IPoIB: Fix crash in dev_open error flow (c2bb5628) · Commits · e / devices / android_kernel_xiaomi_markw

If napi has never been enabled when calling ipoib_ib_dev_stop, a kernel crash occurs, because the verbs layer completion handler (ipoib_ib_completion) calls napi_schedule unconditionally. If the napi structure passed in the napi_schedule call has not been initialized, napi will crash. The cleanest solution is to simply enable napi before calling ipoib_ib_dev_stop in the dev_open error flow. (dev_stop then immediately disables napi). Signed-off-by:

Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by:

Erez Shitrit <erezsh@mellanox.com> Signed-off-by:

Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:

Roland Dreier <roland@purestorage.com>

drivers/infiniband/ulp/ipoib/ipoib_ib.c

+7 −4

Original line number	Diff line number	Diff line
		@@ -685,15 +685,13 @@ int ipoib_ib_dev_open(struct net_device *dev)
		ret = ipoib_ib_post_receives(dev);
		if (ret) {
		ipoib_warn(priv, "ipoib_ib_post_receives returned %d\n", ret);
		ipoib_ib_dev_stop(dev, 1);
		return -1;
		goto dev_stop;
		}

		ret = ipoib_cm_dev_open(dev);
		if (ret) {
		ipoib_warn(priv, "ipoib_cm_dev_open returned %d\n", ret);
		ipoib_ib_dev_stop(dev, 1);
		return -1;
		goto dev_stop;
		}

		clear_bit(IPOIB_STOP_REAPER, &priv->flags);
		@@ -704,6 +702,11 @@ int ipoib_ib_dev_open(struct net_device *dev)
		napi_enable(&priv->napi);

		return 0;
		dev_stop:
		if (!test_and_set_bit(IPOIB_FLAG_INITIALIZED, &priv->flags))
		napi_enable(&priv->napi);
		ipoib_ib_dev_stop(dev, 1);
		return -1;
		}

		static void ipoib_pkey_dev_check_presence(struct net_device *dev)