003333c 00000000 00000000 00000000
9fa0: 00000000 00000000 00000000 c00090e0 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[] (rt2x00lib_set_mac_address) from [] (rt2800_probe_hw+0x100/0xe70)
[] (rt2800_probe_hw) from [] (rt2800usb_probe_hw+0xc/0x4c)
[] (rt2800usb_probe_hw) from [] (rt2x00lib_probe_dev+0x1a4/0x704)
[] (rt2x00lib_probe_dev) from [] (rt2x00usb_probe+0x194/0x1e8)
[] (rt2x00usb_probe) from [] (rt2800usb_probe+0xc/0x18)
[] (rt2800usb_probe) from [] (usb_probe_interface+0x1b8/0x1f0)
[] (usb_probe_interface) from [] (really_probe+0x1d4/0x2ac)
[] (really_probe) from [] (driver_probe_device+0x144/0x15c)
[] (driver_probe_device) from [] (bus_for_each_drv+0xa4/0xbc)
[] (bus_for_each_drv) from [] (__device_attach+0xac/0x124)
[] (__device_attach) from [] (bus_probe_device+0x24/0x80)
[] (bus_probe_device) from [] (device_add+0x430/0x564)
[] (device_add) from [] (usb_set_configuration+0x664/0x6d4)
[] (usb_set_configuration) from [] (generic_probe+0x4c/0x78)
[] (generic_probe) from [] (really_probe+0x1d4/0x2ac)
[] (really_probe) from [] (driver_probe_device+0x144/0x15c)
[] (driver_probe_device) from [] (bus_for_each_drv+0xa4/0xbc)
[] (bus_for_each_drv) from [] (__device_attach+0xac/0x124)
[] (__device_attach) from [] (bus_probe_device+0x24/0x80)
[] (bus_probe_device) from [] (device_add+0x430/0x564)
[] (device_add) from [] (usb_new_device+0x2a8/0x3bc)
[] (usb_new_device) from [] (hub_event+0xc98/0xf24)
[] (hub_event) from [] (process_one_work+0x1f0/0x328)
[] (process_one_work) from [] (worker_thread+0x2f0/0x488)
[] (worker_thread) from [] (kthread+0x114/0x12c)
[] (kthread) from [] (ret_from_fork+0x14/0x34)
Exception stack(0xc7929fb0 to 0xc7929ff8)
9fa0: 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
Code: e1a04001 e5930138 eb028ab4 e3500000 (11d030b0)
---[ end trace 26da2151013e3d30 ]---

Here is the text of the original patch:

There was NVMEM support added to of_get_mac_address, so it could now return
ERR_PTR encoded error values, so we need to adjust all current users of
of_get_mac_address to this new fact.

Signed-off-by: Petr Štetiar ynezz@true.cz
Signed-off-by: David S. Miller davem@davemloft.net

There was NVMEM support added to of_get_mac_address, so it could now return ERR_PTR encoded error values, so we need to adjust all current users of of_get_mac_address to this new fact. Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Marcelo Roberto Jimenez <marcelo.jimenez@gmail.com>

cristibirsan · 2020-01-07T14:35:44Z

Thank you. I merged this patch in linux-4.19-at91 branch (33220b3).

