From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: [PATCH 4.9 28/66] r8152: napi hangup fix after disconnect Date: Fri, 20 Jul 2018 14:13:45 +0200 Message-ID: <20180720121408.895750171@linuxfoundation.org> References: <20180720121407.228772286@linuxfoundation.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jiri Slaby , linux-usb@vger.kernel.org, netdev@vger.kernel.org, "David S. Miller" To: linux-kernel@vger.kernel.org Return-path: In-Reply-To: <20180720121407.228772286@linuxfoundation.org> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Jiri Slaby [ Upstream commit 0ee1f4734967af8321ecebaf9c74221ace34f2d5 ] When unplugging an r8152 adapter while the interface is UP, the NIC becomes unusable. usb->disconnect (aka rtl8152_disconnect) deletes napi. Then, rtl8152_disconnect calls unregister_netdev and that invokes netdev->ndo_stop (aka rtl8152_close). rtl8152_close tries to napi_disable, but the napi is already deleted by disconnect above. So the first while loop in napi_disable never finishes. This results in complete deadlock of the network layer as there is rtnl_mutex held by unregister_netdev. So avoid the call to napi_disable in rtl8152_close when the device is already gone. The other calls to usb_kill_urb, cancel_delayed_work_sync, netif_stop_queue etc. seem to be fine. The urb and netdev is not destroyed yet. Signed-off-by: Jiri Slaby Cc: linux-usb@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/usb/r8152.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c @@ -3327,7 +3327,8 @@ static int rtl8152_close(struct net_devi #ifdef CONFIG_PM_SLEEP unregister_pm_notifier(&tp->pm_notifier); #endif - napi_disable(&tp->napi); + if (!test_bit(RTL8152_UNPLUG, &tp->flags)) + napi_disable(&tp->napi); clear_bit(WORK_ENABLE, &tp->flags); usb_kill_urb(tp->intr_urb); cancel_delayed_work_sync(&tp->schedule);