[kernel/f16] Fix NULL pointer dereference in i2400m (rhbz 808603)
Josh Boyer
jwboyer at fedoraproject.org
Wed Apr 4 12:22:04 UTC 2012
commit d12aed4d96376cc47ac596492f124dd041d4a902
Author: Josh Boyer <jwboyer at redhat.com>
Date: Wed Apr 4 08:19:48 2012 -0400
Fix NULL pointer dereference in i2400m (rhbz 808603)
kernel.spec | 9 +++++
...m-prevent-a-possible-kernel-bug-due-to-mi.patch | 34 ++++++++++++++++++++
2 files changed, 43 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 905deda..3ee0b3b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -786,6 +786,9 @@ Patch21360: uvcvideo-Fix-race-induced-crash-in-uvc_video_clock_update.patch
Patch21370: iwlegacy-do-not-nulify-il-vif-on-reset.patch
Patch21371: iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
+#rhbz 808603
+Patch21380: wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
+
Patch21501: nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
#rhbz 808207 CVE-2012-1601
@@ -1478,6 +1481,9 @@ ApplyPatch KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-i.patch
#rhbz 806433
ApplyPatch uvcvideo-Fix-race-induced-crash-in-uvc_video_clock_update.patch
+#rhbz 808603
+ApplyPatch wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2216,6 +2222,9 @@ fi
# and build.
%changelog
+* Wed Apr 04 2012 Josh Boyer <jwboyer at redhat.com>
+- Fix NULL pointer dereference in i2400m (rhbz 808603)
+
* Tue Apr 03 2012 Josh Boyer <jwboyer at redhat.com>
- Fix crash in uvc_video_clock_update from Laurent Pinchart (rhbz 806433)
diff --git a/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch b/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
new file mode 100644
index 0000000..92b2e99
--- /dev/null
+++ b/wimax-i2400m-prevent-a-possible-kernel-bug-due-to-mi.patch
@@ -0,0 +1,34 @@
+From 4eee6a3a04e8bb53fbe7de0f64d0524d3fbe3f80 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil.sutter at viprinet.com>
+Date: Mon, 26 Mar 2012 09:01:30 +0000
+Subject: [PATCH] wimax: i2400m - prevent a possible kernel bug due to missing
+ fw_name string
+
+This happened on a machine with a custom hotplug script calling nameif,
+probably due to slow firmware loading. At the time nameif uses ethtool
+to gather interface information, i2400m->fw_name is zero and so a null
+pointer dereference occurs from within i2400m_get_drvinfo().
+
+Signed-off-by: Phil Sutter <phil.sutter at viprinet.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/wimax/i2400m/netdev.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/drivers/net/wimax/i2400m/netdev.c b/drivers/net/wimax/i2400m/netdev.c
+index 63e4b70..1d76ae8 100644
+--- a/drivers/net/wimax/i2400m/netdev.c
++++ b/drivers/net/wimax/i2400m/netdev.c
+@@ -597,7 +597,8 @@ static void i2400m_get_drvinfo(struct net_device *net_dev,
+ struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
+
+ strncpy(info->driver, KBUILD_MODNAME, sizeof(info->driver) - 1);
+- strncpy(info->fw_version, i2400m->fw_name, sizeof(info->fw_version) - 1);
++ strncpy(info->fw_version,
++ i2400m->fw_name ? : "", sizeof(info->fw_version) - 1);
+ if (net_dev->dev.parent)
+ strncpy(info->bus_info, dev_name(net_dev->dev.parent),
+ sizeof(info->bus_info) - 1);
+--
+1.7.7.6
+
More information about the scm-commits
mailing list