[ Upstream commit bfcdbae ] This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. [ 162.459513] BUG: KASAN: use-after-free in hdr_find_e.isra.0+0x10c/0x320 [ 162.460176] Read of size 2 at addr ffff8880037bca99 by task mount/243 [ 162.460851] [ 162.461252] CPU: 0 PID: 243 Comm: mount Not tainted 6.0.0-rc7 #42 [ 162.461744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 162.462609] Call Trace: [ 162.462954] <TASK> [ 162.463276] dump_stack_lvl+0x49/0x63 [ 162.463822] print_report.cold+0xf5/0x689 [ 162.464608] ? unwind_get_return_address+0x3a/0x60 [ 162.465766] ? hdr_find_e.isra.0+0x10c/0x320 [ 162.466975] kasan_report+0xa7/0x130 [ 162.467506] ? _raw_spin_lock_irq+0xc0/0xf0 [ 162.467998] ? hdr_find_e.isra.0+0x10c/0x320 [ 162.468536] __asan_load2+0x68/0x90 [ 162.468923] hdr_find_e.isra.0+0x10c/0x320 [ 162.469282] ? cmp_uints+0xe0/0xe0 [ 162.469557] ? cmp_sdh+0x90/0x90 [ 162.469864] ? ni_find_attr+0x214/0x300 [ 162.470217] ? ni_load_mi+0x80/0x80 [ 162.470479] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 162.470931] ? ntfs_bread_run+0x190/0x190 [ 162.471307] ? indx_get_root+0xe4/0x190 [ 162.471556] ? indx_get_root+0x140/0x190 [ 162.471833] ? indx_init+0x1e0/0x1e0 [ 162.472069] ? fnd_clear+0x115/0x140 [ 162.472363] ? _raw_spin_lock_irqsave+0x100/0x100 [ 162.472731] indx_find+0x184/0x470 [ 162.473461] ? sysvec_apic_timer_interrupt+0x57/0xc0 [ 162.474429] ? indx_find_buffer+0x2d0/0x2d0 [ 162.474704] ? do_syscall_64+0x3b/0x90 [ 162.474962] dir_search_u+0x196/0x2f0 [ 162.475381] ? ntfs_nls_to_utf16+0x450/0x450 [ 162.475661] ? ntfs_security_init+0x3d6/0x440 [ 162.475906] ? is_sd_valid+0x180/0x180 [ 162.476191] ntfs_extend_init+0x13f/0x2c0 [ 162.476496] ? ntfs_fix_post_read+0x130/0x130 [ 162.476861] ? iput.part.0+0x286/0x320 [ 162.477325] ntfs_fill_super+0x11e0/0x1b50 [ 162.477709] ? put_ntfs+0x1d0/0x1d0 [ 162.477970] ? vsprintf+0x20/0x20 [ 162.478258] ? set_blocksize+0x95/0x150 [ 162.478538] get_tree_bdev+0x232/0x370 [ 162.478789] ? put_ntfs+0x1d0/0x1d0 [ 162.479038] ntfs_fs_get_tree+0x15/0x20 [ 162.479374] vfs_get_tree+0x4c/0x130 [ 162.479729] path_mount+0x654/0xfe0 [ 162.480124] ? putname+0x80/0xa0 [ 162.480484] ? finish_automount+0x2e0/0x2e0 [ 162.480894] ? putname+0x80/0xa0 [ 162.481467] ? kmem_cache_free+0x1c4/0x440 [ 162.482280] ? putname+0x80/0xa0 [ 162.482714] do_mount+0xd6/0xf0 [ 162.483264] ? path_mount+0xfe0/0xfe0 [ 162.484782] ? __kasan_check_write+0x14/0x20 [ 162.485593] __x64_sys_mount+0xca/0x110 [ 162.486024] do_syscall_64+0x3b/0x90 [ 162.486543] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 162.487141] RIP: 0033:0x7f9d374e948a [ 162.488324] Code: 48 8b 0d 11 fa 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 008 [ 162.489728] RSP: 002b:00007ffe30e73d18 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 162.490971] RAX: ffffffffffffffda RBX: 0000561cdb43a060 RCX: 00007f9d374e948a [ 162.491669] RDX: 0000561cdb43a260 RSI: 0000561cdb43a2e0 RDI: 0000561cdb442af0 [ 162.492050] RBP: 0000000000000000 R08: 0000561cdb43a280 R09: 0000000000000020 [ 162.492459] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 0000561cdb442af0 [ 162.493183] R13: 0000561cdb43a260 R14: 0000000000000000 R15: 00000000ffffffff [ 162.493644] </TASK> [ 162.493908] [ 162.494214] The buggy address belongs to the physical page: [ 162.494761] page:000000003e38a3d5 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x37bc [ 162.496064] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 162.497278] raw: 000fffffc0000000 ffffea00000df1c8 ffffea00000df008 0000000000000000 [ 162.498928] raw: 0000000000000000 0000000000240000 00000000ffffffff 0000000000000000 [ 162.500542] page dumped because: kasan: bad access detected [ 162.501057] [ 162.501242] Memory state around the buggy address: [ 162.502230] ffff8880037bc980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.502977] ffff8880037bca00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.503522] >ffff8880037bca80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.503963] ^ [ 162.504370] ffff8880037bcb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.504766] ffff8880037bcb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Signed-off-by: Edward Lo <edward.lo@ambergroup.io> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Signed-off-by: Sasha Levin <sashal@kernel.org>

cristibirsan closed this Jan 7, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

net: wireless: support of_get_mac_address new ERR_PTR error #42

net: wireless: support of_get_mac_address new ERR_PTR error #42

mrjimenez commented Dec 19, 2019

cristibirsan commented Jan 7, 2020

net: wireless: support of_get_mac_address new ERR_PTR error #42

net: wireless: support of_get_mac_address new ERR_PTR error #42

Conversation

mrjimenez commented Dec 19, 2019

cristibirsan commented Jan 7, 2020