[PATCH 4.4 18/62] tg3: Fix soft lockup when tg3_reset_task() fails.

From: Greg Kroah-Hartman
Date: Fri Sep 11 2020 - 13:35:44 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 21/62] include/linux/log2.h: add missing () around n in roundup_pow_of_two()"
Previous message: Shakeel Butt: "Re: [PATCH rfc 0/5] mm: allow mapping accounted kernel pages to userspace"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 02/62] HID: core: Sanitize event code and type when mapping input"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 21/62] include/linux/log2.h: add missing () around n in roundup_pow_of_two()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michael Chan <michael.chan@xxxxxxxxxxxx>

[ Upstream commit 556699341efa98243e08e34401b3f601da91f5a3 ]

If tg3_reset_task() fails, the device state is left in an inconsistent
state with IFF_RUNNING still set but NAPI state not enabled. A
subsequent operation, such as ifdown or AER error can cause it to
soft lock up when it tries to disable NAPI state.

Fix it by bringing down the device to !IFF_RUNNING state when
tg3_reset_task() fails. tg3_reset_task() running from workqueue
will now call tg3_close() when the reset fails. We need to
modify tg3_reset_task_cancel() slightly to avoid tg3_close()
calling cancel_work_sync() to cancel tg3_reset_task(). Otherwise
cancel_work_sync() will wait forever for tg3_reset_task() to
finish.

Reported-by: David Christensen <drc@xxxxxxxxxxxxxxxxxx>
Reported-by: Baptiste Covolato <baptiste@xxxxxxxxxx>
Fixes: db2199737990 ("tg3: Schedule at most one tg3_reset_task run")
Signed-off-by: Michael Chan <michael.chan@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/net/ethernet/broadcom/tg3.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
index e198427d0f292..2ee2b6e858283 100644
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
@@ -7203,8 +7203,8 @@ static inline void tg3_reset_task_schedule(struct tg3 *tp)

static inline void tg3_reset_task_cancel(struct tg3 *tp)
{
- cancel_work_sync(&tp->reset_task);
- tg3_flag_clear(tp, RESET_TASK_PENDING);
+ if (test_and_clear_bit(TG3_FLAG_RESET_TASK_PENDING, tp->tg3_flags))
+ cancel_work_sync(&tp->reset_task);
tg3_flag_clear(tp, TX_RECOVERY_PENDING);
}

@@ -11176,18 +11176,27 @@ static void tg3_reset_task(struct work_struct *work)

tg3_halt(tp, RESET_KIND_SHUTDOWN, 0);
err = tg3_init_hw(tp, true);
- if (err)
+ if (err) {
+ tg3_full_unlock(tp);
+ tp->irq_sync = 0;
+ tg3_napi_enable(tp);
+ /* Clear this flag so that tg3_reset_task_cancel() will not
+ * call cancel_work_sync() and wait forever.
+ */
+ tg3_flag_clear(tp, RESET_TASK_PENDING);
+ dev_close(tp->dev);
goto out;
+ }

tg3_netif_start(tp);

-out:
tg3_full_unlock(tp);

if (!err)
tg3_phy_start(tp);

tg3_flag_clear(tp, RESET_TASK_PENDING);
+out:
rtnl_unlock();
}

--
2.25.1

Next message: Greg Kroah-Hartman: "[PATCH 4.4 21/62] include/linux/log2.h: add missing () around n in roundup_pow_of_two()"
Previous message: Shakeel Butt: "Re: [PATCH rfc 0/5] mm: allow mapping accounted kernel pages to userspace"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 02/62] HID: core: Sanitize event code and type when mapping input"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 21/62] include/linux/log2.h: add missing () around n in roundup_pow_of_two()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]