Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b9fa1fbf authored by Rasesh Mody's avatar Rasesh Mody Committed by David S. Miller
Browse files

bna: Eliminate Small Race Condition Window in RX Path 



Change details:
 - In a continuous sequence of ifconfig up/down operations, there is a small
   window of race between bnad_set_rx_mode() and bnad_cleanup_rx() while the
   former tries to access rx_info->rx & the latter sets it to NULL. This race
   could lead to bna_rx_mode_set() being called with a NULL (rx_info->rx)
   pointer and a crash.
 - Hold bnad->bna_lock while setting / unsetting rx_info->rx in bnad_setup_rx()
   & bnad_cleanup_rx(), thereby eliminating the race described above.

Signed-off-by: default avatarGurunatha Karaje <gkaraje@brocade.com>
Signed-off-by: default avatarRasesh Mody <rmody@brocade.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 3fb9852f

drivers/net/ethernet/brocade/bna/bnad.c

+3 −2
Original line number Original line Diff line number Diff line
@@ -1875,10 +1875,10 @@ bnad_cleanup_rx(struct bnad *bnad, u32 rx_id) 




	spin_lock_irqsave(&bnad->bna_lock, flags);

	spin_lock_irqsave(&bnad->bna_lock, flags);

	bna_rx_destroy(rx_info->rx);

	bna_rx_destroy(rx_info->rx);

	spin_unlock_irqrestore(&bnad->bna_lock, flags);





	rx_info->rx = NULL;

	rx_info->rx = NULL;

	rx_info->rx_id = 0;

	rx_info->rx_id = 0;

	spin_unlock_irqrestore(&bnad->bna_lock, flags);





	bnad_rx_res_free(bnad, res_info);

	bnad_rx_res_free(bnad, res_info);

}

}
@@ -1932,12 +1932,13 @@ bnad_setup_rx(struct bnad *bnad, u32 rx_id) 
	spin_lock_irqsave(&bnad->bna_lock, flags);

	spin_lock_irqsave(&bnad->bna_lock, flags);

	rx = bna_rx_create(&bnad->bna, bnad, rx_config, &rx_cbfn, res_info,

	rx = bna_rx_create(&bnad->bna, bnad, rx_config, &rx_cbfn, res_info,

			rx_info);

			rx_info);

	spin_unlock_irqrestore(&bnad->bna_lock, flags);

	if (!rx) {

	if (!rx) {

		err = -ENOMEM;

		err = -ENOMEM;

		spin_unlock_irqrestore(&bnad->bna_lock, flags);

		goto err_return;

		goto err_return;

	}

	}

	rx_info->rx = rx;

	rx_info->rx = rx;

	spin_unlock_irqrestore(&bnad->bna_lock, flags);





	/*

	/*

	 * Init NAPI, so that state is set to NAPI_STATE_SCHED,

	 * Init NAPI, so that state is set to NAPI_STATE_SCHED,