APPLIED[Unstable]: [SRU][XBCD][PATCH] UBUNTU: SAUCE: net: ena: fix crash during ena_remove()
Seth Forshee
seth.forshee at canonical.com
Thu Nov 15 17:28:30 UTC 2018
On Thu, Nov 08, 2018 at 10:37:58AM -0800, Kamal Mostafa wrote:
> From: Arthur Kiyanovski <akiyano at amazon.com>
>
> BugLink: http://bugs.launchpad.net/bugs/1802341
>
> In ena_remove() we have the following stack call:
> ena_remove()
> unregister_netdev()
> ena_destroy_device()
> netif_carrier_off()
>
> Calling netif_carrier_off() causes linkwatch to try to handle the
> link change event on the already unregistered netdev, which leads
> to a read from an unreadable memory address.
>
> This patch switches the order of the two functions, so that
> netif_carrier_off() is called on a regiestered netdev.
>
> To accomplish this fix we also had to:
> 1. Remove the set bit ENA_FLAG_TRIGGER_RESET
> 2. Add a sanitiy check in ena_close()
> both to prevent double device reset (when calling unregister_netdev()
> ena_close is called, but the device was already deleted in
> ena_destroy_device()).
> 3. Set the admin_queue running state to false to avoid using it after
> device was reset (for example when calling ena_destroy_all_io_queues()
> right after ena_com_dev_reset() in ena_down)
>
> Finally, driver version is also updated.
>
> Change-Id: I3cc1aafe9cb3701a6eaee44e00add0e175c93148
>
> Signed-off-by: Arthur Kiyanovski <akiyano at amazon.com>
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>
Applied to unstable/master, thanks!
More information about the kernel-team
mailing list