* [patch] hamradio: avoid null deref
@ 2009-12-23 13:25 Dan Carpenter
2009-12-23 17:47 ` Jarek Poplawski
0 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2009-12-23 13:25 UTC (permalink / raw)
To: netdev; +Cc: linux-kernel
If dev == NULL we shouldn't dereference it.
Signed-off-by: Dan Carpenter <error27@gmail.com>
--- orig/drivers/net/hamradio/bpqether.c 2009-12-22 23:58:56.000000000 +0200
+++ devel/drivers/net/hamradio/bpqether.c 2009-12-22 23:59:46.000000000 +0200
@@ -283,7 +283,6 @@ static netdev_tx_t bpq_xmit(struct sk_bu
bpq = netdev_priv(dev);
if ((dev = bpq_get_ether_dev(dev)) == NULL) {
- dev->stats.tx_dropped++;
kfree_skb(skb);
return NETDEV_TX_OK;
}
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] hamradio: avoid null deref
2009-12-23 13:25 [patch] hamradio: avoid null deref Dan Carpenter
@ 2009-12-23 17:47 ` Jarek Poplawski
2009-12-23 21:32 ` David Miller
2009-12-26 12:38 ` [patch] hamradio: avoid null deref v2 Dan Carpenter
0 siblings, 2 replies; 7+ messages in thread
From: Jarek Poplawski @ 2009-12-23 17:47 UTC (permalink / raw)
To: Dan Carpenter; +Cc: netdev, linux-kernel
Dan Carpenter wrote, On 12/23/2009 02:25 PM:
> If dev == NULL we shouldn't dereference it.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> --- orig/drivers/net/hamradio/bpqether.c 2009-12-22 23:58:56.000000000 +0200
> +++ devel/drivers/net/hamradio/bpqether.c 2009-12-22 23:59:46.000000000 +0200
> @@ -283,7 +283,6 @@ static netdev_tx_t bpq_xmit(struct sk_bu
> bpq = netdev_priv(dev);
>
> if ((dev = bpq_get_ether_dev(dev)) == NULL) {
> - dev->stats.tx_dropped++;
Why not use a separate variable for another dev? This stat
should be helpful for debugging.
Jarek P.
> kfree_skb(skb);
> return NETDEV_TX_OK;
> }
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] hamradio: avoid null deref
2009-12-23 17:47 ` Jarek Poplawski
@ 2009-12-23 21:32 ` David Miller
2009-12-26 12:38 ` [patch] hamradio: avoid null deref v2 Dan Carpenter
1 sibling, 0 replies; 7+ messages in thread
From: David Miller @ 2009-12-23 21:32 UTC (permalink / raw)
To: jarkao2; +Cc: error27, netdev, linux-kernel
From: Jarek Poplawski <jarkao2@gmail.com>
Date: Wed, 23 Dec 2009 18:47:46 +0100
> Dan Carpenter wrote, On 12/23/2009 02:25 PM:
>
>> If dev == NULL we shouldn't dereference it.
>>
>> Signed-off-by: Dan Carpenter <error27@gmail.com>
>>
>> --- orig/drivers/net/hamradio/bpqether.c 2009-12-22 23:58:56.000000000 +0200
>> +++ devel/drivers/net/hamradio/bpqether.c 2009-12-22 23:59:46.000000000 +0200
>> @@ -283,7 +283,6 @@ static netdev_tx_t bpq_xmit(struct sk_bu
>> bpq = netdev_priv(dev);
>>
>> if ((dev = bpq_get_ether_dev(dev)) == NULL) {
>> - dev->stats.tx_dropped++;
>
> Why not use a separate variable for another dev? This stat
> should be helpful for debugging.
And that is definitely the intent of the code here, to
bump the statistic in the original device object.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [patch] hamradio: avoid null deref v2
2009-12-23 17:47 ` Jarek Poplawski
2009-12-23 21:32 ` David Miller
@ 2009-12-26 12:38 ` Dan Carpenter
2009-12-27 4:17 ` David Miller
1 sibling, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2009-12-26 12:38 UTC (permalink / raw)
To: Jarek Poplawski; +Cc: netdev, linux-kernel
Bump the stats on the original dev not on the newly assigned NULL version of
dev.
