ENGR00308637 net: fec: fix NULL pointer causing kernel hang

Fugang Duan · Nitin Garg · commit 0c3946074090 · 2014-04-16T08:58:22.000-05:00
Do video mmVector test with below script, kernel will hang after run about 50 cases. Script: mount -o nolock,tcp -t nfs 10.192.224.45:/streams /mnt/streams/ ./auto_test.sh -l video_h264_d1.list -AV -n my Log: Unable to handle kernel NULL pointer dereference at virtual address 000000a4 pgd = a9c84000 [000000a4] *pgd=a9555831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [wandboard-org#1] PREEMPT SMP ARM Modules linked in: ov5642_camera ov5640_camera evbug CPU: 0 PID: 16119 Comm: gplay-1.0 Not tainted 3.10.17-internal+g15a353d wandboard-org#1 task: a96183c0 ti: a9de4000 task.ti: a9de4000 PC is at fec_new_rxbdp.isra.28+0x8/0xd8 LR is at fec_enet_rx_napi+0x4b8/0x9a8 pc : [<8039fdf0>] lr : [<803a0378>] psr: 60060113 sp : a9de5d30 ip : 00000030 fp : 00000000 r10: a82aa800 r9 : 00000002 r8 : 000001fc r7 : a82ab000 r6 : 00000000 r5 : ac060fe4 r4 : ac060fe0 r3 : a82ab1fc r2 : 00000000 r1 : ac060fe4 r0 : a82aa800 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c53c7d Table: a9c8404a DAC: 00000015 Process gplay-1.0 (pid: 16119, stack limit = 0xa9de4238) Stack: (0xa9de5d30 to 0xa9de6000) 5d20: ac060fe0 00000800 00000000 803a0378 5d40: 00000000 a8009240 a8009290 80c6f440 c0802100 a82aa800 a94b1c00 000005ee 5d60: 00000040 00000000 a8ccf480 ac060fe0 a82aacc0 80c95654 80c6edf0 a82aad08 5d80: 00000000 00000001 a82aae14 a82aad98 a9de5dec 8000dca0 a9de4000 a9510240 5da0: a9de5db4 00000001 a82aad98 00000040 0000012c 81537200 0002a165 81537208 5dc0: 80c640c0 8050e878 00000000 80cb5fe5 0002a163 00000001 0000000c 80c64090 5de0: 80c64080 a9de4000 00000003 0000000c 00000100 8002d538 00000096 a800e240 5e00: 80cb5f0e 80c5e7a0 00000000 0000000a 80cf8940 80c640c0 0002a164 a9de4038 5e20: 80c72324 00404000 7eb2b72c 60060193 00000096 00000000 c0802100 a9510240 5e40: a96183c0 00000000 7eb2b72c 8002d6ac a9de401 8002d948 80c5eef0 8000e94c 5e60: c080210c 80c6a904 a9de5e88 80008558 8008af14 800bfc4c 00060013 ffffffff 5e80: a9de5ebc 8000dc80 00000000 00000000 0000009a 00000000 0000009a 00000000 5ea0: 00080000 a9de5f8 a9510240 a96183c0 00000000 7eb2b72c 00000002 a9de5ed0 5ec0: 8008af14 800bfc4c 00060013 ffffffff 0000009a 00000000 6c41b000 00080000 5ee0: 00000001 a9510240 00000000 00000000 00000000 a96183c0 00000000 00000000 5f00: 0000009a 00000000 00000000 00000000 00080000 00000000 00080000 00000000 5f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5f40: 0002a164 a9510240 6c41b000 a9de5f8 6c41b000 00000001 00080000 800c0290 5f60: 00000002 800d874c 0000009a 00000000 a9510240 6c41b000 00000001 800c08f0 5f80: 0000009a 00000000 c080210c 76eccca8 00000073 76eccca8 00000003 8000e204 5fa0: a9de4000 8000e080 76eccca8 00000073 00000000 6c41b000 00080000 00000010 5fc0: 76eccca8 00000073 76eccca8 00000003 00000000 76eccca8 00000000 7eb2b72c 5fe0: 00000000 7eb2b50 76e59684 76e59694 80060010 00000000 00000000 00000000 [<8039fdf0>] (fec_new_rxbdp.isra.28+0x8/0xd8) from [<a8009240>] (0xa8009240) Code: eb05b6e9 eafffff1 e92d4070 e1a05001 (e59230a4) ---[ end trace 4362657744775d24 ]--- Kernel panic - not syncing: Fatal exception in interrupt The issue is caused potential NULL pointer operation in some cases like late collisions and memory allocate fail by __netdev_alloc_skb_ip_align(). The patch is to avoid potential NULL pointer operation. Signed-off-by: Fugang Duan <B38611@freescale.com>
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
@@ -1091,6 +1091,7 @@ fec_enet_rx(struct net_device *ndev, int budget)
 
 			if (unlikely(!skb_new)) {
 				ndev->stats.rx_dropped++;
+				goto rx_processing_done;
 			} else {
 				skb_put(skb_cur, pkt_len - 4);	/* Make room */
 
@@ -1139,11 +1140,11 @@ fec_enet_rx(struct net_device *ndev, int budget)
 					napi_gro_receive(&fep->napi, skb_cur);
 			}
 
-rx_processing_done:
 			/* set the new skb */
 			rxq->rx_skbuff[index] = skb_new;
 			fec_new_rxbdp(ndev, bdp, skb_new);
 
+rx_processing_done:
 			/* Clear the status flags for this buffer */
 			status &= ~BD_ENET_RX_STATS;
 
