linux-sg2042/drivers/net
Milton Miller 1b0ff89852 tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
While the driver is probing the adapter, an error may occur before the
netdev structure is allocated and attached to pci_dev. In this case,
not only netdev isn't available, but the tg3 private structure is also
not available as it is just math from the NULL pointer, so dereferences
must be skipped.

The following trace is seen when the error is triggered:

  [1.402247] Unable to handle kernel paging request for data at address 0x00001a99
  [1.402410] Faulting instruction address: 0xc0000000007e33f8
  [1.402450] Oops: Kernel access of bad area, sig: 11 [#1]
  [1.402481] SMP NR_CPUS=2048 NUMA PowerNV
  [1.402513] Modules linked in:
  [1.402545] CPU: 0 PID: 651 Comm: eehd Not tainted 4.4.0-36-generic #55-Ubuntu
  [1.402591] task: c000001fe4e42a20 ti: c000001fe4e88000 task.ti: c000001fe4e88000
  [1.402742] NIP: c0000000007e33f8 LR: c0000000007e3164 CTR: c000000000595ea0
  [1.402787] REGS: c000001fe4e8b790 TRAP: 0300   Not tainted  (4.4.0-36-generic)
  [1.402832] MSR: 9000000100009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 28000422  XER: 20000000
  [1.403058] CFAR: c000000000008468 DAR: 0000000000001a99 DSISR: 42000000 SOFTE: 1
  GPR00: c0000000007e3164 c000001fe4e8ba10 c0000000015c5e00 0000000000000000
  GPR04: 0000000000000001 0000000000000000 0000000000000039 0000000000000299
  GPR08: 0000000000000000 0000000000000001 c000001fe4e88000 0000000000000006
  GPR12: 0000000000000000 c00000000fb40000 c0000000000e6558 c000003ca1bffd00
  GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000000d52768
  GPR24: c000000000d52740 0000000000000100 c000003ca1b52000 0000000000000002
  GPR28: 0000000000000900 0000000000000000 c00000000152a0c0 c000003ca1b52000
  [1.404226] NIP [c0000000007e33f8] tg3_io_error_detected+0x308/0x340
  [1.404265] LR [c0000000007e3164] tg3_io_error_detected+0x74/0x340

This patch avoids the NULL pointer dereference by moving the access after
the netdev NULL pointer check on tg3_io_error_detected(). Also, we add a
check for netdev being NULL on tg3_io_resume() [suggested by Michael Chan].

Fixes: 0486a063b1 ("tg3: prevent ifup/ifdown during PCI error recovery")
Fixes: dfc8f37031 ("net/tg3: Release IRQs on permanent error")
Tested-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Acked-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30 01:27:27 -04:00
..
appletalk treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
arcnet
bonding bonding: Fix bonding crash 2016-09-04 11:41:12 -07:00
caif virtio/vhost: new features for 4.8 2016-08-06 09:20:13 -04:00
can can: dev: fix deadlock reported after bus-off 2016-09-22 10:01:21 +02:00
cris treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
dsa net: dsa: bcm_sf2: Fix race condition while unmasking interrupts 2016-08-25 16:49:25 -07:00
ethernet tg3: Avoid NULL pointer dereference in tg3_io_error_detected() 2016-09-30 01:27:27 -04:00
fddi net: skfb: remove obsolete -I cflag 2016-06-15 22:06:06 -07:00
fjes net: fjes: fjes_main: Remove create_workqueue 2016-06-03 19:29:42 -04:00
hamradio hamradio: baycom: fix old-style declaration 2016-06-16 22:06:30 -07:00
hippi
hyperv hv_netvsc: fix bonding devices check in netvsc_netdev_event() 2016-08-15 13:48:07 -07:00
ieee802154 mrf24j40: avoid uninitialized byte in SPI transfer to radio. 2016-07-12 11:54:53 +02:00
ipvlan ipvlan: Scrub skb before crossing the namespace boundry 2016-07-25 21:47:26 -07:00
irda net: irda: avoid null pointer dereference 2016-05-19 11:30:57 -07:00
phy drivers: net: phy: xgene: Fix 'remove' function 2016-09-13 12:04:11 -04:00
plip
ppp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
slip treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
team team: loadbalance: push lacpdus to exact delivery 2016-08-26 13:08:59 -07:00
usb r8152: disable ALDPS and EEE before setting PHY 2016-09-21 00:53:47 -04:00
vmxnet3 vmxnet3: fix tx data ring copy for variable size 2016-08-19 22:44:22 -07:00
wan wan/fsl_ucc_hdlc: avoid possible NULL pointer dereference 2016-08-01 13:32:52 -07:00
wimax treewide: replace dev->trans_start update with helper 2016-05-04 14:16:49 -04:00
wireless * fix to prevent firmware crash when sending off-channel frames 2016-09-17 17:06:22 +03:00
xen-netback xen-netback: fix error handling on netback_probe() 2016-09-17 09:56:02 -04:00
Kconfig gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U) 2016-05-10 12:25:04 -04:00
LICENSE.SRC
Makefile gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U) 2016-05-10 12:25:04 -04:00
Space.c net: Fix coding style warnings and errors. 2016-05-19 11:48:27 -07:00
dummy.c
eql.c
geneve.c drivers/net: fixup comments after "Future-proof tunnel offload handlers" 2016-07-11 13:42:11 -07:00
gtp.c gtp: remove unused including <linux/version.h> 2016-06-17 22:28:49 -07:00
ifb.c ifb: support more features 2016-05-09 00:00:28 -04:00
loopback.c loopback: make use of NETIF_F_GSO_SOFTWARE 2016-06-03 19:37:21 -04:00
macsec.c net: remove type_check from dev_get_nest_level() 2016-08-13 15:15:54 -07:00
macvlan.c net: remove type_check from dev_get_nest_level() 2016-08-13 15:15:54 -07:00
macvtap.c macvtap: fix use after free for skb_array during release 2016-08-11 09:55:51 -07:00
mdio.c
mii.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
sungem_phy.c
tun.c tun: fix transmit timestamp support 2016-08-23 23:09:27 -07:00
veth.c
virtio_net.c virtio-net: Remove more stack DMA 2016-07-19 19:25:43 -07:00
vrf.c net: vrf: Add support for PREROUTING rules on vrf device 2016-07-05 11:50:05 -07:00
vxlan.c vxlan: fix duplicated and wrong error messages 2016-09-04 11:42:56 -07:00
xen-netfront.c