Commit 9281cf2d authored by Dany Madden's avatar Dany Madden Committed by Jakub Kicinski
Browse files

ibmvnic: avoid memset null scrq msgs 



scrq->msgs could be NULL during device reset, causing Linux to crash.
So, check before memset scrq->msgs.

Fixes: c8b2ad0a ("ibmvnic: Sanitize entire SCRQ buffer on reset")
Signed-off-by: default avatarDany Madden <drt@linux.ibm.com>
Signed-off-by: default avatarLijun Pan <ljp@linux.ibm.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 18f141bf

drivers/net/ethernet/ibm/ibmvnic.c

+15 −4
Original line number Diff line number Diff line
@@ -2844,15 +2844,26 @@ static int reset_one_sub_crq_queue(struct ibmvnic_adapter *adapter, 
{

	int rc;



	if (!scrq) {

		netdev_dbg(adapter->netdev,

			   "Invalid scrq reset. irq (%d) or msgs (%p).\n",

			   scrq->irq, scrq->msgs);

		return -EINVAL;

	}



	if (scrq->irq) {

		free_irq(scrq->irq, scrq);

		irq_dispose_mapping(scrq->irq);

		scrq->irq = 0;

	}



	if (scrq->msgs) {

		memset(scrq->msgs, 0, 4 * PAGE_SIZE);

		atomic_set(&scrq->used, 0);

		scrq->cur = 0;

	} else {

		netdev_dbg(adapter->netdev, "Invalid scrq reset\n");

		return -EINVAL;

	}



	rc = h_reg_sub_crq(adapter->vdev->unit_address, scrq->msg_token,

			   4 * PAGE_SIZE, &scrq->crq_num, &scrq->hw_irq);