On Mon, 2017-03-13 at 06:18 -0700, Eric Dumazet wrote:
> On Mon, 2017-03-13 at 13:47 +0100, Petr Vorel wrote:
> > commit 7489bdadb7d1 (r8152: check rx after napi is enabled) causes null
> > pointer dereference when using device as under root:
> >
> > # rmmod r8152 # or lsusb -v
> > NOHZ: local_softirq_pending 08
> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> > IP: r8152_poll+0x125/0x570 [r8152]
> > PGD 89b4cf067
> > PUD 898ff2067
> > PMD 0
> > Oops: 0002 [#1] PREEMPT SMP
> >
> > Signed-off-by: Petr Vorel <petr.vo...@gmail.com>
> > ---
> > NOTE: This is just a workaround, I suppose, there is better way how to fix
> > that
> > (which allows keeping scheduling the napi for rx after napi_enable()).
> > ---
> > drivers/net/usb/r8152.c | 2 --
> > 1 file changed, 2 deletions(-)
> >
> > diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
> > index 986243c932cc..79c665a89a47 100644
> > --- a/drivers/net/usb/r8152.c
> > +++ b/drivers/net/usb/r8152.c
> > @@ -3703,8 +3703,6 @@ static int rtl8152_resume(struct usb_interface *intf)
> > napi_enable(&tp->napi);
> > clear_bit(SELECTIVE_SUSPEND, &tp->flags);
> > smp_mb__after_atomic();
> > - if (!list_empty(&tp->rx_done))
> > - napi_schedule(&tp->napi);
> > } else {
> > tp->rtl_ops.up(tp);
> > netif_carrier_off(tp->netdev);
>
>
> The proper work around is to enclose the napi_schedule() in a
> local_bh_enable()/local_bh_disable() pair.
Something like :
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index
986243c932ccd6fe19c592805c1c63274f5e5555..b6bb1720c383946ea6142ec2f79f5b7a69031d7f
100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -3703,8 +3703,10 @@ static int rtl8152_resume(struct usb_interface *intf)
napi_enable(&tp->napi);
clear_bit(SELECTIVE_SUSPEND, &tp->flags);
smp_mb__after_atomic();
+ local_bh_disable();
if (!list_empty(&tp->rx_done))
napi_schedule(&tp->napi);
+ local_bh_enable();
} else {
tp->rtl_ops.up(tp);
netif_carrier_off(tp->netdev);
