[PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[pradeep singh]

Hi,
This is second submission for a possible NULL dereference handling in
the Chelsio's 10G driver.

Thanks to Jens Axboe for pointing out my mistake of ignoring
subsequent dereferences in init_one routine.

Thanks

Signed-off-by: Pradeep Singh <pradeep.rautela@gmail.com>
---
 drivers/net/chelsio/cxgb2.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
index 231ce43..006c634 100644
--- a/drivers/net/chelsio/cxgb2.c
+++ b/drivers/net/chelsio/cxgb2.c
@@ -1022,6 +1022,11 @@ static int __devinit init_one(struct pci_dev *pdev,
 	mmio_start = pci_resource_start(pdev, 0);
 	mmio_len = pci_resource_len(pdev, 0);
 	bi = t1_get_board_info(ent->driver_data);
+	
+	if (!bi) {
+                CH_ERR("%s: Board info array index out of
range\n",pci_name(pdev));
+                goto out_disable_pdev;
+        }

 	for (i = 0; i < bi->port_number; ++i) {
 		struct net_device *netdev;
-- 
1.4.4.2

-- 
Pradeep

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[pradeep singh]

On 6/21/07, pradeep singh <pradeep.rautela@gmail.com> wrote:
> Hi,
> This is second submission for a possible NULL dereference handling in
> the Chelsio's 10G driver.
>
> Thanks to Jens Axboe for pointing out my mistake of ignoring
> subsequent dereferences in init_one routine.
>
> Thanks
Apologies, looks like patch formatting got messed up during sending.
Resending just in case.

Signed-off-by: Pradeep Singh <pradeep.rautela@gmail.com>
---
 drivers/net/chelsio/cxgb2.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
index 231ce43..006c634 100644
--- a/drivers/net/chelsio/cxgb2.c
+++ b/drivers/net/chelsio/cxgb2.c
@@ -1022,6 +1022,11 @@ static int __devinit init_one(struct pci_dev *pdev,
 	mmio_start = pci_resource_start(pdev, 0);
 	mmio_len = pci_resource_len(pdev, 0);
 	bi = t1_get_board_info(ent->driver_data);
+	
+	if (!bi) {
+                CH_ERR("%s: Board info array index out of
range\n",pci_name(pdev));
+                goto out_disable_pdev;
+        }

 	for (i = 0; i < bi->port_number; ++i) {
 		struct net_device *netdev;
-- 
1.4.4.2

[snip]
-- 
Pradeep

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[pradeep singh]

Hi,
My mistake.
Resending after reformatting the patch by hand.
Looks like gmail messes the plain text patches.

Thanks

Signed-off-by: Pradeep Singh <pradeep.rautela@gmail.com>
---
 drivers/net/chelsio/cxgb2.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
index 231ce43..006c634 100644
--- a/drivers/net/chelsio/cxgb2.c
+++ b/drivers/net/chelsio/cxgb2.c
@@ -1022,6 +1022,11 @@ static int __devinit init_one(struct pci_dev *pdev,
       mmio_start = pci_resource_start(pdev, 0);
       mmio_len = pci_resource_len(pdev, 0);
       bi = t1_get_board_info(ent->driver_data);
+
+       if (!bi) {
+                CH_ERR("%s: Board info array index out of
range\n",pci_name(pdev));
+                goto out_disable_pdev;
+        }

       for (i = 0; i < bi->port_number; ++i) {
               struct net_device *netdev;

