[kernel/f17] Fix NULL pointer dereference in i2400m (rhbz 808603)
Josh Boyer
jwboyer at fedoraproject.org
Wed Apr 4 12:22:09 UTC 2012
commit e7391bed1e1c1684db9a0924bfd0e8abda05f48a
Author: Josh Boyer <jwboyer at redhat.com>
Date: Wed Apr 4 08:19:48 2012 -0400
Fix NULL pointer dereference in i2400m (rhbz 808603)
kernel.spec | 11 ++++++-
...m-prevent-a-possible-kernel-bug-due-to-mi.patch | 34 ++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 76d4dd5..5c59f46 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 2
+%global baserelease 3
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -774,6 +774,9 @@ Patch21360: uvcvideo-Fix-race-induced-crash-in-uvc_video_clock_update.patch
Patch21370: iwlegacy-do-not-nulify-il-vif-on-reset.patch
Patch21371: iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
+#rhbz 808603
+Patch21380: wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
+
Patch21400: unhandled-irqs-switch-to-polling.patch
Patch21501: nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
@@ -1514,6 +1517,9 @@ ApplyPatch KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-i.patch
#rhbz 806433
ApplyPatch uvcvideo-Fix-race-induced-crash-in-uvc_video_clock_update.patch
+#rhbz 808603
+ApplyPatch wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2353,6 +2359,9 @@ fi
# '-' | |
# '-'
%changelog
+* Wed Apr 04 2012 Josh Boyer <jwboyer at redhat.com>
+- Fix NULL pointer dereference in i2400m (rhbz 808603)
+
* Tue Apr 03 2012 Josh Boyer <jwboyer at redhat.com>
- Fix crash in uvc_video_clock_update from Laurent Pinchart (rhbz 806433)
diff --git a/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch b/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
new file mode 100644
index 0000000..92b2e99
--- /dev/null
+++ b/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
@@ -0,0 +1,34 @@
+From 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil.sutter at viprinet.com>
+Date: Mon, 26 Mar 2012 09:01:30 +0000
+Subject: [PATCH] wimax: i2400m - prevent a possible kernel bug due to missing
+ fw_name string
+
+This happened on a machine with a custom hotplug script calling nameif,
+probably due to slow firmware loading. At the time nameif uses ethtool
+to gather interface information, i2400m->fw_name is zero and so a null
+pointer dereference occurs from within i2400m_get_drvinfo().
+
+Signed-off-by: Phil Sutter <phil.sutter at viprinet.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/wimax/i2400m/netdev.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/net/wimax/i2400m/netdev.c b/drivers/net/wimax/i2400m/netdev.c
+index 63e4b70..1d76ae8 100644
+--- a/drivers/net/wimax/i2400m/netdev.c
++++ b/drivers/net/wimax/i2400m/netdev.c
+@@ -597,7 +597,8 @@ static void i2400m_get_drvinfo(struct net_device *net_dev,
+ struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
+
+ strncpy(info->driver, KBUILD_MODNAME, sizeof(info->driver) - 1);
+- strncpy(info->fw_version, i2400m->fw_name, sizeof(info->fw_version) - 1);
++ strncpy(info->fw_version,
++ i2400m->fw_name ? : "", sizeof(info->fw_version) - 1);
+ if (net_dev->dev.parent)
+ strncpy(info->bus_info, dev_name(net_dev->dev.parent),
+ sizeof(info->bus_info) - 1);
+--
+1.7.7.6
+
More information about the scm-commits
mailing list