On 4/10/2025 4:52 AM, Larysa Zaremba wrote:
> Before the referenced commit, the shutdown just called idpf_remove(),
> this way IDPF_REMOVE_IN_PROG was protecting us from the serv_task
> rescheduling reset. Without this flag set the shutdown process is
> vulnerable to HW reset or any other triggering conditions (such as
> default mailbox being destroyed).
>
> When one of conditions checked in idpf_service_task becomes true,
> vc_event_task can be rescheduled during shutdown, this leads to accessing
> freed memory e.g. idpf_req_rel_vector_indexes() trying to read
> vport->q_vector_idxs. This in turn causes the system to become defunct
> during e.g. systemctl kexec.
>
> Considering using IDPF_REMOVE_IN_PROG would lead to more heavy shutdown
> process, instead just cancel the serv_task before cancelling
> adapter->serv_task before cancelling adapter->vc_event_task to ensure that
> reset will not be scheduled while we are doing a shutdown.
>
> Fixes: 4c9106f4906a ("idpf: fix adapter NULL pointer dereference on reboot")
> Reviewed-by: Michal Swiatkowski <[email protected]>
> Signed-off-by: Larysa Zaremba <[email protected]>
> ---Reviewed-by: Jacob Keller <[email protected]> > drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/ethernet/intel/idpf/idpf_main.c > b/drivers/net/ethernet/intel/idpf/idpf_main.c > index bec4a02c5373..b35713036a54 100644 > --- a/drivers/net/ethernet/intel/idpf/idpf_main.c > +++ b/drivers/net/ethernet/intel/idpf/idpf_main.c > @@ -89,6 +89,7 @@ static void idpf_shutdown(struct pci_dev *pdev) > { > struct idpf_adapter *adapter = pci_get_drvdata(pdev); > > + cancel_delayed_work_sync(&adapter->serv_task); > cancel_delayed_work_sync(&adapter->vc_event_task); > idpf_vc_core_deinit(adapter); > idpf_deinit_dflt_mbx(adapter);
OpenPGP_signature.asc
Description: OpenPGP digital signature
