• Francesco Ruggeri's avatar
    igb: reinit_locked() should be called with rtnl_lock · 0adedbf7
    Francesco Ruggeri authored
    [ Upstream commit 024a8168 ]
    
    We observed two panics involving races with igb_reset_task.
    The first panic is caused by this race condition:
    
    	kworker			reboot -f
    
    	igb_reset_task
    	igb_reinit_locked
    	igb_down
    	napi_synchronize
    				__igb_shutdown
    				igb_clear_interrupt_scheme
    				igb_free_q_vectors
    				igb_free_q_vector
    				adapter->q_vector[v_idx] = NULL;
    	napi_disable
    	Panics trying to access
    	adapter->q_vector[v_idx].napi_state
    
    The second panic (a divide error) is caused by this race:
    
    kworker		reboot -f	tx packet
    
    igb_reset_task
    		__igb_shutdown
    		rtnl_lock()
    		...
    		igb_clear_interrupt_scheme
    		igb_free_q_vectors
    		adapter->num_tx_queues = 0
    		...
    		rtnl_unlock()
    rtnl_lock()
    igb_reinit_locked
    igb_down
    igb_up
    netif_tx_start_all_queues
    				dev_hard_start_xmit
    				igb_xmit_frame
    				igb_tx_queue_mapping
    				Panics on
    				r_idx % adapter->num_tx_queues
    
    This commit applies to igb_reset_task the same changes that
    were applied to ixgbe in commit 2f90b865 ("ixgbe: this patch
    adds support for DCB to the kernel and ixgbe driver"),
    commit 8f4c5c9f ("ixgbe: reinit_locked() should be called with
    rtnl_lock") and commit 88adce4e ("ixgbe: fix possible race in
    reset subtask").
    Signed-off-by: default avatarFrancesco Ruggeri <fruggeri@arista.com>
    Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
    Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    0adedbf7
igb_main.c 257 KB