ACK: [SRU][XBCD][PATCH] UBUNTU: SAUCE: net: ena: fix crash during ena_remove()

Tyler Hicks tyhicks at canonical.com
Thu Nov 8 19:00:09 UTC 2018


On 2018-11-08 10:37:58, Kamal Mostafa wrote:
> From: Arthur Kiyanovski <akiyano at amazon.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1802341
> 
> In ena_remove() we have the following stack call:
> ena_remove()
>   unregister_netdev()
>   ena_destroy_device()
>     netif_carrier_off()
> 
> Calling netif_carrier_off() causes linkwatch to try to handle the
> link change event on the already unregistered netdev, which leads
> to a read from an unreadable memory address.
> 
> This patch switches the order of the two functions, so that
> netif_carrier_off() is called on a regiestered netdev.
> 
> To accomplish this fix we also had to:
> 1. Remove the set bit ENA_FLAG_TRIGGER_RESET
> 2. Add a sanitiy check in ena_close()
> both to prevent double device reset (when calling unregister_netdev()
> ena_close is called, but the device was already deleted in
> ena_destroy_device()).
> 3. Set the admin_queue running state to false to avoid using it after
> device was reset (for example when calling ena_destroy_all_io_queues()
> right after ena_com_dev_reset() in ena_down)
> 
> Finally, driver version is also updated.
> 
> Change-Id: I3cc1aafe9cb3701a6eaee44e00add0e175c93148
> 
> Signed-off-by: Arthur Kiyanovski <akiyano at amazon.com>
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>

Seems reasonable to me.

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181108/dc1e107d/attachment.sig>


More information about the kernel-team mailing list