[kernel/f17] Fix NULL pointer dereference in i2400m (rhbz 808603)

Wed Apr 4 12:22:09 UTC 2012

commit e7391bed1e1c1684db9a0924bfd0e8abda05f48a
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Wed Apr 4 08:19:48 2012 -0400

    Fix NULL pointer dereference in i2400m (rhbz 808603)

 kernel.spec                                        |   11 ++++++-
 ...m-prevent-a-possible-kernel-bug-due-to-mi.patch |   34 ++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletions(-)
---

diff --git a/kernel.spec b/kernel.spec
index 76d4dd5..5c59f46 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 2
+%global baserelease 3
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -774,6 +774,9 @@ Patch21360: uvcvideo-Fix-race-induced-crash-in-uvc_video_clock_update.patch
 Patch21370: iwlegacy-do-not-nulify-il-vif-on-reset.patch
 Patch21371: iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
 
+#rhbz 808603
+Patch21380: wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
+
 Patch21400: unhandled-irqs-switch-to-polling.patch
 
 Patch21501: nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
@@ -1514,6 +1517,9 @@ ApplyPatch KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-i.patch
 #rhbz 806433
 ApplyPatch uvcvideo-Fix-race-induced-crash-in-uvc_video_clock_update.patch
 
+#rhbz 808603
+ApplyPatch wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2353,6 +2359,9 @@ fi
 #    '-'      |  |
 #              '-'
 %changelog
+* Wed Apr 04 2012 Josh Boyer <jwboyer at redhat.com>
+- Fix NULL pointer dereference in i2400m (rhbz 808603)
+
 * Tue Apr 03 2012 Josh Boyer <jwboyer at redhat.com>
 - Fix crash in uvc_video_clock_update from Laurent Pinchart (rhbz 806433)
 
diff --git a/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch b/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
new file mode 100644
index 0000000..92b2e99
--- /dev/null
+++ b/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
@@ -0,0 +1,34 @@
+From 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil.sutter at viprinet.com>
+Date: Mon, 26 Mar 2012 09:01:30 +0000
+Subject: [PATCH] wimax: i2400m - prevent a possible kernel bug due to missing
+ fw_name string
+
+This happened on a machine with a custom hotplug script calling nameif,
+probably due to slow firmware loading. At the time nameif uses ethtool
+to gather interface information, i2400m->fw_name is zero and so a null
+pointer dereference occurs from within i2400m_get_drvinfo().
+
+Signed-off-by: Phil Sutter <phil.sutter at viprinet.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/wimax/i2400m/netdev.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/net/wimax/i2400m/netdev.c b/drivers/net/wimax/i2400m/netdev.c
+index 63e4b70..1d76ae8 100644
+--- a/drivers/net/wimax/i2400m/netdev.c
++++ b/drivers/net/wimax/i2400m/netdev.c
+@@ -597,7 +597,8 @@ static void i2400m_get_drvinfo(struct net_device *net_dev,
+ 	struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
+ 
+ 	strncpy(info->driver, KBUILD_MODNAME, sizeof(info->driver) - 1);
+-	strncpy(info->fw_version, i2400m->fw_name, sizeof(info->fw_version) - 1);
++	strncpy(info->fw_version,
++	        i2400m->fw_name ? : "", sizeof(info->fw_version) - 1);
+ 	if (net_dev->dev.parent)
+ 		strncpy(info->bus_info, dev_name(net_dev->dev.parent),
+ 			sizeof(info->bus_info) - 1);
+-- 
+1.7.7.6
+
