[PATCH] isdn/gigaset: avoid cs->dev null pointer dereference

[PATCH] isdn/gigaset: avoid cs->dev null pointer dereference

[Akinobu Mita]

When gigaset_initbcs() is called, cs->dev is not initialized yet.
If dev_alloc_skb() failed in this function, NULL poinster
dereference will happen at dev_warn().

Cc: Kai Germaschewski <kai.germaschewski@gmx.de>
Cc: Hansjoerg Lipp <hjlipp@web.de>
Cc: Tilman Schmidt <tilman@imap.cc>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>

 drivers/isdn/gigaset/common.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: work-fault-inject/drivers/isdn/gigaset/common.c
===================================================================
--- work-fault-inject.orig/drivers/isdn/gigaset/common.c
+++ work-fault-inject/drivers/isdn/gigaset/common.c
@@ -579,7 +579,7 @@ static struct bc_state *gigaset_initbcs(
 	} else if ((bcs->skb = dev_alloc_skb(SBUFSIZE + HW_HDR_LEN)) != NULL)
 		skb_reserve(bcs->skb, HW_HDR_LEN);
 	else {
-		dev_warn(cs->dev, "could not allocate skb\n");
+		gig_dbg(DEBUG_INIT, "could not allocate skb\n");
 		bcs->inputstate |= INS_skip_frame;
 	}
 

Re: [PATCH] isdn/gigaset: avoid cs->dev null pointer dereference

[Tilman Schmidt]

[-- Attachment #1: Type: text/plain, Size: 2027 bytes --]

[Argh. Kaum ist man mal ein paar Tage weg ...]

Am 28.10.2006 20:45 schrieb Akinobu Mita:
> --- work-fault-inject.orig/drivers/isdn/gigaset/common.c
> +++ work-fault-inject/drivers/isdn/gigaset/common.c
> @@ -579,7 +579,7 @@ static struct bc_state *gigaset_initbcs(
>  	} else if ((bcs->skb = dev_alloc_skb(SBUFSIZE + HW_HDR_LEN)) != NULL)
>  		skb_reserve(bcs->skb, HW_HDR_LEN);
>  	else {
> -		dev_warn(cs->dev, "could not allocate skb\n");
> +		gig_dbg(DEBUG_INIT, "could not allocate skb\n");
>  		bcs->inputstate |= INS_skip_frame;
>  	}

I'm not quite happy with that patch. (Nor, for that matter, with the
speed it was pushed into mainline, without waiting even a few days
for comments from the maintainers of the code in question.)
Not being able to allocate that skb seriously impairs functionality
of the driver. It should be reported on production systems too, not
just on debug builds.

In short: NAK. Please revert, and replace by the following:

From: Tilman Schmidt <tilman@imap.cc>

Avoid usage of uninitialized cs->dev in gigaset_initbcs().

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Cc: Hansjoerg Lipp <hjlipp@web.de>
Cc: Karsten Keil <kkeil@suse.de>
Cc: Kai Germaschewski <kai.germaschewski@gmx.de>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Andrew Morton <akpm@osdl.org>
---

 drivers/isdn/gigaset/common.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/isdn/gigaset/common.c
+++ b/drivers/isdn/gigaset/common.c
@@ -616,7 +616,7 @@ static struct bc_state *gigaset_initbcs(
 	} else if ((bcs->skb = dev_alloc_skb(SBUFSIZE + HW_HDR_LEN)) != NULL)
 		skb_reserve(bcs->skb, HW_HDR_LEN);
 	else {
-		dev_warn(cs->dev, "could not allocate skb\n");
+		warn("could not allocate skb");
 		bcs->inputstate |= INS_skip_frame;
 	}


-- 
Tilman Schmidt                          E-Mail: tilman@imap.cc
Bonn, Germany
Diese Nachricht besteht zu 100% aus wiederverwerteten Bits.
Ungeoeffnet mindestens haltbar bis: (siehe Rueckseite)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 253 bytes --]