Thanks

--
On 6/21/07, pradeep singh <pradeep.rautela@gmail.com> wrote:
> Hi,
> This is second submission for a possible NULL dereference handling in
> the Chelsio's 10G driver.
>
> Thanks to Jens Axboe for pointing out my mistake of ignoring
> subsequent dereferences in init_one routine.
>
> Thanks
>
> Signed-off-by: Pradeep Singh <pradeep.rautela@gmail.com>
> ---
>  drivers/net/chelsio/cxgb2.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
> index 231ce43..006c634 100644
> --- a/drivers/net/chelsio/cxgb2.c
> +++ b/drivers/net/chelsio/cxgb2.c
> @@ -1022,6 +1022,11 @@ static int __devinit init_one(struct pci_dev *pdev,
>         mmio_start = pci_resource_start(pdev, 0);
>         mmio_len = pci_resource_len(pdev, 0);
>         bi = t1_get_board_info(ent->driver_data);
> +
> +       if (!bi) {
> +                CH_ERR("%s: Board info array index out of
> range\n",pci_name(pdev));
> +                goto out_disable_pdev;
> +        }
>
>         for (i = 0; i < bi->port_number; ++i) {
>                 struct net_device *netdev;
> --
> 1.4.4.2
>
> --
> Pradeep
>


-- 
Pradeep

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Andrew Morton]

> On Thu, 21 Jun 2007 18:48:30 +0530 "pradeep singh" <pradeep.rautela@gmail.com> wrote:
> Hi,
> My mistake.
> Resending after reformatting the patch by hand.
> Looks like gmail messes the plain text patches.
> 

That's still mangled so I typed it in again.

Please always include a full changlog with each version of a patch.

I do not know what this patch does - please provide a changelog.  In this
case it should tell us whether and how this null pointer deref is actually
occuring and if so, why.

As well as a full description of the problem which it solves, a changelog
should also describe _how_ it solved it, but that is sufficiently obvious
in this case.


Thanks.

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[pradeep singh]

On 6/23/07, Andrew Morton <akpm@linux-foundation.org> wrote:
> > On Thu, 21 Jun 2007 18:48:30 +0530 "pradeep singh" <pradeep.rautela@gmail.com> wrote:
> > Hi,
> > My mistake.
> > Resending after reformatting the patch by hand.
> > Looks like gmail messes the plain text patches.
> >
>
> That's still mangled so I typed it in again.
Sorry Andrew.
>
> Please always include a full changlog with each version of a patch.
point noted down.
>
> I do not know what this patch does - please provide a changelog.  In this
> case it should tell us whether and how this null pointer deref is actually
> occuring and if so, why.
affirmative.
>
> As well as a full description of the problem which it solves, a changelog
> should also describe _how_ it solved it, but that is sufficiently obvious
> in this case.

Thanks for the invaluable suggestion Andrew.

Thanks a lot once again.

~pradeep
>
>
> Thanks.
>


-- 
Pradeep

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Andrew Morton]

On Thu, 21 Jun 2007 18:48:30 +0530
"pradeep singh" <pradeep.rautela@gmail.com> wrote:

> diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
> index 231ce43..006c634 100644
> --- a/drivers/net/chelsio/cxgb2.c
> +++ b/drivers/net/chelsio/cxgb2.c
> @@ -1022,6 +1022,11 @@ static int __devinit init_one(struct pci_dev *pdev,
>        mmio_start = pci_resource_start(pdev, 0);
>        mmio_len = pci_resource_len(pdev, 0);
>        bi = t1_get_board_info(ent->driver_data);
> +
> +       if (!bi) {
> +                CH_ERR("%s: Board info array index out of range\n",pci_name(pdev));
> +                goto out_disable_pdev;
> +        }
> 
>        for (i = 0; i < bi->port_number; ++i) {
>                struct net_device *netdev;

The chelsio driver is assuming that pci_device_id.driver_data has been
initialised to the board index, but I am unable to locate anywhere where
that initialisation actually happens.  Is this a bug?

(Who maintains this driver now?)

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Jeff Garzik]

Andrew Morton wrote:
> The chelsio driver is assuming that pci_device_id.driver_data has been
> initialised to the board index, but I am unable to locate anywhere where
> that initialisation actually happens.

It's hidden inside the CH_DEVICE() initializer-helper macro.

