Received: by 10.213.65.68 with SMTP id h4csp534518imn; Tue, 13 Mar 2018 12:08:34 -0700 (PDT) X-Google-Smtp-Source: AG47ELsNXOSubXYUYUOCDpaGV3UAnKr9aWrVfZqNlxaG0lgFtlty+0hWQh4PrgkW2637RwpuZQrK X-Received: by 2002:a17:902:3183:: with SMTP id x3-v6mr1499068plb.383.1520968114595; Tue, 13 Mar 2018 12:08:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520968114; cv=none; d=google.com; s=arc-20160816; b=LpRRjbHR1xx6nN7C/NIXzLr0nGDD8gudLF8e8+/UPuQ8Lq2VE/Z6YVDeMrD9fE+6HJ GilTKffkczYCEv0AWcFE1mqGdmivXyhA23tltD6mYuaDm8hUGH9Z+cJ+x3ltB7gzdrRN BHWlG9/7Z7/qqTPlCwoYkw6MucNPNk9bNjRQqdC3jie8WaR6Joc4iizzP5k2JCpCwDYX Ud7KiYHkPmed2m4bDTzSEnjHI/syAguH1s1UmOyZG1N1Cq9To0Bz9OTiAQicr5lj0hkN eQsJBXKwrTFZu+2mnxcQQd65jXYVeGrzWFDhHhCkz2Kuk55O9RxT7QgxPaZeuwfs/3Y8 XQkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=hznBP/KqHqRC9fwFpAZpw1DRyO4+eA8HucBPtli/FqQ=; b=qvjSFf+RWSBpO8O2DSYP//onZBJU2AdbIZfHDzh88x/grirhOXjbm1KK/R2SyosF+U 6gkBn7ZQsJu4OOH+Tuym3vn14YsfPUGetDRkKBPe9foGB4SeJWX8vhwGW77bQOoyx0n/ CvF6TyKQ4MLvxfmluibdX6ph0u+1Xx0UCfXjtqKDdrkDgj+g13AuWYdsViqVoC+Fw8dS 4T3daJ10yuMyCa8gWjOB1KRJzfKO3AOkZO1vuthhjYveBXQmsOciB0ePznwy87D0QgAs jQspPq+p9avUhc1WMmAcC362/FG2KI1gFtSSjLTVTPfnIVqD5zdX0X/Bim0/2koxA6uV yNlQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 97-v6si569220plm.149.2018.03.13.12.08.19; Tue, 13 Mar 2018 12:08:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752631AbeCMTHP (ORCPT + 99 others); Tue, 13 Mar 2018 15:07:15 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:35424 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752164AbeCMTHM (ORCPT ); Tue, 13 Mar 2018 15:07:12 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1ACC8401DEA6; Tue, 13 Mar 2018 19:07:12 +0000 (UTC) Received: from mmorsy.remote.csb (ovpn-112-23.ams2.redhat.com [10.36.112.23]) by smtp.corp.redhat.com (Postfix) with ESMTP id 060EA2026DFD; Tue, 13 Mar 2018 19:07:09 +0000 (UTC) From: Mohammed Gamal To: netdev@vger.kernel.org, sthemmin@microsoft.com Cc: devel@linuxdriverproject.org, davem@davemloft.net, vkuznets@redhat.com, otubo@redhat.com, linux-kernel@vger.kernel.org, Mohammed Gamal Subject: [PATCH] hv_netvsc: Make sure out channel is fully opened on send Date: Tue, 13 Mar 2018 20:06:50 +0100 Message-Id: <1520968010-20733-1-git-send-email-mgamal@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Tue, 13 Mar 2018 19:07:12 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Tue, 13 Mar 2018 19:07:12 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mgamal@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dring high network traffic changes to network interface parameters such as number of channels or MTU can cause a kernel panic with a NULL pointer dereference. This is due to netvsc_device_remove() being called and deallocating the channel ring buffers, which can then be accessed by netvsc_send_pkt() before they're allocated on calling netvsc_device_add() The patch fixes this problem by checking the channel state and returning ENODEV if not yet opened. We also move the call to hv_ringbuf_avail_percent() which may access the uninitialized ring buffer. Signed-off-by: Mohammed Gamal --- drivers/net/hyperv/netvsc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c index 0265d70..44a8358 100644 --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -757,7 +757,7 @@ static inline int netvsc_send_pkt( struct netdev_queue *txq = netdev_get_tx_queue(ndev, packet->q_idx); u64 req_id; int ret; - u32 ring_avail = hv_ringbuf_avail_percent(&out_channel->outbound); + u32 ring_avail; nvmsg.hdr.msg_type = NVSP_MSG1_TYPE_SEND_RNDIS_PKT; if (skb) @@ -773,7 +773,7 @@ static inline int netvsc_send_pkt( req_id = (ulong)skb; - if (out_channel->rescind) + if (out_channel->rescind || out_channel->state != CHANNEL_OPENED_STATE) return -ENODEV; if (packet->page_buf_cnt) { @@ -791,6 +791,7 @@ static inline int netvsc_send_pkt( VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); } + ring_avail = hv_ringbuf_avail_percent(&out_channel->outbound); if (ret == 0) { atomic_inc_return(&nvchan->queue_sends); -- 1.8.3.1