nfp: move indirect block cleanup to flower app stop callback
authorSimon Horman <simon.horman@netronome.com>
Wed, 16 Dec 2020 14:57:01 +0000 (15:57 +0100)
committerJakub Kicinski <kuba@kernel.org>
Thu, 17 Dec 2020 18:57:57 +0000 (10:57 -0800)
The indirect block cleanup may cause control messages to be sent
if offloaded flows are present. However, by the time the flower app
cleanup callback is called txbufs are no longer available and attempts
to send control messages result in a NULL-pointer dereference in
nfp_ctrl_tx_one().

This problem may be resolved by moving the indirect block cleanup
to the stop callback, where txbufs are still available.

As suggested by Jakub Kicinski and Louis Peens.

Fixes: a1db217861f3 ("net: flow_offload: fix flow_indr_dev_unregister path")
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Louis Peens <louis.peens@netronome.com>
Link: https://lore.kernel.org/r/20201216145701.30005-1-simon.horman@netronome.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
drivers/net/ethernet/netronome/nfp/flower/main.c

index bb448c82cdc28addec5d7224d321508ca97303dc..c029950a81e202230ea8b8b4e427bf018643c258 100644 (file)
@@ -860,9 +860,6 @@ static void nfp_flower_clean(struct nfp_app *app)
        skb_queue_purge(&app_priv->cmsg_skbs_low);
        flush_work(&app_priv->cmsg_work);
 
-       flow_indr_dev_unregister(nfp_flower_indr_setup_tc_cb, app,
-                                nfp_flower_setup_indr_tc_release);
-
        if (app_priv->flower_ext_feats & NFP_FL_FEATS_VF_RLIM)
                nfp_flower_qos_cleanup(app);
 
@@ -951,6 +948,9 @@ static int nfp_flower_start(struct nfp_app *app)
 static void nfp_flower_stop(struct nfp_app *app)
 {
        nfp_tunnel_config_stop(app);
+
+       flow_indr_dev_unregister(nfp_flower_indr_setup_tc_cb, app,
+                                nfp_flower_setup_indr_tc_release);
 }
 
 static int