niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity

ibmvnic: avoid memset null scrq msgs

Browse source 
scrq->msgs could be NULL during device reset, causing Linux to crash.
So, check before memset scrq->msgs.

Fixes: c8b2ad0a4a ("ibmvnic: Sanitize entire SCRQ buffer on reset")
Signed-off-by: Dany Madden <drt@linux.ibm.com>
Signed-off-by: Lijun Pan <ljp@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Dany Madden 2020-11-25 18:04:26 -06:00 committed by Jakub Kicinski
parent 18f141bf97
commit 9281cf2d58
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
drivers/net/ethernet/ibm/ibmvnic.c
View file

@ -2844,15 +2844,26 @@ static int reset_one_sub_crq_queue(struct ibmvnic_adapter *adapter,
{ {
int rc; int rc;
if (!scrq) {
netdev_dbg(adapter->netdev,
"Invalid scrq reset. irq (%d) or msgs (%p).\n",
scrq->irq, scrq->msgs);
return -EINVAL;
}
if (scrq->irq) { if (scrq->irq) {
free_irq(scrq->irq, scrq); free_irq(scrq->irq, scrq);
irq_dispose_mapping(scrq->irq); irq_dispose_mapping(scrq->irq);
scrq->irq = 0; scrq->irq = 0;
} }
if (scrq->msgs) {
memset(scrq->msgs, 0, 4 * PAGE_SIZE); memset(scrq->msgs, 0, 4 * PAGE_SIZE);
atomic_set(&scrq->used, 0); atomic_set(&scrq->used, 0);
scrq->cur = 0; scrq->cur = 0;
} else {
netdev_dbg(adapter->netdev, "Invalid scrq reset\n");
return -EINVAL;
}
rc = h_reg_sub_crq(adapter->vdev->unit_address, scrq->msg_token, rc = h_reg_sub_crq(adapter->vdev->unit_address, scrq->msg_token,
4 * PAGE_SIZE, &scrq->crq_num, &scrq->hw_irq); 4 * PAGE_SIZE, &scrq->crq_num, &scrq->hw_irq);