kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   f3f8e1c883eb9b02d323af42dbd0cae5b59ee6ad
  2.   patches.drivers
  3.   bnxt_en-Fix-NULL-pointer-dereference-at-bnxt_free_ir.patch
Blob Blame History Raw 
From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 11 Apr 2018 11:50:18 -0400
Subject: bnxt_en: Fix NULL pointer dereference at bnxt_free_irq().
Patch-mainline: v4.17-rc1
Git-commit: cb98526bf9b985866d648dbb9c983ba9eb59daba
References: bsc#1086282 FATE#324873

When open fails during ethtool -L ring change, for example, the driver
may crash at bnxt_free_irq() because bp->bnapi is NULL.

If we fail to allocate all the new rings, bnxt_open_nic() will free
all the memory including bp->bnapi.  Subsequent call to bnxt_close_nic()
will try to dereference bp->bnapi in bnxt_free_irq().

Fix it by checking for !bp->bnapi in bnxt_free_irq().

Fixes: e5811b8c09df ("bnxt_en: Add IRQ remapping logic.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -6035,7 +6035,7 @@ static void bnxt_free_irq(struct bnxt *b
 	free_irq_cpu_rmap(bp->dev->rx_cpu_rmap);
 	bp->dev->rx_cpu_rmap = NULL;
 #endif
-	if (!bp->irq_tbl)
+	if (!bp->irq_tbl || !bp->bnapi)
 		return;
 
 	for (i = 0; i < bp->cp_nr_rings; i++) {
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.