When an idpf HW reset is triggered, it clears the vport but does
not clear the netdev held by vport:
// In idpf_vport_dealloc() called by idpf_init_hard_reset(),
// idpf_init_hard_reset() sets IDPF_HR_RESET_IN_PROG, so
// idpf_decfg_netdev() doesn't get called.
if (!test_bit(IDPF_HR_RESET_IN_PROG, adapter->flags))
idpf_decfg_netdev(vport);
// idpf_decfg_netdev() would clear netdev but it isn't called:
unregister_netdev(vport->netdev);
free_netdev(vport->netdev);
vport->netdev = NULL;
// Later in idpf_init_hard_reset(), the vport is cleared:
kfree(adapter->vports);
adapter->vports = NULL;
During an idpf HW reset, when userspace changes the netdev channels,
the vport associated with the netdev is NULL, and so a kernel panic
would happen:
[ 2245.795117] BUG: kernel NULL pointer dereference, address: 0000000000000088
...
[ 2245.842720] RIP: 0010:idpf_set_channels+0x40/0x120
This can be reproduced reliably by injecting a TX timeout to cause
an idpf HW reset, and injecting a virtchnl error to cause the HW
reset to fail and retry, while running "ethtool -L" in userspace.
With this patch applied, we see the following error but no kernel
panics anymore:
[ 1176.743096] idpf 0000:05:00.0 eth1: channels not changed due to no vport in
netdev
netlink error: Bad address
Signed-off-by: Li Li <[email protected]>
---
drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/intel/idpf/idpf_ethtool.c
b/drivers/net/ethernet/intel/idpf/idpf_ethtool.c
index c71af85408a29..1b03528041af4 100644
--- a/drivers/net/ethernet/intel/idpf/idpf_ethtool.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_ethtool.c
@@ -580,6 +579,11 @@ static int idpf_set_channels(struct net_device *netdev,
idpf_vport_ctrl_lock(netdev);
vport = idpf_netdev_to_vport(netdev);
+ if (!vport) {
+ netdev_err(netdev, "channels not changed due to no vport in
netdev\n");
+ err = -EFAULT;
+ goto unlock_mutex;
+ }
idx = vport->idx;
vport_config = vport->adapter->vport_config[idx];
--
2.52.0.351.gbe84eed79e-goog
