Skip to content

Commit 8241ece

Browse files
Edward Creekuba-moo
authored andcommitted
sfc: fix NULL dereferences in ef100_process_design_param()
Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err. Reported-by: Kyungwook Boo <[email protected]> Fixes: 98ff4c7 ("sfc: Separate netdev probe/remove from PCI probe/remove") Signed-off-by: Edward Cree <[email protected]> Reviewed-by: Michal Swiatkowski <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
1 parent 15970e1 commit 8241ece

File tree

2 files changed

+24
-29
lines changed

2 files changed

+24
-29
lines changed

drivers/net/ethernet/sfc/ef100_netdev.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -450,8 +450,9 @@ int ef100_probe_netdev(struct efx_probe_data *probe_data)
450450
net_dev->hw_enc_features |= efx->type->offload_features;
451451
net_dev->vlan_features |= NETIF_F_HW_CSUM | NETIF_F_SG |
452452
NETIF_F_HIGHDMA | NETIF_F_ALL_TSO;
453-
netif_set_tso_max_segs(net_dev,
454-
ESE_EF100_DP_GZ_TSO_MAX_HDR_NUM_SEGS_DEFAULT);
453+
nic_data = efx->nic_data;
454+
netif_set_tso_max_size(efx->net_dev, nic_data->tso_max_payload_len);
455+
netif_set_tso_max_segs(efx->net_dev, nic_data->tso_max_payload_num_segs);
455456

456457
rc = efx_ef100_init_datapath_caps(efx);
457458
if (rc < 0)
@@ -477,7 +478,6 @@ int ef100_probe_netdev(struct efx_probe_data *probe_data)
477478
/* Don't fail init if RSS setup doesn't work. */
478479
efx_mcdi_push_default_indir_table(efx, efx->n_rx_channels);
479480

480-
nic_data = efx->nic_data;
481481
rc = ef100_get_mac_address(efx, net_dev->perm_addr, CLIENT_HANDLE_SELF,
482482
efx->type->is_vf);
483483
if (rc)

drivers/net/ethernet/sfc/ef100_nic.c

Lines changed: 21 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -887,8 +887,7 @@ static int ef100_process_design_param(struct efx_nic *efx,
887887
case ESE_EF100_DP_GZ_TSO_MAX_HDR_NUM_SEGS:
888888
/* We always put HDR_NUM_SEGS=1 in our TSO descriptors */
889889
if (!reader->value) {
890-
netif_err(efx, probe, efx->net_dev,
891-
"TSO_MAX_HDR_NUM_SEGS < 1\n");
890+
pci_err(efx->pci_dev, "TSO_MAX_HDR_NUM_SEGS < 1\n");
892891
return -EOPNOTSUPP;
893892
}
894893
return 0;
@@ -901,32 +900,28 @@ static int ef100_process_design_param(struct efx_nic *efx,
901900
*/
902901
if (!reader->value || reader->value > EFX_MIN_DMAQ_SIZE ||
903902
EFX_MIN_DMAQ_SIZE % (u32)reader->value) {
904-
netif_err(efx, probe, efx->net_dev,
905-
"%s size granularity is %llu, can't guarantee safety\n",
906-
reader->type == ESE_EF100_DP_GZ_RXQ_SIZE_GRANULARITY ? "RXQ" : "TXQ",
907-
reader->value);
903+
pci_err(efx->pci_dev,
904+
"%s size granularity is %llu, can't guarantee safety\n",
905+
reader->type == ESE_EF100_DP_GZ_RXQ_SIZE_GRANULARITY ? "RXQ" : "TXQ",
906+
reader->value);
908907
return -EOPNOTSUPP;
909908
}
910909
return 0;
911910
case ESE_EF100_DP_GZ_TSO_MAX_PAYLOAD_LEN:
912911
nic_data->tso_max_payload_len = min_t(u64, reader->value,
913912
GSO_LEGACY_MAX_SIZE);
914-
netif_set_tso_max_size(efx->net_dev,
915-
nic_data->tso_max_payload_len);
916913
return 0;
917914
case ESE_EF100_DP_GZ_TSO_MAX_PAYLOAD_NUM_SEGS:
918915
nic_data->tso_max_payload_num_segs = min_t(u64, reader->value, 0xffff);
919-
netif_set_tso_max_segs(efx->net_dev,
920-
nic_data->tso_max_payload_num_segs);
921916
return 0;
922917
case ESE_EF100_DP_GZ_TSO_MAX_NUM_FRAMES:
923918
nic_data->tso_max_frames = min_t(u64, reader->value, 0xffff);
924919
return 0;
925920
case ESE_EF100_DP_GZ_COMPAT:
926921
if (reader->value) {
927-
netif_err(efx, probe, efx->net_dev,
928-
"DP_COMPAT has unknown bits %#llx, driver not compatible with this hw\n",
929-
reader->value);
922+
pci_err(efx->pci_dev,
923+
"DP_COMPAT has unknown bits %#llx, driver not compatible with this hw\n",
924+
reader->value);
930925
return -EOPNOTSUPP;
931926
}
932927
return 0;
@@ -946,10 +941,10 @@ static int ef100_process_design_param(struct efx_nic *efx,
946941
* So the value of this shouldn't matter.
947942
*/
948943
if (reader->value != ESE_EF100_DP_GZ_VI_STRIDES_DEFAULT)
949-
netif_dbg(efx, probe, efx->net_dev,
950-
"NIC has other than default VI_STRIDES (mask "
951-
"%#llx), early probing might use wrong one\n",
952-
reader->value);
944+
pci_dbg(efx->pci_dev,
945+
"NIC has other than default VI_STRIDES (mask "
946+
"%#llx), early probing might use wrong one\n",
947+
reader->value);
953948
return 0;
954949
case ESE_EF100_DP_GZ_RX_MAX_RUNT:
955950
/* Driver doesn't look at L2_STATUS:LEN_ERR bit, so we don't
@@ -961,9 +956,9 @@ static int ef100_process_design_param(struct efx_nic *efx,
961956
/* Host interface says "Drivers should ignore design parameters
962957
* that they do not recognise."
963958
*/
964-
netif_dbg(efx, probe, efx->net_dev,
965-
"Ignoring unrecognised design parameter %u\n",
966-
reader->type);
959+
pci_dbg(efx->pci_dev,
960+
"Ignoring unrecognised design parameter %u\n",
961+
reader->type);
967962
return 0;
968963
}
969964
}
@@ -999,13 +994,13 @@ static int ef100_check_design_params(struct efx_nic *efx)
999994
*/
1000995
if (reader.state != EF100_TLV_TYPE) {
1001996
if (reader.state == EF100_TLV_TYPE_CONT)
1002-
netif_err(efx, probe, efx->net_dev,
1003-
"truncated design parameter (incomplete type %u)\n",
1004-
reader.type);
997+
pci_err(efx->pci_dev,
998+
"truncated design parameter (incomplete type %u)\n",
999+
reader.type);
10051000
else
1006-
netif_err(efx, probe, efx->net_dev,
1007-
"truncated design parameter %u\n",
1008-
reader.type);
1001+
pci_err(efx->pci_dev,
1002+
"truncated design parameter %u\n",
1003+
reader.type);
10091004
rc = -EIO;
10101005
}
10111006
out:

0 commit comments

Comments
 (0)