	Jeff

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Andrew Morton]

On Mon, 25 Jun 2007 19:14:05 -0400
Jeff Garzik <jeff@garzik.org> wrote:

> Andrew Morton wrote:
> > The chelsio driver is assuming that pci_device_id.driver_data has been
> > initialised to the board index, but I am unable to locate anywhere where
> > that initialisation actually happens.
> 
> It's hidden inside the CH_DEVICE() initializer-helper macro.
> 

oic.

Does this driver still have a maintainer, or is it now a "community"
driver (giggle) ?

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Jeff Garzik]

Andrew Morton wrote:
> On Mon, 25 Jun 2007 19:14:05 -0400
> Jeff Garzik <jeff@garzik.org> wrote:
> 
>> Andrew Morton wrote:
>>> The chelsio driver is assuming that pci_device_id.driver_data has been
>>> initialised to the board index, but I am unable to locate anywhere where
>>> that initialisation actually happens.
>> It's hidden inside the CH_DEVICE() initializer-helper macro.
>>
> 
> oic.
> 
> Does this driver still have a maintainer, or is it now a "community"
> driver (giggle) ?

either "probably community" or "ask shemminger"

	Jeff

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Divy Le Ray]

Andrew Morton wrote:
>
> On Mon, 25 Jun 2007 19:14:05 -0400
> Jeff Garzik <jeff@garzik.org> wrote:
>
> > Andrew Morton wrote:
> > > The chelsio driver is assuming that pci_device_id.driver_data has been
> > > initialised to the board index, but I am unable to locate anywhere 
> where
> > > that initialisation actually happens.
> >
> > It's hidden inside the CH_DEVICE() initializer-helper macro.
> >
>
> oic.
>
> Does this driver still have a maintainer, or is it now a "community"
> driver (giggle) ?
>

I follow the driver's changes. No new features going in anymore, and it 
has been quite stable.
The activity is low.

Cheers,
Divy

> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Jeff Garzik]

Andrew Morton wrote:
> (Who maintains this driver now?)


It was abandonware from the beginning of its life.  Stephen H and 
Francois R did a bunch of cleanups most recently.

	Jeff

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Stephen Hemminger]

On Mon, 25 Jun 2007 19:15:39 -0400
Jeff Garzik <jeff@garzik.org> wrote:

> Andrew Morton wrote:
> > (Who maintains this driver now?)
> 
> 
> It was abandonware from the beginning of its life.  Stephen H and 
> Francois R did a bunch of cleanups most recently.
> 
> 	Jeff

Have a couple of loaner boards, but really don't have the urge to maintain
the driver. But I will retest any changes/cleanups.
-- 
Stephen Hemminger <shemminger@linux-foundation.org>

Re: [PATCH v2.6.22-rc5] cxgb2: handle possible NULL pointer dereferencing, take 2

[Jeff Garzik]

pradeep singh wrote:
> Hi,
> This is second submission for a possible NULL dereference handling in
> the Chelsio's 10G driver.
> 
> Thanks to Jens Axboe for pointing out my mistake of ignoring
> subsequent dereferences in init_one routine.
> 
> Thanks
> 
> Signed-off-by: Pradeep Singh <pradeep.rautela@gmail.com>
> ---
> drivers/net/chelsio/cxgb2.c |    5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/net/chelsio/cxgb2.c b/drivers/net/chelsio/cxgb2.c
> index 231ce43..006c634 100644
> --- a/drivers/net/chelsio/cxgb2.c
> +++ b/drivers/net/chelsio/cxgb2.c
> @@ -1022,6 +1022,11 @@ static int __devinit init_one(struct pci_dev *pdev,
>     mmio_start = pci_resource_start(pdev, 0);
>     mmio_len = pci_resource_len(pdev, 0);
>     bi = t1_get_board_info(ent->driver_data);
> +   
> +    if (!bi) {
> +                CH_ERR("%s: Board info array index out of
> range\n",pci_name(pdev));
> +                goto out_disable_pdev;
> +        }

NAK.  It's impossible to hit this condition.

	Jeff