Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp974110imm; Wed, 26 Sep 2018 09:35:18 -0700 (PDT) X-Google-Smtp-Source: ACcGV63waYZKKJoNQm/OSdL6VBfFJXAbQ6pDfnCJuaZm2lE/BvNXjyT+7RH5394UNEZ4UliBcpK/ X-Received: by 2002:a63:5816:: with SMTP id m22-v6mr6388040pgb.332.1537979718042; Wed, 26 Sep 2018 09:35:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537979718; cv=none; d=google.com; s=arc-20160816; b=xqaalXFgC3HeNoTxG8RjZLNa2YdwU8Hc8znShSvVJcZPVAv5xmxK95pDg2k2XzqHfU /vZKBHiLKF5lTziVgf4rOVqIOH5BD0+eAtkEHecqixhWUHDU5urzLGwX9VGvgZ4ZRX2A husKFGjqfs7dLlSNf/Lw9ZFNUR7tO4h6RVhFL4IuoKHYR48wDoiaeu5ovSKqqgxSC7mT 8e2gmdjWPc9UwrwIXIrRE2QThpWvUdBKQxooszR9wP6vezVaODY1cmvg+sX66fOU03wl qB/Dhr5oePOotEE+hPLxzJEOjv1uyJQoa+QcNFZUq/tb+A8qDj4ZokyCatvyi/tjgoZD UjJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=zHAaW7g22eEKSC34gt9IFnYHnsJUywmAF3MNTL2h0xQ=; b=jLg0zbU7wbqr85nz1yPHh9SuF8Yne9QaO9p3qizYzghWl57vCoBaBCg3TxaTL3bUEW PpnyfyV2EDZ3ebu7jo0Phww5uWq/7s/2ii3g74H1q5Vs45cWCTNOtvg+dOpsWLH/Xzr1 t9m0fdlHKx5Fyypzv8FY1b9CaA8NnOkTwMmAnjIA6tiTIFQ4pl0XNO+rPtGULd3d3Y3U h/Rr1V1d6Sbw4FHIWMbpWbaGDjCjXsQ3LnPqf0VtQphRO1dSDRDhQliD0hh3ZOvC9fGI +6e/WsnPYk6dNZhndjsM9ahM0jW/j2qka3/m2ilW83zjbFKBPE+bjKTZU5HyAES8v27V +W1g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y13-v6si5861031pll.193.2018.09.26.09.35.02; Wed, 26 Sep 2018 09:35:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729159AbeIZWsW (ORCPT + 99 others); Wed, 26 Sep 2018 18:48:22 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41610 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728241AbeIZWsW (ORCPT ); Wed, 26 Sep 2018 18:48:22 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 44BB7308214B; Wed, 26 Sep 2018 16:34:37 +0000 (UTC) Received: from mmorsy.remote.csb (unknown [10.36.112.11]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3E40410694C6; Wed, 26 Sep 2018 16:34:27 +0000 (UTC) From: Mohammed Gamal To: sthemmin@microsoft.com, netdev@vger.kernel.org Cc: kys@microsoft.com, haiyangz@microsoft.com, vkuznets@redhat.com, otubo@redhat.com, cavery@redhat.com, linux-kernel@vger.kernel.org, devel@linuxdriverproject.org, Mohammed Gamal Subject: [PATCH] hv_netvsc: Make sure out channel is fully opened on send Date: Wed, 26 Sep 2018 18:34:19 +0200 Message-Id: <1537979659-26979-1-git-send-email-mgamal@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Wed, 26 Sep 2018 16:34:37 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dring high network traffic changes to network interface parameters such as number of channels or MTU can cause a kernel panic with a NULL pointer dereference. This is due to netvsc_device_remove() being called and deallocating the channel ring buffers, which can then be accessed by netvsc_send_pkt() before they're allocated on calling netvsc_device_add() The patch fixes this problem by checking the channel state and returning ENODEV if not yet opened. We also move the call to hv_ringbuf_avail_percent() which may access the uninitialized ring buffer. Signed-off-by: Mohammed Gamal --- drivers/net/hyperv/netvsc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c index fe01e14..75f1b31 100644 --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -825,7 +825,12 @@ static inline int netvsc_send_pkt( struct netdev_queue *txq = netdev_get_tx_queue(ndev, packet->q_idx); u64 req_id; int ret; - u32 ring_avail = hv_get_avail_to_write_percent(&out_channel->outbound); + u32 ring_avail; + + if (out_channel->state != CHANNEL_OPENED_STATE) + return -ENODEV; + + ring_avail = hv_get_avail_to_write_percent(&out_channel->outbound); nvmsg.hdr.msg_type = NVSP_MSG1_TYPE_SEND_RNDIS_PKT; if (skb) -- 1.8.3.1