On 21.07.2020 9:23, Yoshihiro Shimoda wrote:
According to the report of [1], this driver is possible to cause
the following error in ravb_tx_timeout_work().
ravb e6800000.ethernet ethernet: failed to switch device to config mode
This error means that the hardware could not change the state
from "Operation" to "Configuration" while some tx and/or rx queue
are operating. After that, ravb_config() in ravb_dmac_init() will fail,
and then any descriptors will be not allocaled anymore so that NULL
pointer dereference happens after that on ravb_start_xmit().
To fix the issue, the ravb_tx_timeout_work() should check
the return values of ravb_stop_dma() and ravb_dmac_init().
If ravb_stop_dma() fails, ravb_tx_timeout_work() re-enables TX and RX
and just exits. If ravb_dmac_init() fails, just exits.
[1]
https://lore.kernel.org/linux-renesas-soc/20200518045452.2390-1-dirk.be...@de.bosch.com/
Reported-by: Dirk Behme <dirk.be...@de.bosch.com>
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda...@renesas.com>
Reviewed-by: Sergei Shtylyov <sergei.shtyl...@gmail.com>
ACK, this tag is still good for v3.
---
Changes from RFC v2:
- Check the return value of ravb_init_dmac() too.
- Update the subject and description.
- Fix the comment in the code.
- Add Reviewed-by Sergei.
https://patchwork.kernel.org/patch/11673621/
Changes from RFC v1:
- Check the return value of ravb_stop_dma() and exit if the hardware
condition can not be initialized in the tx timeout.
- Update the commit subject and description.
- Fix some typo.
https://patchwork.kernel.org/patch/11570217/
Unfortunately, I still didn't reproduce the issue yet. But,
I got review from Sergei in v2. So, I removed RFC on this patch.
Sorry for the sloppy code. :-|
MBR, Sergei
