From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Christoph Fritz <chf.fritz@googlemail.com>,
"John W. Linville" <linville@tuxdriver.com>,
Larry Finger <Larry.Finger@lwfinger.net>,
Ben Hutchings <ben@decadent.org.uk>
Subject: [33/34] ssb: fix NULL ptr deref when pcihost_wrapper is used
Date: Fri, 06 Aug 2010 11:57:28 -0700 [thread overview]
Message-ID: <20100806185836.769175875@clark.site> (raw)
In-Reply-To: <20100806185853.GA28270@kroah.com>
2.6.32-stable review patch. If anyone has any objections, please let us know.
------------------
From: Christoph Fritz <chf.fritz@googlemail.com>
commit da1fdb02d9200ff28b6f3a380d21930335fe5429 upstream.
Ethernet driver b44 does register ssb by it's pcihost_wrapper
and doesn't set ssb_chipcommon. A check on this value
introduced with commit d53cdbb94a52a920d5420ed64d986c3523a56743
and ea2db495f92ad2cf3301623e60cb95b4062bc484 triggers:
BUG: unable to handle kernel NULL pointer dereference at 00000010
IP: [<c1266c36>] ssb_is_sprom_available+0x16/0x30
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/ssb/pci.c | 9 ++++++---
drivers/ssb/sprom.c | 1 +
2 files changed, 7 insertions(+), 3 deletions(-)
--- a/drivers/ssb/pci.c
+++ b/drivers/ssb/pci.c
@@ -624,9 +624,12 @@ static int ssb_pci_sprom_get(struct ssb_
ssb_printk(KERN_ERR PFX "No SPROM available!\n");
return -ENODEV;
}
-
- bus->sprom_offset = (bus->chipco.dev->id.revision < 31) ?
- SSB_SPROM_BASE1 : SSB_SPROM_BASE31;
+ if (bus->chipco.dev) { /* can be unavailible! */
+ bus->sprom_offset = (bus->chipco.dev->id.revision < 31) ?
+ SSB_SPROM_BASE1 : SSB_SPROM_BASE31;
+ } else {
+ bus->sprom_offset = SSB_SPROM_BASE1;
+ }
buf = kcalloc(SSB_SPROMSIZE_WORDS_R123, sizeof(u16), GFP_KERNEL);
if (!buf)
--- a/drivers/ssb/sprom.c
+++ b/drivers/ssb/sprom.c
@@ -188,6 +188,7 @@ bool ssb_is_sprom_available(struct ssb_b
/* this routine differs from specs as we do not access SPROM directly
on PCMCIA */
if (bus->bustype == SSB_BUSTYPE_PCI &&
+ bus->chipco.dev && /* can be unavailible! */
bus->chipco.dev->id.revision >= 31)
return bus->chipco.capabilities & SSB_CHIPCO_CAP_SPROM;
next prev parent reply other threads:[~2010-08-06 19:02 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-06 18:58 [00/34] 2.6.32.18-stable review Greg KH
2010-08-06 18:56 ` [01/34] sched: cgroup: Implement different treatment for idle shares Greg KH
2010-08-06 18:56 ` [02/34] mm: fix ia64 crash when gcore reads gate area Greg KH
2010-08-06 18:56 ` [03/34] Re: acl trouble after upgrading ubuntu Greg KH
2010-08-06 18:56 ` [04/34] comedi: Uncripple 8255-based DIO subdevices Greg KH
2010-08-06 18:57 ` [05/34] NFS: kswapd must not block in nfs_release_page Greg KH
2010-08-06 18:57 ` [06/34] PARISC: led.c - fix potential stack overflow in led_proc_write() Greg KH
2010-08-06 18:57 ` [07/34] arm/imx/gpio: add spinlock protection Greg KH
2010-08-06 18:57 ` [08/34] parisc: pass through \t to early (iodc) console Greg KH
2010-08-06 18:57 ` [09/34] amd64_edac: Fix DCT base address selector Greg KH
2010-08-06 18:57 ` [10/34] amd64_edac: Correct scrub rate setting Greg KH
2010-08-06 18:57 ` [11/34] e1000e: dont inadvertently re-set INTX_DISABLE Greg KH
2010-08-06 18:57 ` [12/34] e1000e: 82577/82578 PHY register access issues Greg KH
2010-08-06 18:57 ` [13/34] 9p: strlen() doesnt count the terminator Greg KH
2010-08-06 18:57 ` [14/34] ath9k: enable serialize_regmode for non-PCIE AR9160 Greg KH
2010-08-06 18:57 ` [15/34] ath9k_hw: fix an off-by-one error in the PDADC boundaries calculation Greg KH
2010-08-06 18:57 ` [16/34] ath9k: fix TSF after reset on AR913x Greg KH
2010-08-06 18:57 ` [17/34] ath9k: fix yet another buffer leak in the tx aggregation code Greg KH
2010-08-06 18:57 ` [18/34] iwlwifi: fix scan abort Greg KH
2010-08-06 18:57 ` [19/34] cfg80211: ignore spurious deauth Greg KH
2010-08-06 18:57 ` [20/34] cfg80211: dont get expired BSSes Greg KH
2010-08-06 18:57 ` [21/34] xfs: prevent swapext from operating on write-only files Greg KH
2010-08-06 18:57 ` [22/34] SCSI: enclosure: fix error path - actually return ERR_PTR() on error Greg KH
2010-08-06 18:57 ` [23/34] GFS2: rename causes kernel Oops Greg KH
2010-08-06 18:57 ` [24/34] slow-work: use get_ref wrapper instead of directly calling get_ref Greg KH
2010-08-06 18:57 ` [25/34] CIFS: Remove __exit mark from cifs_exit_dns_resolver() Greg KH
2010-08-06 18:57 ` [26/34] CIFS: Fix compile error with __init in cifs_init_dns_resolver() definition Greg KH
2010-08-06 20:53 ` [Stable-review] " Ben Hutchings
2010-08-06 21:06 ` Greg KH
2010-08-07 3:38 ` Michael Neuling
2010-08-06 18:57 ` [27/34] xen: drop xen_sched_clock in favour of using plain wallclock time Greg KH
2010-08-06 18:57 ` [28/34] drm/i915: Fix LVDS presence check Greg KH
2010-08-06 18:57 ` [29/34] drm/i915: parse child device from VBT Greg KH
2010-08-06 18:57 ` [30/34] Revert "ssb: Handle Netbook devices where the SPROM address is changed" Greg KH
2010-08-06 18:57 ` [31/34] ssb: do not read SPROM if it does not exist Greg KH
2010-08-06 18:57 ` [32/34] ssb: Look for SPROM at different offset on higher rev CC Greg KH
2010-08-06 18:57 ` Greg KH [this message]
2010-08-06 18:57 ` [34/34] ssb: Handle alternate SSPROM location Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100806185836.769175875@clark.site \
--to=gregkh@suse.de \
--cc=Larry.Finger@lwfinger.net \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=ben@decadent.org.uk \
--cc=chf.fritz@googlemail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).