From: Jon Maxwell <jmaxwel...@gmail.com> Date: Thu, 5 May 2016 09:55:51 +1000
> We recently had a system crash in the cnic module. Vmcore analysis confirmed > that "ip link up" was executed which failed due to an allocation failure > because of memory fragmentation. Futher analysis revealed that the cnic irq > vector was still allocated after the "ip link up" that failed. When > "ip link down" was executed it called free_msi_irqs() which crashed the > system > because the cnic irq was still inuse. ... > The cnic_start_hw() routine is not handling the allocation failure correctly. > Fix this by checking whether CNIC_DRV_STATE_HANDLES_IRQ flag is set > indicating > that the hardware has been started in cnic_start_hw(). If it has then call > cp->stop_hw() which frees the cnic irq vector and cnic resources. Otherwise > just maintain the previous behaviour and free cnic resources. > > I reproduced this by injecting an ENOMEM error into cnic_cm_alloc_mem()s > return > code. > > # ip link set dev enpX down > # ip link set dev enpX up <--- hit's allocation failure > # ip link set dev enpX down <--- crashes here > > With this patch I confirmed there was no crash in the reproducer. > > Signed-off-by: Jon Maxwell <jmaxwel...@gmail.com> Applied, thank you.
