From 88e8431f0530227d7987bb54fb97091f7319904e Mon Sep 17 00:00:00 2001 From: Prashant Sreedharan Date: Mon, 28 Mar 2016 19:46:04 -0400 Subject: [PATCH] bnxt_en: Initialize CP doorbell value before ring allocation Orabug: 23221795 The existing code does the following: allocate completion ring initialize completion ring doorbell disable interrupts on this completion ring by writing to the doorbell We can have a race where firmware sends an asynchronous event to the host after completion ring allocation and before doorbell is initialized. When this happens driver can crash while ringing the doorbell using uninitialized value as part of handling the IRQ/napi request. Signed-off-by: Prashant Sreedharan Signed-off-by: Michael Chan Signed-off-by: David S. Miller (cherry picked from commit 33e52d888d0c84a0c66f13357a53113fd9710bd6) Signed-off-by: Brian Maly --- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c index a8c5f7621eb9..9361ad6e4e4d 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c @@ -3408,11 +3408,11 @@ static int bnxt_hwrm_ring_alloc(struct bnxt *bp) struct bnxt_cp_ring_info *cpr = &bnapi->cp_ring; struct bnxt_ring_struct *ring = &cpr->cp_ring_struct; + cpr->cp_doorbell = bp->bar1 + i * 0x80; rc = hwrm_ring_alloc_send_msg(bp, ring, HWRM_RING_ALLOC_CMPL, i, INVALID_STATS_CTX_ID); if (rc) goto err_out; - cpr->cp_doorbell = bp->bar1 + i * 0x80; BNXT_CP_DB(cpr->cp_doorbell, cpr->cp_raw_cons); bp->grp_info[i].cp_fw_ring_id = ring->fw_ring_id; } -- 2.50.1