| From ef1100ef20f29aec4e62abeccdb5bdbebba1e378 Mon Sep 17 00:00:00 2001 |
| From: Arun Ramadoss <arun.ramadoss@microchip.com> |
| Date: Mon, 11 Oct 2021 21:18:08 +0530 |
| Subject: net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work |
| |
| From: Arun Ramadoss <arun.ramadoss@microchip.com> |
| |
| commit ef1100ef20f29aec4e62abeccdb5bdbebba1e378 upstream. |
| |
| When the ksz module is installed and removed using rmmod, kernel crashes |
| with null pointer dereferrence error. During rmmod, ksz_switch_remove |
| function tries to cancel the mib_read_workqueue using |
| cancel_delayed_work_sync routine and unregister switch from dsa. |
| |
| During dsa_unregister_switch it calls ksz_mac_link_down, which in turn |
| reschedules the workqueue since mib_interval is non-zero. |
| Due to which queue executed after mib_interval and it tries to access |
| dp->slave. But the slave is unregistered in the ksz_switch_remove |
| function. Hence kernel crashes. |
| |
| To avoid this crash, before canceling the workqueue, resetted the |
| mib_interval to 0. |
| |
| v1 -> v2: |
| -Removed the if condition in ksz_mib_read_work |
| |
| Fixes: 469b390e1ba3 ("net: dsa: microchip: use delayed_work instead of timer + work") |
| Signed-off-by: Arun Ramadoss <arun.ramadoss@microchip.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/dsa/microchip/ksz_common.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/net/dsa/microchip/ksz_common.c |
| +++ b/drivers/net/dsa/microchip/ksz_common.c |
| @@ -460,8 +460,10 @@ EXPORT_SYMBOL(ksz_switch_register); |
| void ksz_switch_remove(struct ksz_device *dev) |
| { |
| /* timer started */ |
| - if (dev->mib_read_interval) |
| + if (dev->mib_read_interval) { |
| + dev->mib_read_interval = 0; |
| cancel_delayed_work_sync(&dev->mib_read); |
| + } |
| |
| dev->dev_ops->exit(dev); |
| dsa_unregister_switch(dev->ds); |
