subject:"\[PATCH 1\/1\] ehea\: Fix use after free on reboot"

Re: [PATCH 1/1] ehea: Fix use after free on reboot

2008-05-22 Thread Jeff Garzik


Brian King wrote:

Fixes the following use after free oops:

ehea: Reboot: freeing all eHEA resources
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6b6c5b
Faulting instruction address: 0xd0354488
cpu 0x0: Vector: 300 (Data Access) at [c0002ec6f310]
pc: d0354488: .ehea_shutdown_single_port+0x50/0x78 [ehea]
lr: d035447c: .ehea_shutdown_single_port+0x44/0x78 [ehea]
sp: c0002ec6f590
   msr: 80009032
   dar: 6b6b6b6b6b6b6c5b
 dsisr: 4000
  current = 0xc000281412e0
  paca= 0xc06df300
pid   = 10930, comm = reboot
enter ? for help
[c0002ec6f590] d035d64c .ehea_remove+0x44/0x124 [ehea] (unreliable)
[c0002ec6f630] c0319f88 .of_platform_device_remove+0x40/0x58
[c0002ec6f6a0] c0291018 .__device_release_driver+0xb0/0xf0
[c0002ec6f730] c0291120 .driver_detach+0xc8/0xfc
[c0002ec6f7c0] c028fe24 .bus_remove_driver+0xb4/0x114
[c0002ec6f850] c0291768 .driver_unregister+0x54/0x74
[c0002ec6f8e0] c031a0c8 .of_unregister_driver+0x14/0x28
[c0002ec6f950] c0023ba0 .ibmebus_unregister_driver+0x10/0x24
[c0002ec6f9c0] d0354180 .ehea_reboot_notifier+0x30/0x4c [ehea]
[c0002ec6fa40] c03c95a8 .notifier_call_chain+0x5c/0xcc
[c0002ec6fae0] c0082cd4 .__blocking_notifier_call_chain+0x70/0xb0
[c0002ec6fb90] c0075cf8 .kernel_restart_prepare+0x24/0x58
[c0002ec6fc10] c0075f0c .kernel_restart+0x20/0x6c
[c0002ec6fc90] c0078674 .sys_reboot+0x1d4/0x290
[c0002ec6fe30] c00086ac syscall_exit+0x0/0x40
--- Exception: c01 (System Call) at 0ff63a40
SP (ffceea50) is in userspace

Signed-off-by: Brian King [EMAIL PROTECTED]


applied


___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev

Re: [PATCH 1/1] ehea: Fix use after free on reboot

2008-05-20 Thread Jan-Bernd Themann

On Wednesday 14 May 2008 16:48, Brian King wrote:
 
 Fixes the following use after free oops:
 
 ehea: Reboot: freeing all eHEA resources
 Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6b6c5b
 Faulting instruction address: 0xd0354488
 cpu 0x0: Vector: 300 (Data Access) at [c0002ec6f310]
 pc: d0354488: .ehea_shutdown_single_port+0x50/0x78 [ehea]
 lr: d035447c: .ehea_shutdown_single_port+0x44/0x78 [ehea]
 sp: c0002ec6f590
msr: 80009032
dar: 6b6b6b6b6b6b6c5b
  dsisr: 4000
   current = 0xc000281412e0
   paca= 0xc06df300
 pid   = 10930, comm = reboot
 enter ? for help
 [c0002ec6f590] d035d64c .ehea_remove+0x44/0x124 [ehea] 
 (unreliable)
 [c0002ec6f630] c0319f88 .of_platform_device_remove+0x40/0x58
 [c0002ec6f6a0] c0291018 .__device_release_driver+0xb0/0xf0
 [c0002ec6f730] c0291120 .driver_detach+0xc8/0xfc
 [c0002ec6f7c0] c028fe24 .bus_remove_driver+0xb4/0x114
 [c0002ec6f850] c0291768 .driver_unregister+0x54/0x74
 [c0002ec6f8e0] c031a0c8 .of_unregister_driver+0x14/0x28
 [c0002ec6f950] c0023ba0 .ibmebus_unregister_driver+0x10/0x24
 [c0002ec6f9c0] d0354180 .ehea_reboot_notifier+0x30/0x4c [ehea]
 [c0002ec6fa40] c03c95a8 .notifier_call_chain+0x5c/0xcc
 [c0002ec6fae0] c0082cd4 .__blocking_notifier_call_chain+0x70/0xb0
 [c0002ec6fb90] c0075cf8 .kernel_restart_prepare+0x24/0x58
 [c0002ec6fc10] c0075f0c .kernel_restart+0x20/0x6c
 [c0002ec6fc90] c0078674 .sys_reboot+0x1d4/0x290
 [c0002ec6fe30] c00086ac syscall_exit+0x0/0x40
 --- Exception: c01 (System Call) at 0ff63a40
 SP (ffceea50) is in userspace
 
