Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe2c4df2 authored by Sagiv Ozeri's avatar Sagiv Ozeri Committed by Greg Kroah-Hartman
Browse files

qed: Fix potential memory corruption 



[ Upstream commit fa5c448d98f0df660bfcad3dd5facc027ef84cd3 ]

A stuck ramrod should be deleted from the completion_pending list,
otherwise it will be added again in the future and corrupt the list.

Return error value to inform that ramrod is stuck and should be deleted.

Signed-off-by: default avatarSagiv Ozeri <sagiv.ozeri@cavium.com>
Signed-off-by: default avatarDenis Bolotin <denis.bolotin@cavium.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 082810cb

drivers/net/ethernet/qlogic/qed/qed_spq.c

+5 −7
Original line number Diff line number Diff line
@@ -144,6 +144,7 @@ static int qed_spq_block(struct qed_hwfn *p_hwfn, 


	DP_INFO(p_hwfn, "Ramrod is stuck, requesting MCP drain\n");

	rc = qed_mcp_drain(p_hwfn, p_ptt);

	qed_ptt_release(p_hwfn, p_ptt);

	if (rc) {

		DP_NOTICE(p_hwfn, "MCP drain failed\n");

		goto err;
@@ -152,18 +153,15 @@ static int qed_spq_block(struct qed_hwfn *p_hwfn, 
	/* Retry after drain */

	rc = __qed_spq_block(p_hwfn, p_ent, p_fw_ret, true);

	if (!rc)

		goto out;

		return 0;



	comp_done = (struct qed_spq_comp_done *)p_ent->comp_cb.cookie;

	if (comp_done->done == 1)

	if (comp_done->done == 1) {

		if (p_fw_ret)

			*p_fw_ret = comp_done->fw_return_code;

out:

	qed_ptt_release(p_hwfn, p_ptt);

		return 0;



	}

err:

	qed_ptt_release(p_hwfn, p_ptt);

	DP_NOTICE(p_hwfn,

		  "Ramrod is stuck [CID %08x cmd %02x protocol %02x echo %04x]\n",

		  le32_to_cpu(p_ent->elem.hdr.cid),