On Mon, 2016-04-18 at 21:19 +0200, Hannes Frederic Sowa wrote:
> mlx4_en_start_port requires rtnl_lock to be held.
>
> Cc: Eugenia Emantayev <euge...@mellanox.com>
> Cc: Yishai Hadas <yish...@mellanox.com>
> Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org>
> ---
> drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
> b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
> index b4b258c8ca47d4..8bd143dda95d11 100644
> --- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
> +++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
> @@ -1856,6 +1856,7 @@ static void mlx4_en_restart(struct work_struct *work)
>
> en_dbg(DRV, priv, "Watchdog task called for port %d\n", priv->port);
>
> + rtnl_lock();
> mutex_lock(&mdev->state_lock);
> if (priv->port_up) {
> mlx4_en_stop_port(dev, 1);
> @@ -1863,6 +1864,7 @@ static void mlx4_en_restart(struct work_struct *work)
> en_err(priv, "Failed restarting port %d\n", priv->port);
> }
> mutex_unlock(&mdev->state_lock);
> + rtnl_unlock();
> }
>
> static void mlx4_en_clear_stats(struct net_device *dev)
It looks that this work queue is not canceled at device dismantle.
I suspect a use after free is possible.