Signed-off-by: Dan Carpenter <error27@gmail.com>
--- orig/drivers/net/hamradio/bpqether.c 2009-12-22 23:58:56.000000000 +0200
+++ devel/drivers/net/hamradio/bpqether.c 2009-12-25 19:49:05.000000000 +0200
@@ -282,11 +282,12 @@ static netdev_tx_t bpq_xmit(struct sk_bu
bpq = netdev_priv(dev);
- if ((dev = bpq_get_ether_dev(dev)) == NULL) {
+ if (!bpq->ethdev) {
dev->stats.tx_dropped++;
kfree_skb(skb);
return NETDEV_TX_OK;
}
+ dev = bpq_get_ether_dev(dev);
skb->protocol = ax25_type_trans(skb, dev);
skb_reset_network_header(skb);
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] hamradio: avoid null deref v2
2009-12-26 12:38 ` [patch] hamradio: avoid null deref v2 Dan Carpenter
@ 2009-12-27 4:17 ` David Miller
2009-12-28 16:54 ` [patch] hamradio: avoid null deref v3 Dan Carpenter
0 siblings, 1 reply; 7+ messages in thread
From: David Miller @ 2009-12-27 4:17 UTC (permalink / raw)
To: error27; +Cc: jarkao2, netdev, linux-kernel
From: Dan Carpenter <error27@gmail.com>
Date: Sat, 26 Dec 2009 14:38:12 +0200
> Bump the stats on the original dev not on the newly assigned NULL version of
> dev.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
This doesn't look real nice.
The bpq_get_ether_dev() abstraction exists so that the details of
bpq->this and bpq->that are hidden behind it.
Exposing those details inline just to fix this bug makes the
abstraction significantly less useful, and the code more ugly.
Please just create an "orig_dev" pointer to save the original device
in, and use it to fix this problem properly.
That way you only fetch the bpq ether device pointer via the
abstraction interface.
And BTW, this is how other reviewers told you to implement this
fix. :-)
Thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [patch] hamradio: avoid null deref v3
2009-12-27 4:17 ` David Miller
@ 2009-12-28 16:54 ` Dan Carpenter
2010-01-04 5:44 ` David Miller
0 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2009-12-28 16:54 UTC (permalink / raw)
To: David Miller; +Cc: jarkao2, netdev, linux-kernel
This should address the problems in version 1 (lazy) and version 2 (ugly).
Bump the stats on orig_dev not on the newly assigned NULL dev variable.
Signed-off-by: Dan Carpenter <error27@gmail.com>
--- orig/drivers/net/hamradio/bpqether.c 2009-12-22 23:58:56.000000000 +0200
+++ devel/drivers/net/hamradio/bpqether.c 2009-12-28 00:12:48.000000000 +0200
@@ -248,6 +248,7 @@ static netdev_tx_t bpq_xmit(struct sk_bu
{
unsigned char *ptr;
struct bpqdev *bpq;
+ struct net_device *orig_dev;
int size;
/*
@@ -282,8 +283,9 @@ static netdev_tx_t bpq_xmit(struct sk_bu
bpq = netdev_priv(dev);
+ orig_dev = dev;
if ((dev = bpq_get_ether_dev(dev)) == NULL) {
- dev->stats.tx_dropped++;
+ orig_dev->stats.tx_dropped++;
kfree_skb(skb);
return NETDEV_TX_OK;
}
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch] hamradio: avoid null deref v3
2009-12-28 16:54 ` [patch] hamradio: avoid null deref v3 Dan Carpenter
@ 2010-01-04 5:44 ` David Miller
0 siblings, 0 replies; 7+ messages in thread
From: David Miller @ 2010-01-04 5:44 UTC (permalink / raw)
To: error27; +Cc: jarkao2, netdev, linux-kernel
From: Dan Carpenter <error27@gmail.com>
Date: Mon, 28 Dec 2009 18:54:55 +0200
> This should address the problems in version 1 (lazy) and version 2 (ugly).
>
> Bump the stats on orig_dev not on the newly assigned NULL dev variable.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
Applied.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-01-04 5:44 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-12-23 13:25 [patch] hamradio: avoid null deref Dan Carpenter
2009-12-23 17:47 ` Jarek Poplawski
2009-12-23 21:32 ` David Miller
2009-12-26 12:38 ` [patch] hamradio: avoid null deref v2 Dan Carpenter
2009-12-27 4:17 ` David Miller
2009-12-28 16:54 ` [patch] hamradio: avoid null deref v3 Dan Carpenter
2010-01-04 5:44 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).