From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>,
Sean Tranchetti <stranche@codeaurora.org>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.19 70/73] net: qualcomm: rmnet: Fix incorrect assignment of real_dev
Date: Wed, 14 Nov 2018 17:22:04 -0500 [thread overview]
Message-ID: <20181114222207.98701-70-sashal@kernel.org> (raw)
In-Reply-To: <20181114222207.98701-1-sashal@kernel.org>
From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
[ Upstream commit d02854dc1999ed3e7fd79ec700c64ac23ac0c458 ]
A null dereference was observed when a sysctl was being set
from userspace and rmnet was stuck trying to complete some actions
in the NETDEV_REGISTER callback. This is because the real_dev is set
only after the device registration handler completes.
sysctl call stack -
<6> Unable to handle kernel NULL pointer dereference at
virtual address 00000108
<2> pc : rmnet_vnd_get_iflink+0x1c/0x28
<2> lr : dev_get_iflink+0x2c/0x40
<2> rmnet_vnd_get_iflink+0x1c/0x28
<2> inet6_fill_ifinfo+0x15c/0x234
<2> inet6_ifinfo_notify+0x68/0xd4
<2> ndisc_ifinfo_sysctl_change+0x1b8/0x234
<2> proc_sys_call_handler+0xac/0x100
<2> proc_sys_write+0x3c/0x4c
<2> __vfs_write+0x54/0x14c
<2> vfs_write+0xcc/0x188
<2> SyS_write+0x60/0xc0
<2> el0_svc_naked+0x34/0x38
device register call stack -
<2> notifier_call_chain+0x84/0xbc
<2> raw_notifier_call_chain+0x38/0x48
<2> call_netdevice_notifiers_info+0x40/0x70
<2> call_netdevice_notifiers+0x38/0x60
<2> register_netdevice+0x29c/0x3d8
<2> rmnet_vnd_newlink+0x68/0xe8
<2> rmnet_newlink+0xa0/0x160
<2> rtnl_newlink+0x57c/0x6c8
<2> rtnetlink_rcv_msg+0x1dc/0x328
<2> netlink_rcv_skb+0xac/0x118
<2> rtnetlink_rcv+0x24/0x30
<2> netlink_unicast+0x158/0x1f0
<2> netlink_sendmsg+0x32c/0x338
<2> sock_sendmsg+0x44/0x60
<2> SyS_sendto+0x150/0x1ac
<2> el0_svc_naked+0x34/0x38
Fixes: b752eff5be24 ("net: qualcomm: rmnet: Implement ndo_get_iflink")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qualcomm/rmnet/rmnet_vnd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_vnd.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_vnd.c
index 0afc3d335d56..d11c16aeb19a 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_vnd.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_vnd.c
@@ -234,7 +234,7 @@ int rmnet_vnd_newlink(u8 id, struct net_device *rmnet_dev,
struct net_device *real_dev,
struct rmnet_endpoint *ep)
{
- struct rmnet_priv *priv;
+ struct rmnet_priv *priv = netdev_priv(rmnet_dev);
int rc;
if (ep->egress_dev)
@@ -247,6 +247,8 @@ int rmnet_vnd_newlink(u8 id, struct net_device *rmnet_dev,
rmnet_dev->hw_features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM;
rmnet_dev->hw_features |= NETIF_F_SG;
+ priv->real_dev = real_dev;
+
rc = register_netdevice(rmnet_dev);
if (!rc) {
ep->egress_dev = rmnet_dev;
@@ -255,9 +257,7 @@ int rmnet_vnd_newlink(u8 id, struct net_device *rmnet_dev,
rmnet_dev->rtnl_link_ops = &rmnet_link_ops;
- priv = netdev_priv(rmnet_dev);
priv->mux_id = id;
- priv->real_dev = real_dev;
netdev_dbg(rmnet_dev, "rmnet dev created\n");
}
--
2.17.1
next prev parent reply other threads:[~2018-11-15 8:27 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-14 22:20 [PATCH AUTOSEL 4.19 01/73] serial: sh-sci: Fix receive on SCIFA/SCIFB variants with DMA Sasha Levin
2018-11-14 22:20 ` [PATCH AUTOSEL 4.19 02/73] netfilter: ipv6: fix oops when defragmenting locally generated fragments Sasha Levin
2018-11-14 22:20 ` [PATCH AUTOSEL 4.19 03/73] netfilter: bridge: define INT_MIN & INT_MAX in userspace Sasha Levin
2018-11-14 22:20 ` [PATCH AUTOSEL 4.19 04/73] s390/decompressor: add missing FORCE to build targets Sasha Levin
2018-11-14 22:20 ` [PATCH AUTOSEL 4.19 05/73] s390/vdso: " Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 06/73] HID: i2c-hid: Add a small delay after sleep command for Raydium touchpanel Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 07/73] Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS" Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 08/73] HID: alps: allow incoming reports when only the trackstick is opened Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 09/73] Revert "netfilter: nft_numgen: add map lookups for numgen random operations" Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 10/73] netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 11/73] netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 12/73] netfilter: ipset: fix ip_set_list allocation failure Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 13/73] s390/mm: fix mis-accounting of pgtable_bytes Sasha Levin
2018-11-30 15:11 ` Martin Schwidefsky
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 14/73] s390/mm: Fix ERROR: "__node_distance" undefined! Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 15/73] bpf: fix bpf_prog_get_info_by_fd to return 0 func_lens for unpriv Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 16/73] usbnet: smsc95xx: disable carrier check while suspending Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 17/73] net: dsa: microchip: initialize mutex before use Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 18/73] net: bcmgenet: protect stop from timeout Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 19/73] net: systemport: Protect " Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 20/73] netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 21/73] netfilter: xt_IDLETIMER: add sysfs filename checking routine Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 22/73] netfilter: ipset: Fix calling ip_set() macro at dumping Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 23/73] netfilter: nft_compat: ebtables 'nat' table is normal chain type Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 24/73] s390/qeth: fix HiperSockets sniffer Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 25/73] s390/qeth: unregister netdevice only when registered Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 26/73] net: hns3: Fix for out-of-bounds access when setting pfc back pressure Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 27/73] mlxsw: spectrum: Fix IP2ME CPU policer configuration Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 28/73] hwmon: (ibmpowernv) Remove bogus __init annotations Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 29/73] net: phy: realtek: fix RTL8201F sysfs name Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 30/73] ARM: dts: imx6sll: fix typo for fsl,imx6sll-i2c node Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 31/73] ARM: dts: fsl: Fix improperly quoted stdout-path values Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 32/73] ARM: dts: imx6sx-sdb: Fix enet phy regulator Sasha Levin
2018-11-15 10:39 ` Leonard Crestez
2018-11-22 19:34 ` Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 33/73] Revert "drm/exynos/decon5433: implement frame counter" Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 34/73] arm64: dts: renesas: r8a7795: add missing dma-names on hscif2 Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 35/73] arm64: dts: renesas: condor: switch from EtherAVB to GEther Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 36/73] xen/grant-table: Fix incorrect gnttab_dma_free_pages() pr_debug message Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 37/73] clk: fixed-factor: fix of_node_get-put imbalance Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 38/73] mtd: nand: Fix nanddev_pos_next_page() kernel-doc header Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 39/73] lib/raid6: Fix arm64 test build Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 40/73] drm/amd/display: Stop leaking planes Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 41/73] block: Clear kernel memory before copying to user Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 42/73] drm/amd/display: Drop reusing drm connector for MST Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 43/73] drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder() Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 44/73] s390/perf: Change CPUM_CF return code in event init function Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 45/73] ceph: quota: fix null pointer dereference in quota check Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 46/73] clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 47/73] clk: meson: axg: mark fdiv2 and fdiv3 as critical Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 48/73] of/device: Really only set bus DMA mask when appropriate Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 49/73] nvme: make sure ns head inherits underlying device limits Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 50/73] i2c: omap: Enable for ARCH_K3 Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 51/73] i2c: qcom-geni: Fix runtime PM mismatch with child devices Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 52/73] sched/core: Take the hotplug lock in sched_init_smp() Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 53/73] perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 54/73] perf tools: Do not zero sample_id_all for group members Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 55/73] ice: Fix dead device link issue with flow control Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 56/73] ice: Fix the bytecount sent to netdev_tx_sent_queue Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 57/73] ice: Change req_speeds to be u16 Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 58/73] i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 59/73] ibmvnic: fix accelerated VLAN handling Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 60/73] qed: Fix memory/entry leak in qed_init_sp_request() Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 61/73] qed: Fix blocking/unlimited SPQ entries leak Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 62/73] qed: Fix SPQ entries not returned to pool in error flows Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 63/73] qed: Fix potential memory corruption Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 64/73] net: stmmac: Fix RX packet size > 8191 Sasha Levin
2018-11-14 22:21 ` [PATCH AUTOSEL 4.19 65/73] net: smsc95xx: Fix MTU range Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 66/73] ext4: missing !bh check in ext4_xattr_inode_write() Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 67/73] net: aquantia: fix potential IOMMU fault after driver unbind Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 68/73] net: aquantia: fixed enable unicast on 32 macvlan Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 69/73] net: aquantia: invalid checksumm offload implementation Sasha Levin
2018-11-14 22:22 ` Sasha Levin [this message]
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 71/73] kbuild: deb-pkg: fix too low build version number Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 72/73] Revert "scripts/setlocalversion: git: Make -dirty check more robust" Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.19 73/73] net: dsa: mv88e6xxx: Fix clearing of stats counters Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181114222207.98701-70-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=stranche@codeaurora.org \
--cc=subashab@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).