• Michael Chan's avatar
    bnx2: Close device if tx_timeout reset fails · cd634019
    Michael Chan authored
    Based on original patch and description from Flavio Leitner <fbl@redhat.com>
    
    When bnx2_reset_task() is called, it will stop,
    (re)initialize and start the interface to restore
    the working condition.
    
    The bnx2_init_nic() calls bnx2_reset_nic() which will
    reset the chip and then calls bnx2_free_skbs() to free
    all the skbs.
    
    The problem happens when bnx2_init_chip() fails because
    bnx2_reset_nic() will just return skipping the ring
    initializations at bnx2_init_all_rings(). Later, the
    reset task starts the interface again and the system
    crashes due a NULL pointer access (no skb in the ring).
    
    To fix it, we call dev_close() if bnx2_init_nic() fails.
    One minor wrinkle to deal with is the cancel_work_sync()
    call in bnx2_close() to cancel bnx2_reset_task().  The
    call will wait forever because it is trying to cancel
    itself and the workqueue will be stuck.
    
    Since bnx2_reset_task() holds the rtnl_lock() and checks
    for netif_running() before proceeding, there is no need
    to cancel bnx2_reset_task() in bnx2_close() even if
    bnx2_close() and bnx2_reset_task() are running concurrently.
    The rtnl_lock() serializes the 2 calls.
    
    We need to move the cancel_work_sync() call to
    bnx2_remove_one() to make sure it is canceled before freeing
    the netdev struct.
    Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
    Signed-off-by: default avatarMatt Carlson <mcarlson@broadcom.com>
    Cc: Flavio Leitner <fbl@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    cd634019
bnx2.c 209 KB