[PATCH 4.9 18/72] igb: close/suspend race in netif_device_detach

From: Greg Kroah-Hartman
Date: Sun Nov 19 2017 - 09:39:55 EST


4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Todd Fujinaka <todd.fujinaka@xxxxxxxxx>


[ Upstream commit 9474933caf21a4cb5147223dca1551f527aaac36 ]

Similar to ixgbe, when an interface is part of a namespace it is
possible that igb_close() may be called while __igb_shutdown() is
running which ends up in a double free WARN and/or a BUG in
free_msi_irqs().

Extend the rtnl_lock() to protect the call to netif_device_detach() and
igb_clear_interrupt_scheme() in __igb_shutdown() and check for
netif_device_present() to avoid calling igb_clear_interrupt_scheme() a
second time in igb_close().

Also extend the rtnl lock in igb_resume() to netif_device_attach().

Signed-off-by: Todd Fujinaka <todd.fujinaka@xxxxxxxxx>
Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxx>
Tested-by: Aaron Brown <aaron.f.brown@xxxxxxxxx>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/ethernet/intel/igb/igb_main.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)

--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -3271,7 +3271,9 @@ static int __igb_close(struct net_device

int igb_close(struct net_device *netdev)
{
- return __igb_close(netdev, false);
+ if (netif_device_present(netdev))
+ return __igb_close(netdev, false);
+ return 0;
}

/**
@@ -7548,6 +7550,7 @@ static int __igb_shutdown(struct pci_dev
int retval = 0;
#endif

+ rtnl_lock();
netif_device_detach(netdev);

if (netif_running(netdev))
@@ -7556,6 +7559,7 @@ static int __igb_shutdown(struct pci_dev
igb_ptp_suspend(adapter);

igb_clear_interrupt_scheme(adapter);
+ rtnl_unlock();

#ifdef CONFIG_PM
retval = pci_save_state(pdev);
@@ -7674,16 +7678,15 @@ static int igb_resume(struct device *dev

wr32(E1000_WUS, ~0);

- if (netdev->flags & IFF_UP) {
- rtnl_lock();
+ rtnl_lock();
+ if (!err && netif_running(netdev))
err = __igb_open(netdev, true);
- rtnl_unlock();
- if (err)
- return err;
- }

- netif_device_attach(netdev);
- return 0;
+ if (!err)
+ netif_device_attach(netdev);
+ rtnl_unlock();
+
+ return err;
}

static int igb_runtime_idle(struct device *dev)