From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Mingming Cao <mmc@linux.vnet.ibm.com>,
Dany Madden <drt@linux.ibm.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
linuxppc-dev@lists.ozlabs.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.8 14/53] ibmvnic fix NULL tx_pools and rx_tools issue at do_reset
Date: Mon, 7 Sep 2020 12:31:40 -0400 [thread overview]
Message-ID: <20200907163220.1280412-14-sashal@kernel.org> (raw)
In-Reply-To: <20200907163220.1280412-1-sashal@kernel.org>
From: Mingming Cao <mmc@linux.vnet.ibm.com>
[ Upstream commit 9f13457377907fa253aef560e1a37e1ca4197f9b ]
At the time of do_rest, ibmvnic tries to re-initalize the tx_pools
and rx_pools to avoid re-allocating the long term buffer. However
there is a window inside do_reset that the tx_pools and
rx_pools were freed before re-initialized making it possible to deference
null pointers.
This patch fix this issue by always check the tx_pool
and rx_pool are not NULL after ibmvnic_login. If so, re-allocating
the pools. This will avoid getting into calling reset_tx/rx_pools with
NULL adapter tx_pools/rx_pools pointer. Also add null pointer check in
reset_tx_pools and reset_rx_pools to safe handle NULL pointer case.
Signed-off-by: Mingming Cao <mmc@linux.vnet.ibm.com>
Signed-off-by: Dany Madden <drt@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
index 5afb3c9c52d20..d3a774331afc7 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -479,6 +479,9 @@ static int reset_rx_pools(struct ibmvnic_adapter *adapter)
int i, j, rc;
u64 *size_array;
+ if (!adapter->rx_pool)
+ return -1;
+
size_array = (u64 *)((u8 *)(adapter->login_rsp_buf) +
be32_to_cpu(adapter->login_rsp_buf->off_rxadd_buff_size));
@@ -649,6 +652,9 @@ static int reset_tx_pools(struct ibmvnic_adapter *adapter)
int tx_scrqs;
int i, rc;
+ if (!adapter->tx_pool)
+ return -1;
+
tx_scrqs = be32_to_cpu(adapter->login_rsp_buf->num_txsubm_subcrqs);
for (i = 0; i < tx_scrqs; i++) {
rc = reset_one_tx_pool(adapter, &adapter->tso_pool[i]);
@@ -2011,7 +2017,10 @@ static int do_reset(struct ibmvnic_adapter *adapter,
adapter->req_rx_add_entries_per_subcrq !=
old_num_rx_slots ||
adapter->req_tx_entries_per_subcrq !=
- old_num_tx_slots) {
+ old_num_tx_slots ||
+ !adapter->rx_pool ||
+ !adapter->tso_pool ||
+ !adapter->tx_pool) {
release_rx_pools(adapter);
release_tx_pools(adapter);
release_napi(adapter);
@@ -2024,10 +2033,14 @@ static int do_reset(struct ibmvnic_adapter *adapter,
} else {
rc = reset_tx_pools(adapter);
if (rc)
+ netdev_dbg(adapter->netdev, "reset tx pools failed (%d)\n",
+ rc);
goto out;
rc = reset_rx_pools(adapter);
if (rc)
+ netdev_dbg(adapter->netdev, "reset rx pools failed (%d)\n",
+ rc);
goto out;
}
ibmvnic_disable_irqs(adapter);
--
2.25.1
next prev parent reply other threads:[~2020-09-07 17:12 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-07 16:31 [PATCH AUTOSEL 5.8 01/53] ARC: HSDK: wireup perf irq Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 02/53] dmaengine: acpi: Put the CSRT table after using it Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 03/53] MIPS: Loongson64: Do not override watch and ejtag feature Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 04/53] netfilter: conntrack: allow sctp hearbeat after connection re-use Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 05/53] rxrpc: Keep the ACK serial in a var in rxrpc_input_ack() Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 06/53] netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 07/53] drivers/net/wan/lapbether: Added needed_tailroom Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 08/53] NFC: st95hf: Fix memleak in st95hf_in_send_cmd Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 09/53] firestream: Fix memleak in fs_open Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 10/53] scsi: qedf: Fix null ptr reference in qedf_stag_change_work Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 11/53] ALSA: hda: Fix 2 channel swapping for Tegra Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 12/53] ALSA: hda/tegra: Program WAKEEN register " Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 13/53] drivers/dma/dma-jz4780: Fix race condition between probe and irq handler Sasha Levin
2020-09-07 16:31 ` Sasha Levin [this message]
2020-09-07 21:10 ` [PATCH AUTOSEL 5.8 14/53] ibmvnic fix NULL tx_pools and rx_tools issue at do_reset Jakub Kicinski
2020-09-07 22:24 ` Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 15/53] net: hns3: Fix for geneve tx checksum bug Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 16/53] xfs: fix off-by-one in inode alloc block reservation calculation Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 17/53] drivers/net/wan/lapbether: Set network_header before transmitting Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 18/53] wireless: fix wrong 160/80+80 MHz setting Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 19/53] cfg80211: regulatory: reject invalid hints Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 20/53] mac80211: reduce packet loss event false positives Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 21/53] cfg80211: Adjust 6 GHz frequency to channel conversion Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 22/53] net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 23/53] xfs: initialize the shortform attr header padding entry Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 24/53] ARC: show_regs: fix r12 printing and simplify Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 25/53] irqchip/eznps: Fix build error for !ARC700 builds Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 26/53] media: gpio-ir-tx: spinlock is not needed to disable interrupts Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 27/53] nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 28/53] nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 29/53] nvme: have nvme_wait_freeze_timeout return if it timed out Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 30/53] nvme-tcp: serialize controller teardown sequences Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 31/53] nvme-tcp: fix timeout handler Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 32/53] nvme-tcp: fix reset hang if controller died in the middle of a reset Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 33/53] nvme-rdma: serialize controller teardown sequences Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 34/53] nvme-rdma: fix timeout handler Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 35/53] nvme-rdma: fix reset hang if controller died in the middle of a reset Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 36/53] nvme-pci: cancel nvme device request before disabling Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 37/53] HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 38/53] HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 39/53] drivers/net/wan/hdlc_cisco: Add hard_header_len Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 40/53] HID: elan: Fix memleak in elan_input_configured Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 41/53] ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 42/53] cpufreq: intel_pstate: Refuse to turn off with HWP enabled Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 43/53] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 44/53] net: usb: dm9601: Add USB ID of Keenetic Plus DSL Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 45/53] arm64/module: set trampoline section flags regardless of CONFIG_DYNAMIC_FTRACE Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 46/53] ALSA: hda: hdmi - add Rocketlake support Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 47/53] ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 48/53] ALSA: hda: use consistent HDAudio spelling in comments/docs Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 49/53] drivers/net/wan/hdlc: Change the default of hard_header_len to 0 Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 50/53] drm/amdgpu: Fix bug in reporting voltage for CIK Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 51/53] iommu/amd: Do not force direct mapping when SME is active Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 52/53] iommu/amd: Do not use IOMMUv2 functionality " Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 53/53] gcov: Disable gcov build with GCC 10 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200907163220.1280412-14-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=drt@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mmc@linux.vnet.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox