summaryrefslogtreecommitdiffstats
path: root/drivers/net/hyperv/rndis_filter.c
diff options
context:
space:
mode:
authorstephen hemminger <stephen@networkplumber.org>2017-04-19 15:22:02 -0700
committerDavid S. Miller <davem@davemloft.net>2017-04-21 13:59:57 -0400
commit76bb5db5c749dfe19d779aac076133e821b859dd (patch)
treed844c765fe7dcdf2cafb136bcaa2f3cfb3569250 /drivers/net/hyperv/rndis_filter.c
parentdfb05553a55d89e6daae9cb9abfdf4751e14d72d (diff)
downloadop-kernel-dev-76bb5db5c749dfe19d779aac076133e821b859dd.zip
op-kernel-dev-76bb5db5c749dfe19d779aac076133e821b859dd.tar.gz
netvsc: fix use after free on module removal
The NAPI data structure is embedded in the netvsc_device structure and is freed when device is closed. There is still a reference (in NAPI list) to this which causes a crash in netif_napi_del when device is removed. Fix by managing NAPI instances correctly. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/hyperv/rndis_filter.c')
-rw-r--r--drivers/net/hyperv/rndis_filter.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
index 1e9445b..ab92c3c 100644
--- a/drivers/net/hyperv/rndis_filter.c
+++ b/drivers/net/hyperv/rndis_filter.c
@@ -1009,13 +1009,16 @@ static void netvsc_sc_open(struct vmbus_channel *new_sc)
/* Set the channel before opening.*/
nvchan->channel = new_sc;
+ netif_napi_add(ndev, &nvchan->napi,
+ netvsc_poll, NAPI_POLL_WEIGHT);
ret = vmbus_open(new_sc, nvscdev->ring_size * PAGE_SIZE,
nvscdev->ring_size * PAGE_SIZE, NULL, 0,
netvsc_channel_cb, nvchan);
-
-
- napi_enable(&nvchan->napi);
+ if (ret == 0)
+ napi_enable(&nvchan->napi);
+ else
+ netdev_err(ndev, "sub channel open failed (%d)\n", ret);
if (refcount_dec_and_test(&nvscdev->sc_offered))
complete(&nvscdev->channel_init_wait);
OpenPOWER on IntegriCloud