From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750931AbdCNGRQ (ORCPT ); Tue, 14 Mar 2017 02:17:16 -0400 Received: from rtits2.realtek.com ([211.75.126.72]:60851 "EHLO rtits2.realtek.com.tw" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750793AbdCNGRO (ORCPT ); Tue, 14 Mar 2017 02:17:14 -0400 Authenticated-By: X-SpamFilter-By: BOX Solutions SpamTrap 5.56 with qID v2E6H72Z032681, This message is accepted by code: ctloc85258 From: Hayes Wang To: , CC: , , , Hayes Wang Subject: [PATCH net] r8152: fix the list rx_done may be used without initialization Date: Tue, 14 Mar 2017 14:15:20 +0800 Message-ID: <1394712342-15778-252-Taiwan-albertk@realtek.com> X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <20170313215714.n2p6j4nxtpxbheaj@dell5510> References: <20170313215714.n2p6j4nxtpxbheaj@dell5510> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [172.21.177.172] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The list rx_done would be initialized when the linking on occurs. Therefore, if a napi is scheduled without any linking on before, the following kernel panic would happen. BUG: unable to handle kernel NULL pointer dereference at 000000000000008 IP: [] r8152_poll+0xe1e/0x1210 [r8152] PGD 0 Oops: 0002 [#1] SMP Signed-off-by: Hayes Wang --- drivers/net/usb/r8152.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c index 986243c..bb3eedd 100644 --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c @@ -1362,6 +1362,7 @@ static int alloc_all_mem(struct r8152 *tp) spin_lock_init(&tp->rx_lock); spin_lock_init(&tp->tx_lock); INIT_LIST_HEAD(&tp->tx_free); + INIT_LIST_HEAD(&tp->rx_done); skb_queue_head_init(&tp->tx_queue); skb_queue_head_init(&tp->rx_queue); -- 2.7.4