From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Duyck Subject: Re: [PATCH] e1000: ethtool: check on netif_running() before calling e1000_up() Date: Wed, 18 Jul 2018 13:49:40 -0700 Message-ID: References: <20180718191851.31984-1-chenbo@pdx.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Jeff Kirsher , David Miller , Netdev , LKML , phenix1108@gmail.com, intel-wired-lan To: Bo Chen Return-path: In-Reply-To: <20180718191851.31984-1-chenbo@pdx.edu> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Wed, Jul 18, 2018 at 12:18 PM, Bo Chen wrote: > When the device is not up, the call to 'e1000_up()' from the error handling path > of 'e1000_set_ringparam()' causes a kernel oops with a null-pointer > dereference. The null-pointer dereference is triggered in function > 'e1000_alloc_rx_buffers()' at line 'buffer_info = &rx_ring->buffer_info[i]'. > > This bug was reported by COD, a tool for testing kernel module binaries I am > building. This bug was also detected by KFI from Dr. Kai Cong. > > This patch fixes the bug by checking on 'netif_running()' before calling > 'e1000_up()' in 'e1000_set_ringparam()'. > > Signed-off-by: Bo Chen The change below looks good to me. Acked-by: Alexander Duyck > --- > drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c > index bdb3f8e65ed4..c1e4e94f100f 100644 > --- a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c > +++ b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c > @@ -644,7 +644,8 @@ static int e1000_set_ringparam(struct net_device *netdev, > err_alloc_rx: > kfree(txdr); > err_alloc_tx: > - e1000_up(adapter); > + if (netif_running(adapter->netdev)) > + e1000_up(adapter); > err_setup: > clear_bit(__E1000_RESETTING, &adapter->flags); > return err; > -- > 2.17.0 >