* KS8851: Possible NULL dereferenced in ks8851_rx_pkts
@ 2010-04-08 7:03 Abraham Arce
2010-04-13 8:28 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Abraham Arce @ 2010-04-08 7:03 UTC (permalink / raw)
To: netdev
Hi,
These changes avoid a possible dereference in skb_reserve when skb is
NULL. I am increasing rx dropped packet count but not sure about how
to handle the dump of frames. Any advice is appreciated.
diff --git a/drivers/net/ks8851.c b/drivers/net/ks8851.c
index d6dc29b..a1aa757 100644
--- a/drivers/net/ks8851.c
+++ b/drivers/net/ks8851.c
@@ -534,8 +534,11 @@ static void ks8851_rx_pkts(struct ks8851_net *ks)
if (rxlen > 0) {
skb = netdev_alloc_skb(ks->netdev, rxlen + 2 + 8);
- if (!skb) {
+ if (unlikely(!skb)) {
/* todo - dump frame and move on */
+ ks_dbg(ks, "No free memory, packet dropped\n");
+ ks->netdev->stats.rx_dropped++;
+ return;
}
/* two bytes to ensure ip is aligned, and four bytes
Best Regards
Abraham
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: KS8851: Possible NULL dereferenced in ks8851_rx_pkts
2010-04-08 7:03 KS8851: Possible NULL dereferenced in ks8851_rx_pkts Abraham Arce
@ 2010-04-13 8:28 ` David Miller
2010-05-05 8:41 ` Abraham Arce
0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2010-04-13 8:28 UTC (permalink / raw)
To: abraham.arce.moreno; +Cc: netdev
From: Abraham Arce <abraham.arce.moreno@gmail.com>
Date: Thu, 8 Apr 2010 02:03:57 -0500
> Hi,
>
> These changes avoid a possible dereference in skb_reserve when skb is
> NULL. I am increasing rx dropped packet count but not sure about how
> to handle the dump of frames. Any advice is appreciated.
This isn't sufficient to handle the NULL pointer.
At a minimum you're going to have to do something about
the fact that the chip has already been told to start
bringing the packet into the RX fifo.
If we just return without finishing up the hardware
operation, the chip is probably going to hang the next
time we come in here and tell it to start another RX
DMA operation without having completed the previous one.
The bug definitely needs to be fixed, however, but someone who knows
this hardware and has access to it for testing will need to implement
the fix.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: KS8851: Possible NULL dereferenced in ks8851_rx_pkts
2010-04-13 8:28 ` David Miller
@ 2010-05-05 8:41 ` Abraham Arce
0 siblings, 0 replies; 3+ messages in thread
From: Abraham Arce @ 2010-05-05 8:41 UTC (permalink / raw)
To: David Miller; +Cc: netdev
David,
>> These changes avoid a possible dereference in skb_reserve when skb is
>> NULL. I am increasing rx dropped packet count but not sure about how
>> to handle the dump of frames. Any advice is appreciated.
>
> This isn't sufficient to handle the NULL pointer.
>
> At a minimum you're going to have to do something about
> the fact that the chip has already been told to start
> bringing the packet into the RX fifo.
Ok
>
> If we just return without finishing up the hardware
> operation, the chip is probably going to hang the next
> time we come in here and tell it to start another RX
> DMA operation without having completed the previous one.
>
> The bug definitely needs to be fixed, however, but someone who knows
> this hardware and has access to it for testing will need to implement
> the fix.
>
I'll give a try and test, have a hardware with me...
Thanks!
Abraham
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-05-05 8:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-04-08 7:03 KS8851: Possible NULL dereferenced in ks8851_rx_pkts Abraham Arce
2010-04-13 8:28 ` David Miller
2010-05-05 8:41 ` Abraham Arce
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.