ACK: [SRU][XBCD][PATCH] UBUNTU: SAUCE: net: ena: fix crash during ena_remove()

Tyler Hicks tyhicks at
Thu Nov 8 19:00:09 UTC 2018

On 2018-11-08 10:37:58, Kamal Mostafa wrote:
> From: Arthur Kiyanovski <akiyano at>
> BugLink:
> In ena_remove() we have the following stack call:
> ena_remove()
>   unregister_netdev()
>   ena_destroy_device()
>     netif_carrier_off()
> Calling netif_carrier_off() causes linkwatch to try to handle the
> link change event on the already unregistered netdev, which leads
> to a read from an unreadable memory address.
> This patch switches the order of the two functions, so that
> netif_carrier_off() is called on a regiestered netdev.
> To accomplish this fix we also had to:
> 1. Remove the set bit ENA_FLAG_TRIGGER_RESET
> 2. Add a sanitiy check in ena_close()
> both to prevent double device reset (when calling unregister_netdev()
> ena_close is called, but the device was already deleted in
> ena_destroy_device()).
> 3. Set the admin_queue running state to false to avoid using it after
> device was reset (for example when calling ena_destroy_all_io_queues()
> right after ena_com_dev_reset() in ena_down)
> Finally, driver version is also updated.
> Change-Id: I3cc1aafe9cb3701a6eaee44e00add0e175c93148
> Signed-off-by: Arthur Kiyanovski <akiyano at>
> Signed-off-by: Kamal Mostafa <kamal at>

Seems reasonable to me.

Acked-by: Tyler Hicks <tyhicks at>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the kernel-team mailing list