[E1000-devel] [patch 0/1] 82571EB: fix NULL pointer deref in e1000e v1.11.3

Tue, 29 May 2012 04:46:21 -0700 

Hi list,

I see a NULL pointer deref at e1000_probe() time when using version
1.11.3 of the e1000e driver:

foo kernel: [    3.932444] e1000e 0000:09:00.1: eth5: (PCI 
Express:2.5GT/s:Width x4) 00:1a:8c:20:02:15
foo kernel: [    3.932503] e1000e 0000:09:00.1: eth5: Intel(R) PRO/1000 Network 
Connection
foo kernel: [    3.932622] e1000e 0000:09:00.1: eth5: MAC: 1, PHY: 4, PBA No: 
C83246-002
foo kernel: [    3.932676] e1000e 0000:06:00.0: Disabling ASPM  L1
foo kernel: [    3.932857] e1000e 0000:06:00.0: irq 90 for MSI/MSI-X
foo kernel: [    3.932891] BUG: unable to handle kernel NULL pointer 
dereference at           (null)
foo kernel: [    3.936339] IP: [<          (null)>]           (null)
foo kernel: [    3.936339] PGD 214386067 PUD 213eb7067 PMD 0 
foo kernel: [    3.936339] Oops: 0010 [#1] SMP 
foo kernel: [    3.936339] CPU 0 
foo kernel: [    3.936339] Modules linked in: usbhid evdev i2c_i801 ixgbe mdio 
i5k_amb rtc_cmos igb ppdev dca rng_core parport_pc parport pcspkr sg e1000e(O+) 
button uhci_hcd ehci_hcd sd
foomon aacraid pata_acpi ata_generic ata_piix ahci libahci libata scsi_mod
foo kernel: [    4.052013] 
foo kernel: [    4.052013] Pid: 2560, comm: modprobe Tainted: G           O 
3.3.4-31.g2230bde-smp64 #1 Astaro AG ASG/NSB2189
foo kernel: [    4.052013] RIP: 0010:[<0000000000000000>]  [<          (null)>] 
          (null)
foo kernel: [    4.052013] RSP: 0018:ffff880213c39d10  EFLAGS: 00010202
foo kernel: [    4.052013] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 
0000000000000004
foo kernel: [    4.052013] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 
ffff880215268bb0
foo kernel: [    4.052013] RBP: ffffffffa011c160 R08: 0000000000000002 R09: 
ffff880213c39c9c
foo kernel: [    4.052013] R10: 0000000000000000 R11: ffffffff8122f95d R12: 
ffff880216232000
foo kernel: [    4.052013] R13: ffff880215268700 R14: ffff880215268bb0 R15: 
ffff880215268000
foo kernel: [    4.052013] FS:  0000000000000000(0000) 
GS:ffff88021fc00000(0063) knlGS:00000000f76196c0
foo kernel: [    4.052013] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
foo kernel: [    4.052013] CR2: 0000000000000000 CR3: 0000000213c5d000 CR4: 
00000000000006f0
foo kernel: [    4.052013] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
foo kernel: [    4.052013] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 
0000000000000400
foo kernel: [    4.052013] Process modprobe (pid: 2560, threadinfo 
ffff880213c38000, task ffff88021391ad00)
foo kernel: [    4.052013] Stack:
foo kernel: [    4.052013]  ffffffffa0116b46 ffff880215c06cc0 ffffffff810f49e4 
ffff8802143d0120
foo kernel: [    4.052013]  ffff880213c39db8 ffff880213c39db8 00000000fd880000 
0000000000020000
foo kernel: [    4.052013]  00000001810f4d08 0000000000000246 0000ffff811f08d2 
0000000000000246
foo kernel: [    4.052013] Call Trace:
foo kernel: [    4.052013]  [<ffffffffa0116b46>] ? e1000_probe+0x536/0xc90 
[e1000e]
foo kernel: [    4.052013]  [<ffffffff810f49e4>] ? sysfs_link_sibling+0x99/0xde
foo kernel: [    4.052013]  [<ffffffff81165424>] ? local_pci_probe+0x4a/0x94
foo kernel: [    4.052013]  [<ffffffff81165f00>] ? pci_device_probe+0xbd/0xe6
foo kernel: [    4.052013]  [<ffffffff811e984b>] ? 
driver_probe_device+0xa8/0x159
foo kernel: [    4.052013]  [<ffffffff811e994b>] ? __driver_attach+0x4f/0x6f
foo kernel: [    4.052013]  [<ffffffff811e98fc>] ? 
driver_probe_device+0x159/0x159
foo kernel: [    4.052013]  [<ffffffff811e84b3>] ? bus_for_each_dev+0x46/0x77
foo kernel: [    4.052013]  [<ffffffff811e8be8>] ? bus_add_driver+0xb2/0x200
foo kernel: [    4.052013]  [<ffffffff811e9e91>] ? driver_register+0xaa/0x114
foo kernel: [    4.052013]  [<ffffffff81166145>] ? 
__pci_register_driver+0x4f/0xb7
foo kernel: [    4.052013]  [<ffffffffa012e000>] ? 0xffffffffa012dfff
foo kernel: [    4.052013]  [<ffffffff81002079>] ? do_one_initcall+0x79/0x132
foo kernel: [    4.052013]  [<ffffffff810630a3>] ? sys_init_module+0xaf/0x1fb
foo kernel: [    4.052013]  [<ffffffff812cad52>] ? sysenter_dispatch+0x7/0x25
foo kernel: [    4.052013] Code:  Bad RIP value.
foo kernel: [    4.052013] RIP  [<          (null)>]           (null)
foo kernel: [    4.052013]  RSP <ffff880213c39d10>
foo kernel: [    4.052013] CR2: 0000000000000000
foo kernel: [    4.071110] ---[ end trace 7b4ae75293c292ee ]---

After checking the driver source I see that the ->check_reset_block()
PHY op is NULL, which is because it is left uninitialized in
e1000_init_phy_params_82571() when not using a PHY:

    if (hw->phy.media_type != e1000_media_type_copper) {
        phy->type = e1000_phy_none;
        return 0;
    }

Checking ->check_reset_block() for NULL-ness fixes the issue for me.
Is it ok for you?

The bug seems also to be present in v2.0.0 of the driver, but this is
untested.

Thanks in advance!

 /holger

-- 

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
E1000-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/e1000-devel
To learn more about Intel&#174; Ethernet, visit 
http://communities.intel.com/community/wired

Reply via email to