Jakub Kicinski writes:
On Thu, 13 Aug 2020 15:51:46 +0300 Shay Agroskin wrote:
Long answer:
The ena_destroy_device() function is called with rtnl_lock()
held,
so it cannot run in parallel with the reset function. Also the
destroy function clears the bit ENA_FLAG_TRIGGER_RESET without
whi
On Thu, 13 Aug 2020 15:51:46 +0300 Shay Agroskin wrote:
> Long answer:
> The ena_destroy_device() function is called with rtnl_lock() held,
> so it cannot run in parallel with the reset function. Also the
> destroy function clears the bit ENA_FLAG_TRIGGER_RESET without
> which the reset function
Jakub Kicinski writes:
On Wed, 12 Aug 2020 13:10:57 +0300 Shay Agroskin wrote:
This patch also removes the destruction of the timer and reset
services
from ena_remove() since the timer is destroyed by the
destruction
routine and the reset work is handled by this patch.
You'd still have a
On Wed, 12 Aug 2020 13:10:57 +0300 Shay Agroskin wrote:
> This patch also removes the destruction of the timer and reset services
> from ena_remove() since the timer is destroyed by the destruction
> routine and the reset work is handled by this patch.
You'd still have a use after free if the work
The reset work is scheduled by the timer routine whenever it
detects that a device reset is required (e.g. when a keep_alive signal
is missing).
When releasing device resources in ena_destroy() the driver cancels the
scheduling of the timer routine without destroying the reset
work explicitly.
Thi
