]> git.baikalelectronics.ru Git - kernel.git/commit
bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
authorEdwin Peer <edwin.peer@broadcom.com>
Sun, 12 Sep 2021 16:34:48 +0000 (12:34 -0400)
committerDavid S. Miller <davem@davemloft.net>
Mon, 13 Sep 2021 11:31:13 +0000 (12:31 +0100)
commit4d8d0f6a66885c002ee36b2ce8101f038a3d8fba
tree76e02db82c9f4632b82f1eacdd9984bf7ca9a02f
parent3e4be037cc789cd96df97316864d11fdc7441f6b
bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()

The call to bnxt_free_mem(..., false) in the bnxt_half_open_nic() error
path will deallocate ring descriptor memory via bnxt_free_?x_rings(),
but because irq_re_init is false, the ring info itself is not freed.

To simplify error paths, deallocation functions have generally been
written to be safe when called on unallocated memory. It should always
be safe to call dev_close(), which calls bnxt_free_skbs() a second time,
even in this semi- allocated ring state.

Calling bnxt_free_skbs() a second time with the rings already freed will
cause NULL pointer dereference.  Fix it by checking the rings are valid
before proceeding in bnxt_free_tx_skbs() and
bnxt_free_one_rx_ring_skbs().

Fixes: 8e82670db3d7 ("bnxt_en: Refactor bnxt_free_rx_skbs().")
Signed-off-by: Edwin Peer <edwin.peer@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/broadcom/bnxt/bnxt.c