idpf_idc_vport_dev_ctrl(adapter, false) clears vport->vdev_info->adev
to NULL but keeps vport->vdev_info itself. An MTU change after that
calls idpf_idc_vdev_mtu_event(), which dereferences vdev_info->adev for
device_lock() before reaching the (!adev || ...) check.
Cache vdev_info->adev once with READ_ONCE() and bail out if NULL before
locking. Use the cached pointer on both the lock and unlock paths so
the unlock matches the device actually acquired and cannot re-fetch a
NULL slot.
Fixes: ed6e1c8796a4 ("idpf: implement IDC vport aux driver MTU change handler")
Cc: [email protected]
Signed-off-by: David Carlier <[email protected]>
---
v2: cache vdev_info->adev with READ_ONCE() to avoid double-fetch and
use the cached pointer on the unlock path (Alok Tiwari)
---
drivers/net/ethernet/intel/idpf/idpf_idc.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/intel/idpf/idpf_idc.c
b/drivers/net/ethernet/intel/idpf/idpf_idc.c
index b7d6b08fc89e..9f764135507c 100644
--- a/drivers/net/ethernet/intel/idpf/idpf_idc.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_idc.c
@@ -162,9 +162,12 @@ void idpf_idc_vdev_mtu_event(struct
iidc_rdma_vport_dev_info *vdev_info,
set_bit(event_type, event.type);
- device_lock(&vdev_info->adev->dev);
- adev = vdev_info->adev;
- if (!adev || !adev->dev.driver)
+ adev = READ_ONCE(vdev_info->adev);
+ if (!adev)
+ return;
+
+ device_lock(&adev->dev);
+ if (!adev->dev.driver)
goto unlock;
iadrv = container_of(adev->dev.driver,
struct iidc_rdma_vport_auxiliary_drv,
@@ -172,7 +175,7 @@ void idpf_idc_vdev_mtu_event(struct
iidc_rdma_vport_dev_info *vdev_info,
if (iadrv->event_handler)
iadrv->event_handler(vdev_info, &event);
unlock:
- device_unlock(&vdev_info->adev->dev);
+ device_unlock(&adev->dev);
}
/**
--
2.53.0
