From cb98526bf9b985866d648dbb9c983ba9eb59daba Mon Sep 17 00:00:00 2001 From: Michael Chan Date: Wed, 11 Apr 2018 11:50:18 -0400 Subject: [PATCH] bnxt_en: Fix NULL pointer dereference at bnxt_free_irq(). When open fails during ethtool -L ring change, for example, the driver may crash at bnxt_free_irq() because bp->bnapi is NULL. If we fail to allocate all the new rings, bnxt_open_nic() will free all the memory including bp->bnapi. Subsequent call to bnxt_close_nic() will try to dereference bp->bnapi in bnxt_free_irq(). Fix it by checking for !bp->bnapi in bnxt_free_irq(). Fixes: e5811b8c09df ("bnxt_en: Add IRQ remapping logic.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller --- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c index 9cb8b4b..f83769d 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c @@ -6090,7 +6090,7 @@ static void bnxt_free_irq(struct bnxt *bp) free_irq_cpu_rmap(bp->dev->rx_cpu_rmap); bp->dev->rx_cpu_rmap = NULL; #endif - if (!bp->irq_tbl) + if (!bp->irq_tbl || !bp->bnapi) return; for (i = 0; i < bp->cp_nr_rings; i++) { -- 2.7.4