From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tong Zhang <ztong0001@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 07/23] mISDN: fix crash in fritzpci
Date: Fri, 9 Apr 2021 11:53:37 +0200 [thread overview]
Message-ID: <20210409095303.137795262@linuxfoundation.org> (raw)
In-Reply-To: <20210409095302.894568462@linuxfoundation.org>
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit a9f81244d2e33e6dfcef120fefd30c96b3f7cdb0 ]
setup_fritz() in avmfritz.c might fail with -EIO and in this case the
isac.type and isac.write_reg is not initialized and remains 0(NULL).
A subsequent call to isac_release() will dereference isac->write_reg and
crash.
[ 1.737444] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 1.737809] #PF: supervisor instruction fetch in kernel mode
[ 1.738106] #PF: error_code(0x0010) - not-present page
[ 1.738378] PGD 0 P4D 0
[ 1.738515] Oops: 0010 [#1] SMP NOPTI
[ 1.738711] CPU: 0 PID: 180 Comm: systemd-udevd Not tainted 5.12.0-rc2+ #78
[ 1.739077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-p
rebuilt.qemu.org 04/01/2014
[ 1.739664] RIP: 0010:0x0
[ 1.739807] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 1.740200] RSP: 0018:ffffc9000027ba10 EFLAGS: 00010202
[ 1.740478] RAX: 0000000000000000 RBX: ffff888102f41840 RCX: 0000000000000027
[ 1.740853] RDX: 00000000000000ff RSI: 0000000000000020 RDI: ffff888102f41800
[ 1.741226] RBP: ffffc9000027ba20 R08: ffff88817bc18440 R09: ffffc9000027b808
[ 1.741600] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888102f41840
[ 1.741976] R13: 00000000fffffffb R14: ffff888102f41800 R15: ffff8881008b0000
[ 1.742351] FS: 00007fda3a38a8c0(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
[ 1.742774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.743076] CR2: ffffffffffffffd6 CR3: 00000001021ec000 CR4: 00000000000006f0
[ 1.743452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1.743828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1.744206] Call Trace:
[ 1.744339] isac_release+0xcc/0xe0 [mISDNipac]
[ 1.744582] fritzpci_probe.cold+0x282/0x739 [avmfritz]
[ 1.744861] local_pci_probe+0x48/0x80
[ 1.745063] pci_device_probe+0x10f/0x1c0
[ 1.745278] really_probe+0xfb/0x420
[ 1.745471] driver_probe_device+0xe9/0x160
[ 1.745693] device_driver_attach+0x5d/0x70
[ 1.745917] __driver_attach+0x8f/0x150
[ 1.746123] ? device_driver_attach+0x70/0x70
[ 1.746354] bus_for_each_dev+0x7e/0xc0
[ 1.746560] driver_attach+0x1e/0x20
[ 1.746751] bus_add_driver+0x152/0x1f0
[ 1.746957] driver_register+0x74/0xd0
[ 1.747157] ? 0xffffffffc00d8000
[ 1.747334] __pci_register_driver+0x54/0x60
[ 1.747562] AVM_init+0x36/0x1000 [avmfritz]
[ 1.747791] do_one_initcall+0x48/0x1d0
[ 1.747997] ? __cond_resched+0x19/0x30
[ 1.748206] ? kmem_cache_alloc_trace+0x390/0x440
[ 1.748458] ? do_init_module+0x28/0x250
[ 1.748669] do_init_module+0x62/0x250
[ 1.748870] load_module+0x23ee/0x26a0
[ 1.749073] __do_sys_finit_module+0xc2/0x120
[ 1.749307] ? __do_sys_finit_module+0xc2/0x120
[ 1.749549] __x64_sys_finit_module+0x1a/0x20
[ 1.749782] do_syscall_64+0x38/0x90
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c
index bca880213e91..51e3d45daaa7 100644
--- a/drivers/isdn/hardware/mISDN/mISDNipac.c
+++ b/drivers/isdn/hardware/mISDN/mISDNipac.c
@@ -694,7 +694,7 @@ isac_release(struct isac_hw *isac)
{
if (isac->type & IPAC_TYPE_ISACX)
WriteISAC(isac, ISACX_MASK, 0xff);
- else
+ else if (isac->type != 0)
WriteISAC(isac, ISAC_MASK, 0xff);
if (isac->dch.timer.function != NULL) {
del_timer(&isac->dch.timer);
--
2.30.2
next prev parent reply other threads:[~2021-04-09 10:03 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 9:53 [PATCH 5.4 00/23] 5.4.111-rc1 review Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 01/23] ARM: dts: am33xx: add aliases for mmc interfaces Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 02/23] bus: ti-sysc: Fix warning on unbind if reset is not deasserted Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 03/23] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 04/23] bpf, x86: Use kvmalloc_array instead kmalloc_array in bpf_jit_comp Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 05/23] net/mlx5e: Enforce minimum value check for ICOSQ size Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 06/23] net: pxa168_eth: Fix a potential data race in pxa168_eth_remove Greg Kroah-Hartman
2021-04-09 9:53 ` Greg Kroah-Hartman [this message]
2021-04-09 9:53 ` [PATCH 5.4 08/23] mac80211: choose first enabled channel for monitor Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 09/23] drm/msm/adreno: a5xx_power: Dont apply A540 lm_setup to other GPUs Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 10/23] drm/msm: Ratelimit invalid-fence message Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 11/23] netfilter: conntrack: Fix gre tunneling over ipv6 Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 12/23] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 13/23] x86/build: Turn off -fcf-protection for realmode targets Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 14/23] scsi: target: pscsi: Clean up after failure in pscsi_map_sg() Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 15/23] ia64: mca: allocate early mca with GFP_ATOMIC Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 16/23] ia64: fix format strings for err_inject Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 17/23] cifs: revalidate mapping when we open files for SMB1 POSIX Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 18/23] cifs: Silently ignore unknown oplock break handle Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 19/23] bpf, x86: Validate computation of branch displacements for x86-64 Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 20/23] bpf, x86: Validate computation of branch displacements for x86-32 Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 21/23] nvme-mpath: replace direct_make_request with generic_make_request Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 22/23] init/Kconfig: make COMPILE_TEST depend on !S390 Greg Kroah-Hartman
2021-04-09 9:53 ` [PATCH 5.4 23/23] init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM Greg Kroah-Hartman
2021-04-09 19:22 ` [PATCH 5.4 00/23] 5.4.111-rc1 review Florian Fainelli
2021-04-09 20:14 ` Guenter Roeck
2021-04-09 20:39 ` Shuah Khan
2021-04-09 21:20 ` Sudip Mukherjee
2021-04-10 0:55 ` Samuel Zou
2021-04-10 7:27 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210409095303.137795262@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=ztong0001@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.