* [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c
@ 2007-09-04 8:14 Micah Gruber
2007-09-07 23:20 ` Jeff Garzik
2007-09-13 9:03 ` Andrew Morton
0 siblings, 2 replies; 5+ messages in thread
From: Micah Gruber @ 2007-09-04 8:14 UTC (permalink / raw)
To: linux-kernel, netdev, jgarzik
This patch fixes a potential null dereference bug where we dereference dev before a null check. This patch simply moves the dereferencing after the null check.
Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
---
--- a/drivers/net/tulip/uli526x.c
+++ b/drivers/net/tulip/uli526x.c
@@ -663,7 +663,7 @@
{
struct net_device *dev = dev_id;
struct uli526x_board_info *db = netdev_priv(dev);
- unsigned long ioaddr = dev->base_addr;
+ unsigned long ioaddr;
unsigned long flags;
if (!dev) {
@@ -671,6 +671,8 @@
return IRQ_NONE;
}
+ ioaddr = dev->base_addr;
+
spin_lock_irqsave(&db->lock, flags);
outl(0, ioaddr + DCR7);
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c
2007-09-04 8:14 [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c Micah Gruber
@ 2007-09-07 23:20 ` Jeff Garzik
2007-09-13 9:03 ` Andrew Morton
1 sibling, 0 replies; 5+ messages in thread
From: Jeff Garzik @ 2007-09-07 23:20 UTC (permalink / raw)
To: Micah Gruber; +Cc: linux-kernel, netdev
Micah Gruber wrote:
> This patch fixes a potential null dereference bug where we dereference dev before a null check. This patch simply moves the dereferencing after the null check.
>
> Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
> ---
>
> --- a/drivers/net/tulip/uli526x.c
> +++ b/drivers/net/tulip/uli526x.c
> @@ -663,7 +663,7 @@
> {
> struct net_device *dev = dev_id;
> struct uli526x_board_info *db = netdev_priv(dev);
> - unsigned long ioaddr = dev->base_addr;
> + unsigned long ioaddr;
> unsigned long flags;
>
> if (!dev) {
> @@ -671,6 +671,8 @@
> return IRQ_NONE;
> }
>
> + ioaddr = dev->base_addr;
> +
as satyam noted, just remove the !dev test
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c
2007-09-13 9:03 ` Andrew Morton
@ 2007-09-13 9:03 ` Kyle McMartin
2007-09-13 14:16 ` Jeff Garzik
1 sibling, 0 replies; 5+ messages in thread
From: Kyle McMartin @ 2007-09-13 9:03 UTC (permalink / raw)
To: Andrew Morton; +Cc: Micah Gruber, linux-kernel, netdev, jgarzik, Grant Grundler
On Thu, Sep 13, 2007 at 02:03:46AM -0700, Andrew Morton wrote:
> I suspect the fix we want is:
>
ack. The trend seems to be to avoid this redundant check in the
interrupt handler.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c
2007-09-04 8:14 [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c Micah Gruber
2007-09-07 23:20 ` Jeff Garzik
@ 2007-09-13 9:03 ` Andrew Morton
2007-09-13 9:03 ` Kyle McMartin
2007-09-13 14:16 ` Jeff Garzik
1 sibling, 2 replies; 5+ messages in thread
From: Andrew Morton @ 2007-09-13 9:03 UTC (permalink / raw)
To: Micah Gruber; +Cc: linux-kernel, netdev, jgarzik, Grant Grundler
On Tue, 04 Sep 2007 16:14:06 +0800 Micah Gruber <micah.gruber@gmail.com> wrote:
> This patch fixes a potential null dereference bug where we dereference dev before a null check. This patch simply moves the dereferencing after the null check.
>
> Signed-off-by: Micah Gruber <micah.gruber@gmail.com>
> ---
>
> --- a/drivers/net/tulip/uli526x.c
> +++ b/drivers/net/tulip/uli526x.c
> @@ -663,7 +663,7 @@
> {
> struct net_device *dev = dev_id;
> struct uli526x_board_info *db = netdev_priv(dev);
> - unsigned long ioaddr = dev->base_addr;
> + unsigned long ioaddr;
> unsigned long flags;
>
> if (!dev) {
> @@ -671,6 +671,8 @@
> return IRQ_NONE;
> }
>
> + ioaddr = dev->base_addr;
> +
> spin_lock_irqsave(&db->lock, flags);
> outl(0, ioaddr + DCR7);
>
I suspect the fix we want is:
--- a/drivers/net/tulip/uli526x.c~fix-a-potential-null-pointer-dereference-in-uli526x_interrupt
+++ a/drivers/net/tulip/uli526x.c
@@ -666,11 +666,6 @@ static irqreturn_t uli526x_interrupt(int
unsigned long ioaddr = dev->base_addr;
unsigned long flags;
- if (!dev) {
- ULI526X_DBUG(1, "uli526x_interrupt() without DEVICE arg", 0);
- return IRQ_NONE;
- }
-
spin_lock_irqsave(&db->lock, flags);
outl(0, ioaddr + DCR7);
_
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c
2007-09-13 9:03 ` Andrew Morton
2007-09-13 9:03 ` Kyle McMartin
@ 2007-09-13 14:16 ` Jeff Garzik
1 sibling, 0 replies; 5+ messages in thread
From: Jeff Garzik @ 2007-09-13 14:16 UTC (permalink / raw)
To: Andrew Morton; +Cc: Micah Gruber, linux-kernel, netdev, Grant Grundler
Andrew Morton wrote:
> --- a/drivers/net/tulip/uli526x.c~fix-a-potential-null-pointer-dereference-in-uli526x_interrupt
> +++ a/drivers/net/tulip/uli526x.c
> @@ -666,11 +666,6 @@ static irqreturn_t uli526x_interrupt(int
> unsigned long ioaddr = dev->base_addr;
> unsigned long flags;
>
> - if (!dev) {
> - ULI526X_DBUG(1, "uli526x_interrupt() without DEVICE arg", 0);
> - return IRQ_NONE;
> - }
> -
correct / ACK
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-09-13 14:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-04 8:14 [CORRECTION][PATCH] Fix a potential NULL pointer dereference in uli526x_interrupt() in drivers/net/tulip/uli526x.c Micah Gruber
2007-09-07 23:20 ` Jeff Garzik
2007-09-13 9:03 ` Andrew Morton
2007-09-13 9:03 ` Kyle McMartin
2007-09-13 14:16 ` Jeff Garzik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).