Message ID | 20180723160130.8911-1-jeffrey.t.kirsher@intel.com |
---|---|
State | Accepted |
Delegated to: | Jeff Kirsher |
Headers | show |
Series | e1000: check on netif_running() before calling e1000_up() | expand |
> From: Intel-wired-lan [mailto:intel-wired-lan-bounces@osuosl.org] On > Behalf Of Jeff Kirsher > Sent: Monday, July 23, 2018 9:01 AM > To: intel-wired-lan@lists.osuosl.org > Cc: Bo Chen <chenbo@pdx.edu> > Subject: [Intel-wired-lan] e1000: check on netif_running() before calling > e1000_up() > > From: Bo Chen <chenbo@pdx.edu> > > When the device is not up, the call to 'e1000_up()' from the error handling > path > of 'e1000_set_ringparam()' causes a kernel oops with a null-pointer > dereference. The null-pointer dereference is triggered in function > 'e1000_alloc_rx_buffers()' at line 'buffer_info = &rx_ring->buffer_info[i]'. > > This bug was reported by COD, a tool for testing kernel module binaries I am > building. This bug was also detected by KFI from Dr. Kai Cong. > > This patch fixes the bug by checking on 'netif_running()' before calling > 'e1000_up()' in 'e1000_set_ringparam()'. > > Signed-off-by: Bo Chen <chenbo@pdx.edu> > Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> > --- > drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Tested-by: Aaron Brown <aaron.f.brown@intel.com>
diff --git a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c index bdb3f8e65ed4..c1e4e94f100f 100644 --- a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c +++ b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c @@ -644,7 +644,8 @@ static int e1000_set_ringparam(struct net_device *netdev, err_alloc_rx: kfree(txdr); err_alloc_tx: - e1000_up(adapter); + if (netif_running(adapter->netdev)) + e1000_up(adapter); err_setup: clear_bit(__E1000_RESETTING, &adapter->flags); return err;