lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Mar 2010 16:24:54 -0600
From:	Abraham Arce <abraham.arce.moreno@...il.com>
To:	netdev@...r.kernel.org
Subject: [PATCH] KS8851: Avoid NULL pointer in set rx mode

Kernel NULL pointer dereference when setting mode for IFF_MULTICAST.
Tested on SDP OMAP4430 board.

ks8851 spi1.0: message enable is 0
ks8851 spi1.0: revision 0, MAC f2:f4:2f:56:37:de, IRQ 194
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0004000
[00000000] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP
last sysfs file:
Modules linked in:
CPU: 0    Not tainted  (2.6.34-rc1-01039-g38d7ed1-dirty #3)
PC is at ks8851_set_rx_mode+0x88/0x124
LR is at bitrev32+0x24/0x2c

<snip>

Backtrace:
[<c01bfbd8>] ? (ks8851_set_rx_mode+0x0/0x124)
[<c01d4164>] (__dev_set_rx_mode+0x0/0x90)
[<c01dc460>] (dev_mc_add+0x0/0x78)
[<c021f0bc>] (igmp_group_added+0x0/0x64)
[<c021f174>] (ip_mc_inc_group+0x0/0x150)
[<c021f3b8>] (ip_mc_up+0x0/0x64)
[<c0219eb0>] (inetdev_event+0x0/0x3d4)
[<c0066818>] (notifier_call_chain+0x0/0x78)
[<c00668b8>] (__raw_notifier_call_chain+0x0/0x24)
[<c00668dc>] (raw_notifier_call_chain+0x0/0x28)
[<c01d7484>] (call_netdevice_notifiers+0x0/0x24)
[<c01d7780>] (__dev_notify_flags+0x0/0x68)
[<c01d77e8>] (dev_change_flags+0x0/0x4c)
[<c001f0bc>] (ip_auto_config+0x0/0xf1c)
[<c0028490>] (do_one_initcall+0x0/0x1bc)
 [<c00084dc>] (kernel_init+0x0/0x234)
Code: e15130bc e1833012 e14130bc e5943000 (e5934000)
---[ end trace ed0fb00a94142792 ]---
Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Abraham Arce <x0066660@...com>
---
 drivers/net/ks8851.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/drivers/net/ks8851.c b/drivers/net/ks8851.c
index 0573e0b..13cc1ca 100644
--- a/drivers/net/ks8851.c
+++ b/drivers/net/ks8851.c
@@ -976,7 +976,6 @@ static void ks8851_set_rx_mode(struct net_device *dev)
 			crc >>= (32 - 6);  /* get top six bits */

 			rxctrl.mchash[crc >> 4] |= (1 << (crc & 0xf));
-			mcptr = mcptr->next;
 		}

 		rxctrl.rxcr1 = RXCR1_RXME | RXCR1_RXPAFMA;
-- 
1.5.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