[ 094/184] tg3: Avoid null pointer dereference in tg3_interrupt

From: Willy Tarreau
Date: Tue Jun 04 2013 - 19:07:42 EST


2.6.32-longterm review patch. If anyone has any objections, please let me know.

------------------
in netconsole mode

From: Nithin Nayak Sujir <nsujir@xxxxxxxxxxxx>

[ Upstream commit 9c13cb8bb477a83b9a3c9e5a5478a4e21294a760 ]

When netconsole is enabled, logging messages generated during tg3_open
can result in a null pointer dereference for the uninitialized tg3
status block. Use the irq_sync flag to disable polling in the early
stages. irq_sync is cleared when the driver is enabling interrupts after
all initialization is completed.

Signed-off-by: Nithin Nayak Sujir <nsujir@xxxxxxxxxxxx>
Signed-off-by: Michael Chan <mchan@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Willy Tarreau <w@xxxxxx>
---
drivers/net/tg3.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c
index fd6622c..89aa69c 100644
--- a/drivers/net/tg3.c
+++ b/drivers/net/tg3.c
@@ -4994,6 +4994,9 @@ static void tg3_poll_controller(struct net_device *dev)
int i;
struct tg3 *tp = netdev_priv(dev);

+ if (tg3_irq_sync(tp))
+ return;
+
for (i = 0; i < tp->irq_cnt; i++)
tg3_interrupt(tp->napi[i].irq_vec, &tp->napi[i]);
}
@@ -13888,6 +13891,7 @@ static int __devinit tg3_init_one(struct pci_dev *pdev,
tp->pm_cap = pm_cap;
tp->rx_mode = TG3_DEF_RX_MODE;
tp->tx_mode = TG3_DEF_TX_MODE;
+ tp->irq_sync = 1;

if (tg3_debug > 0)
tp->msg_enable = tg3_debug;
--
1.7.12.2.21.g234cd45.dirty



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/