 Signed-off-by: Brian King [EMAIL PROTECTED]
 ---
 
  linux-2.6-bjking1/drivers/net/ehea/ehea_main.c |3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff -puN drivers/net/ehea/ehea_main.c~ehea_useafter_free_fix 
 drivers/net/ehea/ehea_main.c
 --- linux-2.6/drivers/net/ehea/ehea_main.c~ehea_useafter_free_fix 
 2008-05-14 09:38:10.0 -0500
 +++ linux-2.6-bjking1/drivers/net/ehea/ehea_main.c2008-05-14 
 09:38:10.0 -0500
 @@ -3177,11 +3177,12 @@ out_err:
 
  static void ehea_shutdown_single_port(struct ehea_port *port)
  {
 + struct ehea_adapter *adapter = port-adapter;
   unregister_netdev(port-netdev);
   ehea_unregister_port(port);
   kfree(port-mc_list);
   free_netdev(port-netdev);
 - port-adapter-active_ports--;
 + adapter-active_ports--;
  }
 
  static int ehea_setup_ports(struct ehea_adapter *adapter)
 _
 --
 To unsubscribe from this list: send the line unsubscribe netdev in
 the body of a message to [EMAIL PROTECTED]
 More majordomo info at  http://vger.kernel.org/majordomo-info.html
 

The patch looks good. 

Acked-by: Jan-Bernd Themann [EMAIL PROTECTED]

Thanks,
Jan-Bernd
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev

[PATCH 1/1] ehea: Fix use after free on reboot

2008-05-14 Thread Brian King


Fixes the following use after free oops:

ehea: Reboot: freeing all eHEA resources
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6b6c5b
Faulting instruction address: 0xd0354488
cpu 0x0: Vector: 300 (Data Access) at [c0002ec6f310]
pc: d0354488: .ehea_shutdown_single_port+0x50/0x78 [ehea]
lr: d035447c: .ehea_shutdown_single_port+0x44/0x78 [ehea]
sp: c0002ec6f590
   msr: 80009032
   dar: 6b6b6b6b6b6b6c5b
 dsisr: 4000
  current = 0xc000281412e0
  paca= 0xc06df300
pid   = 10930, comm = reboot
enter ? for help
[c0002ec6f590] d035d64c .ehea_remove+0x44/0x124 [ehea] (unreliable)
[c0002ec6f630] c0319f88 .of_platform_device_remove+0x40/0x58
[c0002ec6f6a0] c0291018 .__device_release_driver+0xb0/0xf0
[c0002ec6f730] c0291120 .driver_detach+0xc8/0xfc
[c0002ec6f7c0] c028fe24 .bus_remove_driver+0xb4/0x114
[c0002ec6f850] c0291768 .driver_unregister+0x54/0x74
[c0002ec6f8e0] c031a0c8 .of_unregister_driver+0x14/0x28
[c0002ec6f950] c0023ba0 .ibmebus_unregister_driver+0x10/0x24
[c0002ec6f9c0] d0354180 .ehea_reboot_notifier+0x30/0x4c [ehea]
[c0002ec6fa40] c03c95a8 .notifier_call_chain+0x5c/0xcc
[c0002ec6fae0] c0082cd4 .__blocking_notifier_call_chain+0x70/0xb0
[c0002ec6fb90] c0075cf8 .kernel_restart_prepare+0x24/0x58
[c0002ec6fc10] c0075f0c .kernel_restart+0x20/0x6c
[c0002ec6fc90] c0078674 .sys_reboot+0x1d4/0x290
[c0002ec6fe30] c00086ac syscall_exit+0x0/0x40
--- Exception: c01 (System Call) at 0ff63a40
SP (ffceea50) is in userspace

Signed-off-by: Brian King [EMAIL PROTECTED]
---

 linux-2.6-bjking1/drivers/net/ehea/ehea_main.c |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff -puN drivers/net/ehea/ehea_main.c~ehea_useafter_free_fix 
drivers/net/ehea/ehea_main.c
--- linux-2.6/drivers/net/ehea/ehea_main.c~ehea_useafter_free_fix   
2008-05-14 09:38:10.0 -0500
+++ linux-2.6-bjking1/drivers/net/ehea/ehea_main.c  2008-05-14 
09:38:10.0 -0500
@@ -3177,11 +3177,12 @@ out_err:
 
 static void ehea_shutdown_single_port(struct ehea_port *port)
 {
+   struct ehea_adapter *adapter = port-adapter;
unregister_netdev(port-netdev);
ehea_unregister_port(port);
kfree(port-mc_list);
free_netdev(port-netdev);
-   port-adapter-active_ports--;
+   adapter-active_ports--;
 }
 
 static int ehea_setup_ports(struct ehea_adapter *adapter)
_
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev

Re: [PATCH 1/1] ehea: Fix use after free on reboot

Re: [PATCH 1/1] ehea: Fix use after free on reboot

[PATCH 1/1] ehea: Fix use after free on reboot

3 matches

Site Navigation

Mail list logo

Footer information