From ceeb00b95f89b2c32a23b7e596c3715c70334f8b Mon Sep 17 00:00:00 2001 From: John Daley Date: Wed, 12 Oct 2016 14:12:02 -0700 Subject: [PATCH] net/enic: fix crash on MTU update or Rx queue reconfigure The incorrect completion queue corresponding to an RQ would be freed if multiple Rx queues are in use and the MTU is changed, or an Rx queue is released. This could lead to a segmentation fault when the device is disabled or even in the Rx or Tx paths. The index of the completion queue corresponding to a RQ needed to be adjusted after Rx scatter was introduced. Fixes: 856d7ba7ed22 ("net/enic: support scattered Rx") Signed-off-by: John Daley Reviewed-by: Nelson Escobar --- drivers/net/enic/enic.h | 5 +++++ drivers/net/enic/enic_main.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/enic/enic.h b/drivers/net/enic/enic.h index 4ea4e4a31e..13a4b31636 100644 --- a/drivers/net/enic/enic.h +++ b/drivers/net/enic/enic.h @@ -170,6 +170,11 @@ struct enic { }; +/* Get the CQ index from a Start of Packet(SOP) RQ index */ +static inline unsigned int enic_sop_rq_idx_to_cq_idx(unsigned int sop_idx) +{ + return sop_idx / 2; +} static inline unsigned int enic_rq_sop(unsigned int sop_rq) { return sop_rq / 2; diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c index 85cd8d390f..106cb67a60 100644 --- a/drivers/net/enic/enic_main.c +++ b/drivers/net/enic/enic_main.c @@ -540,7 +540,7 @@ void enic_free_rq(void *rxq) if (rq_data->in_use) vnic_rq_free(rq_data); - vnic_cq_free(&enic->cq[rq_sop->index]); + vnic_cq_free(&enic->cq[enic_sop_rq_idx_to_cq_idx(rq_sop->index)]); rq_sop->in_use = 0; rq_data->in_use = 0; -- 2.20.1