3.16.44-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Feras Daoud <fera...@mellanox.com>
commit 89a3987ab7a923c047c6dec008e60ad6f41fac22 upstream.
The ipoib_vlan_add function calls rtnl_unlock after free_netdev,
rtnl_unlock not only releases the lock, but also calls netdev_run_todo.
The latter function browses the net_todo_list array and completes the
unregistration of all its net_device instances. If we call free_netdev
before rtnl_unlock, then netdev_run_todo call over the freed device causes
panic.
To fix, move rtnl_unlock call before free_netdev call.
Fixes: 9baa0b036410 ("IB/ipoib: Add rtnl_link_ops support")
Cc: Or Gerlitz <ogerl...@mellanox.com>
Signed-off-by: Feras Daoud <fera...@mellanox.com>
Signed-off-by: Erez Shitrit <ere...@mellanox.com>
Reviewed-by: Yuval Shaia <yuval.sh...@oracle.com>
Signed-off-by: Leon Romanovsky <l...@kernel.org>
Signed-off-by: Doug Ledford <dledf...@redhat.com>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -168,11 +168,11 @@ int ipoib_vlan_add(struct net_device *pd
out:
up_write(&ppriv->vlan_rwsem);
+ rtnl_unlock();
+
if (result)
free_netdev(priv->dev);
- rtnl_unlock();
-
return result;
}
