5.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Peter Münster <pm@xxxxxxxx> commit e3eb7dd47bd4806f00e104eb6da092c435f9fb21 upstream. b44_free_rings() accesses b44::rx_buffers (and ::tx_buffers) unconditionally, but b44::rx_buffers is only valid when the device is up (they get allocated in b44_open(), and deallocated again in b44_close()), any other time these are just a NULL pointers. So if you try to change the pause params while the network interface is disabled/administratively down, everything explodes (which likely netifd tries to do). Link: https://github.com/openwrt/openwrt/issues/13789 Fixes: 1da177e4c3f4 (Linux-2.6.12-rc2) Cc: stable@xxxxxxxxxxxxxxx Reported-by: Peter Münster <pm@xxxxxxxx> Suggested-by: Jonas Gorski <jonas.gorski@xxxxxxxxx> Signed-off-by: Vaclav Svoboda <svoboda@xxxxxxx> Tested-by: Peter Münster <pm@xxxxxxxx> Reviewed-by: Andrew Lunn <andrew@xxxxxxx> Signed-off-by: Peter Münster <pm@xxxxxxxx> Reviewed-by: Michael Chan <michael.chan@xxxxxxxxxxxx> Link: https://lore.kernel.org/r/87y192oolj.fsf@xxxxxxxx Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/ethernet/broadcom/b44.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) --- a/drivers/net/ethernet/broadcom/b44.c +++ b/drivers/net/ethernet/broadcom/b44.c @@ -2029,12 +2029,14 @@ static int b44_set_pauseparam(struct net bp->flags |= B44_FLAG_TX_PAUSE; else bp->flags &= ~B44_FLAG_TX_PAUSE; - if (bp->flags & B44_FLAG_PAUSE_AUTO) { - b44_halt(bp); - b44_init_rings(bp); - b44_init_hw(bp, B44_FULL_RESET); - } else { - __b44_set_flow_ctrl(bp, bp->flags); + if (netif_running(dev)) { + if (bp->flags & B44_FLAG_PAUSE_AUTO) { + b44_halt(bp); + b44_init_rings(bp); + b44_init_hw(bp, B44_FULL_RESET); + } else { + __b44_set_flow_ctrl(bp, bp->flags); + } } spin_unlock_irq(&bp->lock);