From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Bo Chen <chenbo@pdx.edu>,
Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.14 11/25] e1000: check on netif_running() before calling e1000_up()
Date: Thu, 20 Sep 2018 02:48:22 +0000 [thread overview]
Message-ID: <20180920024810.58594-11-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180920024810.58594-1-alexander.levin@microsoft.com>
From: Bo Chen <chenbo@pdx.edu>
[ Upstream commit cf1acec008f8d7761aa3fd7c4bca7e17b2d2512d ]
When the device is not up, the call to 'e1000_up()' from the error handling path
of 'e1000_set_ringparam()' causes a kernel oops with a null-pointer
dereference. The null-pointer dereference is triggered in function
'e1000_alloc_rx_buffers()' at line 'buffer_info = &rx_ring->buffer_info[i]'.
This bug was reported by COD, a tool for testing kernel module binaries I am
building. This bug was also detected by KFI from Dr. Kai Cong.
This patch fixes the bug by checking on 'netif_running()' before calling
'e1000_up()' in 'e1000_set_ringparam()'.
Signed-off-by: Bo Chen <chenbo@pdx.edu>
Acked-by: Alexander Duyck <alexander.h.duyck@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
index 3b3983a1ffbb..d44d3643677d 100644
--- a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
+++ b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
@@ -664,7 +664,8 @@ static int e1000_set_ringparam(struct net_device *netdev,
err_alloc_rx:
kfree(txdr);
err_alloc_tx:
- e1000_up(adapter);
+ if (netif_running(adapter->netdev))
+ e1000_up(adapter);
err_setup:
clear_bit(__E1000_RESETTING, &adapter->flags);
return err;
--
2.17.1
next prev parent reply other threads:[~2018-09-20 2:49 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-20 2:48 [PATCH AUTOSEL 4.14 01/25] qed: Wait for ready indication before rereading the shmem Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 02/25] qed: Wait for MCP halt and resume commands to take place Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 03/25] qed: Prevent a possible deadlock during driver load and unload Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 05/25] thermal: of-thermal: disable passive polling when thermal zone is disabled Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 04/25] qed: Avoid sending mailbox commands when MFW is not responsive Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 06/25] isofs: reject hardware sector size > 2048 bytes Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 07/25] tls: possible hang when do_tcp_sendpages hits sndbuf is full case Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 08/25] bpf: sockmap: write_space events need to be passed to TCP handler Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 09/25] net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 10/25] net: hns: fix skb->truesize underestimation Sasha Levin
2018-09-20 2:48 ` Sasha Levin [this message]
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 12/25] e1000: ensure to free old tx/rx rings in set_ringparam() Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 13/25] crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 14/25] hwmon: (ina2xx) fix sysfs shunt resistor read access Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 15/25] hwmon: (adt7475) Make adt7475_read_word() return errors Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 16/25] Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 17/25] drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 18/25] drm/amdgpu: Update power state at the end of smu hw_init Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 19/25] ata: ftide010: Add a quirk for SQ201 Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 20/25] nvme-fcloop: Fix dropped LS's to removed target port Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 21/25] ARM: dts: omap4-droid4: Fix emmc errors seen on some devices Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 22/25] arm/arm64: smccc-1.1: Make return values unsigned long Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 24/25] i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 23/25] arm/arm64: smccc-1.1: Handle function result as parameters Sasha Levin
2018-09-20 2:48 ` [PATCH AUTOSEL 4.14 25/25] x86/pti: Fix section mismatch warning/error Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180920024810.58594-11-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=chenbo@pdx.edu \
--cc=jeffrey.t.kirsher@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).