lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87lij7de8u.fsf@nemi.mork.no>
Date:	Thu, 28 Jun 2012 10:36:49 +0200
From:	Bjørn Mork <bjorn@...k.no>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, Oliver Neukum <oliver@...kum.org>,
	Ming Lei <tom.leiming@...il.com>, linux-usb@...r.kernel.org,
	Marius Bjørnstad Kotsbak 
	<marius.kotsbak@...il.com>
Subject: Re: [PATCH net] net: qmi_wwan: fix Oops while disconnecting

Bjørn Mork <bjorn@...k.no> writes:

[..]
> Fixes this Oops where a cdc-wdm device was closed while the
> USB device was disconnecting, causing wdm_release to call
> qmi_wwan_cdc_wdm_manage_power after intfdata was set to
> NULL by usbnet_disconnect:
>
> [41819.087460] BUG: unable to handle kernel NULL pointer dereference at 00000080
> [41819.087815] IP: [<f8640458>] qmi_wwan_manage_power+0x68/0x90 [qmi_wwan]
> [41819.088028] *pdpt = 000000000314f001 *pde = 0000000000000000
> [41819.088028] Oops: 0002 [#1] SMP

[..]

> diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
> index 3767a12..b01960f 100644
> --- a/drivers/net/usb/qmi_wwan.c
> +++ b/drivers/net/usb/qmi_wwan.c
> @@ -197,6 +197,10 @@ err:
>  static int qmi_wwan_cdc_wdm_manage_power(struct usb_interface *intf, int on)
>  {
>  	struct usbnet *dev = usb_get_intfdata(intf);
> +
> +	/* can be called while disconnecting */
> +	if (!dev)
> +		return 0;
>  	return qmi_wwan_manage_power(dev, on);
>  }

Hello,

I'd like this patch applied to qmi_wwan regardless of the outcome of the
(now stalled?) generic usbnet_disconnect discussion.

The patch fixes a real Oops in 3.4 and 3.5, and I believe it should be
left in qmi_wwan even if the usbnet code is fixed to avoid this specific
bug.  The additional NULL test won't harm, and it makes the code more
robust should someone decide to rearrange usbnet_disconnect again at
some later point in time.

I really want this fixed in the next 3.4 stable release, if possible.
Should I resubmit the patch, or will you pick it up from
http://patchwork.ozlabs.org/patch/166542/ ?


Thanks,
Bjørn
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