[PATCH 4.9 053/177] ibmvnic: Disable irq prior to close

From: Greg Kroah-Hartman
Date: Fri Mar 23 2018 - 07:30:31 EST


4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Brian King <brking@xxxxxxxxxxxxxxxxxx>


[ Upstream commit dd9c20fa07ba5cfb5a0ab3181d68530506610605 ]

Add some code to call disable_irq on all the vnic interface's irqs.
This fixes a crash observed when closing an active interface, as
seen in the oops below when we try to access a buffer in the interrupt
handler which we've already freed.

Unable to handle kernel paging request for data at address 0x00000001
Faulting instruction address: 0xd000000003886824
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: ibmvnic(OEN) rpadlpar_io(X) rpaphp(X) tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag rpcsec_
Supported: No, Unsupported modules are loaded
CPU: 8 PID: 0 Comm: swapper/8 Tainted: G OE NX 4.4.49-92.11-default #1
task: c00000007f990110 ti: c0000000fffa0000 task.ti: c00000007f9b8000
NIP: d000000003886824 LR: d000000003886824 CTR: c0000000007eff60
REGS: c0000000fffa3a70 TRAP: 0300 Tainted: G OE NX (4.4.49-92.11-default)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22008042 XER: 20000008
CFAR: c000000000008468 DAR: 0000000000000001 DSISR: 40000000 SOFTE: 0
GPR00: d000000003886824 c0000000fffa3cf0 d000000003894118 0000000000000000
GPR04: 0000000000000000 0000000000000000 c000000001249da0 0000000000000000
GPR08: 000000000000000e 0000000000000000 c0000000ccb00000 d000000003889180
GPR12: c0000000007eff60 c000000007af4c00 0000000000000001 c0000000010def30
GPR16: c00000007f9b8000 c000000000b98c30 c00000007f9b8080 c000000000bab858
GPR20: 0000000000000005 0000000000000000 c0000000ff5d7e80 c0000000f809f648
GPR24: c0000000ff5d7ec8 0000000000000000 0000000000000000 c0000000ccb001a0
GPR28: 000000000000000a c0000000f809f600 c0000000fd4cd900 c0000000f9cd5b00
NIP [d000000003886824] ibmvnic_interrupt_tx+0x114/0x380 [ibmvnic]
LR [d000000003886824] ibmvnic_interrupt_tx+0x114/0x380 [ibmvnic]
Call Trace:
[c0000000fffa3cf0] [d000000003886824] ibmvnic_interrupt_tx+0x114/0x380 [ibmvnic] (unreliable)
[c0000000fffa3dd0] [c000000000132940] __handle_irq_event_percpu+0x90/0x2e0
[c0000000fffa3e90] [c000000000132bcc] handle_irq_event_percpu+0x3c/0x90
[c0000000fffa3ed0] [c000000000132c88] handle_irq_event+0x68/0xc0
[c0000000fffa3f00] [c000000000137edc] handle_fasteoi_irq+0xec/0x250
[c0000000fffa3f30] [c000000000131b04] generic_handle_irq+0x54/0x80
[c0000000fffa3f60] [c000000000011190] __do_irq+0x80/0x1d0
[c0000000fffa3f90] [c0000000000248d8] call_do_irq+0x14/0x24
[c00000007f9bb9e0] [c000000000011380] do_IRQ+0xa0/0x120
[c00000007f9bba40] [c000000000002594] hardware_interrupt_common+0x114/0x180

Signed-off-by: Brian King <brking@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Nathan Fontenot <nfont@xxxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/ethernet/ibm/ibmvnic.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)

--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -511,6 +511,23 @@ alloc_napi_failed:
return -ENOMEM;
}

+static void disable_sub_crqs(struct ibmvnic_adapter *adapter)
+{
+ int i;
+
+ if (adapter->tx_scrq) {
+ for (i = 0; i < adapter->req_tx_queues; i++)
+ if (adapter->tx_scrq[i])
+ disable_irq(adapter->tx_scrq[i]->irq);
+ }
+
+ if (adapter->rx_scrq) {
+ for (i = 0; i < adapter->req_rx_queues; i++)
+ if (adapter->rx_scrq[i])
+ disable_irq(adapter->rx_scrq[i]->irq);
+ }
+}
+
static int ibmvnic_close(struct net_device *netdev)
{
struct ibmvnic_adapter *adapter = netdev_priv(netdev);
@@ -519,6 +536,7 @@ static int ibmvnic_close(struct net_devi
int i;

adapter->closing = true;
+ disable_sub_crqs(adapter);

for (i = 0; i < adapter->req_rx_queues; i++)
napi_disable(&adapter->napi[i]);