lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20110716.101345.747267784735513635.davem@davemloft.net>
Date:	Sat, 16 Jul 2011 10:13:45 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	mchan@...adcom.com
Cc:	netdev@...r.kernel.org, fbl@...hat.com
Subject: Re: [PATCH net-next] bnx2: Close device if tx_timeout reset fails

From: "Michael Chan" <mchan@...adcom.com>
Date: Fri, 15 Jul 2011 09:53:58 -0700

> Based on original patch and description from Flavio Leitner <fbl@...hat.com>
> 
> When bnx2_reset_task() is called, it will stop,
> (re)initialize and start the interface to restore
> the working condition.
> 
> The bnx2_init_nic() calls bnx2_reset_nic() which will
> reset the chip and then calls bnx2_free_skbs() to free
> all the skbs.
> 
> The problem happens when bnx2_init_chip() fails because
> bnx2_reset_nic() will just return skipping the ring
> initializations at bnx2_init_all_rings(). Later, the
> reset task starts the interface again and the system
> crashes due a NULL pointer access (no skb in the ring).
> 
> To fix it, we call dev_close() if bnx2_init_nic() fails.
> One minor wrinkle to deal with is the cancel_work_sync()
> call in bnx2_close() to cancel bnx2_reset_task().  The
> call will wait forever because it is trying to cancel
> itself and the workqueue will be stuck.
> 
> Since bnx2_reset_task() holds the rtnl_lock() and checks
> for netif_running() before proceeding, there is no need
> to cancel bnx2_reset_task() in bnx2_close() even if
> bnx2_close() and bnx2_reset_task() are running concurrently.
> The rtnl_lock() serializes the 2 calls.
> 
> We need to move the cancel_work_sync() call to
> bnx2_remove_one() to make sure it is canceled before freeing
> the netdev struct.
> 
> Signed-off-by: Michael Chan <mchan@...adcom.com>
> Signed-off-by: Matt Carlson <mcarlson@...adcom.com>

Applied, thanks everyone.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists