cxgb4/cxgb4vf: Fix mac_hlist initialization and free

Null pointer dereference seen when cxgb4vf driver is unloaded
without bringing up any interfaces, moving mac_hlist initialization
to driver probe and free the mac_hlist in remove to fix the issue.

Fixes: 24357e06ba51 ("cxgb4vf: fix memleak in mac_hlist initialization")
Signed-off-by: Arjun Vynipadath <arjun@chelsio.com>
Signed-off-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 649bf7c..4fbe04d 100644 (file)
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -2280,8 +2280,6 @@ static int cxgb_up(struct adapter *adap)
 #if IS_ENABLED(CONFIG_IPV6)
        update_clip(adap);
 #endif
-       /* Initialize hash mac addr list*/
-       INIT_LIST_HEAD(&adap->mac_hlist);
        return err;
 
  irq_err:
@@ -2295,8 +2293,6 @@ static int cxgb_up(struct adapter *adap)
 
 static void cxgb_down(struct adapter *adapter)
 {
-       struct hash_mac_addr *entry, *tmp;
-
        cancel_work_sync(&adapter->tid_release_task);
        cancel_work_sync(&adapter->db_full_task);
        cancel_work_sync(&adapter->db_drop_task);
@@ -2306,11 +2302,6 @@ static void cxgb_down(struct adapter *adapter)
        t4_sge_stop(adapter);
        t4_free_sge_resources(adapter);
 
-       list_for_each_entry_safe(entry, tmp, &adapter->mac_hlist, list) {
-               list_del(&entry->list);
-               kfree(entry);
-       }
-
        adapter->flags &= ~FULL_INIT_DONE;
 }
 
@@ -5629,6 +5620,9 @@ static int init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
                             (is_t5(adapter->params.chip) ? STATMODE_V(0) :
                              T6_STATMODE_V(0)));
 
+       /* Initialize hash mac addr list */
+       INIT_LIST_HEAD(&adapter->mac_hlist);
+
        for_each_port(adapter, i) {
                netdev = alloc_etherdev_mq(sizeof(struct port_info),
                                           MAX_ETH_QSETS);
@@ -5907,6 +5901,7 @@ fw_attach_fail:
 static void remove_one(struct pci_dev *pdev)
 {
        struct adapter *adapter = pci_get_drvdata(pdev);
+       struct hash_mac_addr *entry, *tmp;
 
        if (!adapter) {
                pci_release_regions(pdev);
@@ -5956,6 +5951,12 @@ static void remove_one(struct pci_dev *pdev)
                if (adapter->num_uld || adapter->num_ofld_uld)
                        t4_uld_mem_free(adapter);
                free_some_resources(adapter);
+               list_for_each_entry_safe(entry, tmp, &adapter->mac_hlist,
+                                        list) {
+                       list_del(&entry->list);
+                       kfree(entry);
+               }
+
 #if IS_ENABLED(CONFIG_IPV6)
                t4_cleanup_clip_tbl(adapter);
 #endif

diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c b/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
index 8ec503c..8a2ad6b 100644 (file)
--- a/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
@@ -723,9 +723,6 @@ static int adapter_up(struct adapter *adapter)
                if (adapter->flags & USING_MSIX)
                        name_msix_vecs(adapter);
 
-               /* Initialize hash mac addr list*/
-               INIT_LIST_HEAD(&adapter->mac_hlist);
-
                adapter->flags |= FULL_INIT_DONE;
        }
 
@@ -3038,6 +3035,9 @@ static int cxgb4vf_pci_probe(struct pci_dev *pdev,
        if (err)
                goto err_unmap_bar;
 
+       /* Initialize hash mac addr list */
+       INIT_LIST_HEAD(&adapter->mac_hlist);
+
        /*
         * Allocate our "adapter ports" and stitch everything together.
         */