[Intel-wired-lan] [PATCH net] ice: Fix race during aux device (un)plugging

Michal Schmidt mschmidt at redhat.com
Fri Apr 15 11:12:03 UTC 2022


On Thu, Apr 14, 2022 at 6:39 PM Ivan Vecera <ivecera at redhat.com> wrote:

> Function ice_plug_aux_dev() assigns pf->adev field too early prior
> aux device initialization and on other side ice_unplug_aux_dev()
> starts aux device deinit and at the end assigns NULL to pf->adev.
> This is wrong and can causes a crash when ice_send_event_to_aux()
> call occurs during these operations because that function depends
> on non-NULL value of pf->adev and does not assume that aux device
> is half-initialized or half-destroyed.
>
> Modify affected functions so pf->adev field is set after aux device
> init and prior aux device destroy.
>
[...]

> @@ -320,12 +319,14 @@ int ice_plug_aux_dev(struct ice_pf *pf)
>   */
>  void ice_unplug_aux_dev(struct ice_pf *pf)
>  {
> -       if (!pf->adev)
> +       struct auxiliary_device *adev = pf->adev;
> +
> +       if (!adev)
>                 return;
>
> -       auxiliary_device_delete(pf->adev);
> -       auxiliary_device_uninit(pf->adev);
>         pf->adev = NULL;
> +       auxiliary_device_delete(adev);
> +       auxiliary_device_uninit(adev);
>  }
>

Hi Ivan,
What prevents ice_unplug_aux_dev() from running immediately after
ice_send_event_to_aux() gets past its "if (!pf->adev)" test ?
Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/intel-wired-lan/attachments/20220415/1465d2d6/attachment.html>


More information about the Intel-wired-lan mailing list