From: Michael Chan <michael.chan@broadcom.com>
Date: Wed, 11 Apr 2018 15:50:18 +0000 (-0400)
Subject: bnxt_en: Fix NULL pointer dereference at bnxt_free_irq().
X-Git-Tag: v4.1.12-124.31.3~268
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=caba0fc7788eb44e2cfa1e79e9059a502f2438ca;p=users%2Fjedix%2Flinux-maple.git

bnxt_en: Fix NULL pointer dereference at bnxt_free_irq().

Orabug: 29357977

When open fails during ethtool -L ring change, for example, the driver
may crash at bnxt_free_irq() because bp->bnapi is NULL.

If we fail to allocate all the new rings, bnxt_open_nic() will free
all the memory including bp->bnapi.  Subsequent call to bnxt_close_nic()
will try to dereference bp->bnapi in bnxt_free_irq().

Fix it by checking for !bp->bnapi in bnxt_free_irq().

Fixes: e5811b8c09df ("bnxt_en: Add IRQ remapping logic.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit cb98526bf9b985866d648dbb9c983ba9eb59daba)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
---

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 700c4e7cbe98..50b47e368559 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -5913,7 +5913,7 @@ static void bnxt_free_irq(struct bnxt *bp)
 	free_irq_cpu_rmap(bp->dev->rx_cpu_rmap);
 	bp->dev->rx_cpu_rmap = NULL;
 #endif
-	if (!bp->irq_tbl)
+	if (!bp->irq_tbl || !bp->bnapi)
 		return;
 
 	for (i = 0; i < bp->cp_nr_rings; i++) {