> -----Original Message-----
> From: Intel-wired-lan <[email protected]> On Behalf
> Of Larysa Zaremba
> Sent: Thursday, April 10, 2025 1:52 PM
> To: [email protected]; Nguyen, Anthony L
> <[email protected]>
> Cc: Zaremba, Larysa <[email protected]>; Michal Swiatkowski
> <[email protected]>; Tantilov, Emil S
> <[email protected]>; Chittim, Madhu <[email protected]>;
> Hay, Joshua A <[email protected]>; Kubiak, Michal
> <[email protected]>; Kitszel, Przemyslaw
> <[email protected]>; Andrew Lunn <[email protected]>;
> David S. Miller <[email protected]>; Dumazet, Eric
> <[email protected]>; Jakub Kicinski <[email protected]>; Paolo Abeni
> <[email protected]>; Simon Horman <[email protected]>;
> [email protected]; [email protected]
> Subject: [Intel-wired-lan] [PATCH iwl-net] idpf: protect shutdown from
> reset
>
> Before the referenced commit, the shutdown just called idpf_remove(),
> this way IDPF_REMOVE_IN_PROG was protecting us from the serv_task
> rescheduling reset. Without this flag set the shutdown process is
> vulnerable to HW reset or any other triggering conditions (such as
> default mailbox being destroyed).
>
> When one of conditions checked in idpf_service_task becomes true,
> vc_event_task can be rescheduled during shutdown, this leads to
> accessing freed memory e.g. idpf_req_rel_vector_indexes() trying to
> read
> vport->q_vector_idxs. This in turn causes the system to become defunct
> during e.g. systemctl kexec.
>
> Considering using IDPF_REMOVE_IN_PROG would lead to more heavy
> shutdown process, instead just cancel the serv_task before cancelling
> adapter->serv_task before cancelling adapter->vc_event_task to ensure
> adapter->that
> reset will not be scheduled while we are doing a shutdown.
>
> Fixes: 4c9106f4906a ("idpf: fix adapter NULL pointer dereference on
> reboot")
> Reviewed-by: Michal Swiatkowski <[email protected]>
> Signed-off-by: Larysa Zaremba <[email protected]>
> ---
> drivers/net/ethernet/intel/idpf/idpf_main.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/ethernet/intel/idpf/idpf_main.c
> b/drivers/net/ethernet/intel/idpf/idpf_main.c
> index bec4a02c5373..b35713036a54 100644
> --- a/drivers/net/ethernet/intel/idpf/idpf_main.c
> +++ b/drivers/net/ethernet/intel/idpf/idpf_main.c
> @@ -89,6 +89,7 @@ static void idpf_shutdown(struct pci_dev *pdev) {
> struct idpf_adapter *adapter = pci_get_drvdata(pdev);
>
> + cancel_delayed_work_sync(&adapter->serv_task);
> cancel_delayed_work_sync(&adapter->vc_event_task);
> idpf_vc_core_deinit(adapter);
> idpf_deinit_dflt_mbx(adapter);
> --
> 2.47.0
Reviewed-by: Aleksandr Loktionov <[email protected]>
