bnxt_en: Initialize CP doorbell value before ring allocation

The existing code does the following: allocate completion ring initialize completion ring doorbell disable interrupts on this completion ring by writing to the doorbell We can have a race where firmware sends an asynchronous event to the host after completion ring allocation and before doorbell is initialized. When this happens driver can crash while ringing the doorbell using uninitialized value as part of handling the IRQ/napi request. Signed-off-by: Prashant Sreedharan <prashant.sreedharan@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Mar 30, 2016 · 33e52d8 · 33e52d8
1 parent cb41c99
commit 33e52d8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -3391,11 +3391,11 @@ static int bnxt_hwrm_ring_alloc(struct bnxt *bp)
 		struct bnxt_cp_ring_info *cpr = &bnapi->cp_ring;
 		struct bnxt_ring_struct *ring = &cpr->cp_ring_struct;
 
+		cpr->cp_doorbell = bp->bar1 + i * 0x80;
 		rc = hwrm_ring_alloc_send_msg(bp, ring, HWRM_RING_ALLOC_CMPL, i,
 					      INVALID_STATS_CTX_ID);
 		if (rc)
 			goto err_out;
-		cpr->cp_doorbell = bp->bar1 + i * 0x80;
 		BNXT_CP_DB(cpr->cp_doorbell, cpr->cp_raw_cons);
 		bp->grp_info[i].cp_fw_ring_id = ring->fw_ring_id;
 	}