ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues
adapter->tx_scrq and adapter->rx_scrq could be NULL if the previous reset
did not complete after freeing sub crqs. Check for NULL before
dereferencing them.
Snippet of call trace:
ibmvnic
30000006 env6: Releasing sub-CRQ
ibmvnic
30000006 env6: Releasing CRQ
...
ibmvnic
30000006 env6: Got Control IP offload Response
ibmvnic
30000006 env6: Re-setting tx_scrq[0]
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc008000003dea7cc
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: rpadlpar_io rpaphp xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables xsk_diag tcp_diag udp_diag raw_diag inet_diag unix_diag af_packet_diag netlink_diag tun bridge stp llc rfkill sunrpc pseries_rng xts vmx_crypto uio_pdrv_genirq uio binfmt_misc ip_tables xfs libcrc32c sd_mod t10_pi sg ibmvscsi ibmvnic ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod
CPU: 80 PID: 1856 Comm: kworker/80:2 Tainted: G W 5.8.0+ #4
Workqueue: events __ibmvnic_reset [ibmvnic]
NIP:
c008000003dea7cc LR:
c008000003dea7bc CTR:
0000000000000000
REGS:
c0000007ef7db860 TRAP: 0380 Tainted: G W (5.8.0+)
MSR:
800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR:
28002422 XER:
0000000d
CFAR:
c000000000bd9520 IRQMASK: 0
GPR00:
c008000003dea7bc c0000007ef7dbaf0 c008000003df7400 c0000007fa26ec00
GPR04:
c0000007fcd0d008 c0000007fcd96350 0000000000000027 c0000007fcd0d010
GPR08:
0000000000000023 0000000000000000 0000000000000000 0000000000000000
GPR12:
0000000000002000 c00000001ec18e00 c0000000001982f8 c0000007bad6e840
GPR16:
0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20:
0000000000000000 0000000000000000 0000000000000000 fffffffffffffef7
GPR24:
0000000000000402 c0000007fa26f3a8 0000000000000003 c00000016f8ec048
GPR28:
0000000000000000 0000000000000000 0000000000000000 c0000007fa26ec00
NIP [
c008000003dea7cc] ibmvnic_reset_init+0x15c/0x258 [ibmvnic]
LR [
c008000003dea7bc] ibmvnic_reset_init+0x14c/0x258 [ibmvnic]
Call Trace:
[
c0000007ef7dbaf0] [
c008000003dea7bc] ibmvnic_reset_init+0x14c/0x258 [ibmvnic] (unreliable)
[
c0000007ef7dbb80] [
c008000003de8860] __ibmvnic_reset+0x408/0x970 [ibmvnic]
[
c0000007ef7dbc50] [
c00000000018b7cc] process_one_work+0x2cc/0x800
[
c0000007ef7dbd20] [
c00000000018bd78] worker_thread+0x78/0x520
[
c0000007ef7dbdb0] [
c0000000001984c4] kthread+0x1d4/0x1e0
[
c0000007ef7dbe20] [
c00000000000cea8] ret_from_kernel_thread+0x5c/0x74
Fixes: 57a49436f4e8 ("ibmvnic: Reset sub-crqs during driver reset")
Signed-off-by: Lijun Pan <ljp@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>