net: ethernet: s10hssi: fix the crash in the ipv6 network

Chen Guanqiao · Chen Guanqiao · commit 55939cb65b84 · 2021-03-29T14:18:36.000+08:00
v2: Simplife the implementation of ndo_start_xmit(). v1: This patch simply fills ndo_start_xmit() in netdev and no other operations. In the ipv6 network, after the date is sent, the netdev ndo_start_xmit() hook will be called. But s10ssi does not fill the ndo_start_xmit() in netdev, so it will case a "NULL pointer" crash. In the ipv6 network, run the following command: $ ifconfig s10hssi0 up Will cause the machine to crash: [ 961.346621] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [ 961.346651] PGD 0 P4D 0 [ 961.346661] Oops: 0010 [#1] SMP NOPTI [ 961.346673] CPU: 62 PID: 0 Comm: swapper/62 Kdump: loaded Tainted: G OE --------- - - [ 961.346702] Hardware name: Inspur SA5212M5/YZMB-00882-104, BIOS 4.1.8 05/21/2019 [ 961.346721] RIP: 0010: (null) [ 961.346734] Code: Bad RIP value. [ 961.346745] RSP: 0018:ffff98ce7fb83bd0 EFLAGS: 00010286 [ 961.346760] RAX: 0000000000000000 RBX: ffff988e7fff6000 RCX: ffff98ce7fb83c4c [ 961.346778] RDX: ffffffffc0479620 RSI: ffff988e7fff6000 RDI: ffff98ce7e3ce900 [ 961.346796] RBP: 00000000ee0f0000 R08: 0000000000000000 R09: 000000000000004c [ 961.346815] R10: ffff988e7cd9e540 R11: 0000000000000000 R12: 0000000000000000 [ 961.346833] R13: ffff985d88f61000 R14: ffff988e6975ce00 R15: ffff98ce7e3ce900 [ 961.346851] FS: 0000000000000000(0000) GS:ffff98ce7fb80000(0000) knlGS:0000000000000000 [ 961.346871] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 961.346887] CR2: ffffffffffffffd6 CR3: 0000000e8880a006 CR4: 00000000007606e0 [ 961.346905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 961.346924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 961.346943] PKRU: 55555554 [ 961.346953] Call Trace: [ 961.346964] <IRQ> [ 961.346979] ? dev_hard_start_xmit+0xa5/0x210 [ 961.346994] ? __dev_queue_xmit+0x6c1/0x9e0 [ 961.347008] ? __neigh_create+0x427/0x580 [ 961.347023] ? ip6_finish_output2+0x1b9/0x5b0 [ 961.347039] ? kmem_cache_alloc+0x18e/0x1c0 [ 961.347053] ? kmem_cache_alloc_trace+0x3f/0x1d0 [ 961.347068] ? ip6_output+0x68/0x110 [ 961.347083] ? mld_sendpack+0x168/0x280 [ 961.347096] ? add_grhead.isra.26+0x2e/0xa0 [ 961.347110] ? mld_ifc_timer_expire+0x198/0x2d0 [ 961.347125] ? mld_clear_delrec+0xf0/0xf0 [ 961.347142] ? call_timer_fn+0x2b/0x130 [ 961.347154] ? run_timer_softirq+0x3d1/0x410 [ 961.347168] ? enqueue_hrtimer+0x38/0x90 [ 961.347182] ? __hrtimer_run_queues+0x130/0x280 [ 961.347198] ? __do_softirq+0xe3/0x30a [ 961.347211] ? ktime_get+0x36/0xa0 [ 961.347225] ? irq_exit+0x100/0x110 [ 961.347237] ? smp_apic_timer_interrupt+0x74/0x140 [ 961.347252] ? apic_timer_interrupt+0xf/0x20 [ 961.347264] </IRQ> [ 961.347275] ? mwait_idle+0x7d/0x160 [ 961.347764] ? do_idle+0x1f1/0x280 [ 961.348207] ? cpu_startup_entry+0x6f/0x80 [ 961.348649] ? start_secondary+0x1a7/0x200 [ 961.349081] ? secondary_startup_64+0xb7/0xc0 Signed-off-by: Chen Guanqiao <chenguanqiao@kuaishou.com>
diff --git a/drivers/net/ethernet/intel/s10hssi.c b/drivers/net/ethernet/intel/s10hssi.c
@@ -161,10 +161,17 @@ static int netdev_set_mac_address(struct net_device *ndev, void *p)
 	return 0;
 }
 
+static netdev_tx_t s10hssi_dummy_netdev_xmit(struct sk_buff *skb,
+					     struct net_device *dev)
+{
+	return NETDEV_TX_OK;
+}
+
 static const struct net_device_ops netdev_ops = {
 	.ndo_change_mtu = netdev_change_mtu,
 	.ndo_set_features = netdev_set_features,
 	.ndo_set_mac_address = netdev_set_mac_address,
+	.ndo_start_xmit = s10hssi_dummy_netdev_xmit,
 };
 
 struct stat_info {
