Message ID | 1284665387-10289-2-git-send-email-kronos.it@gmail.com |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
On Thu, Sep 16, 2010 at 3:29 PM, Luca Tettamanti <kronos.it@gmail.com> wrote: > adapter->cmb.cmb is initialized when the device is opened and freed when > it's closed. Accessing it unconditionally during resume results either > in a crash (NULL pointer dereference, when the interface has not been > opened yet) or data corruption (when the interface has been used and > brought down adapter->cmb.cmb points to a deallocated memory area). > > Cc: stable@kernel.org > --- > drivers/net/atlx/atl1.c | 5 +++-- > 1 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/atlx/atl1.c b/drivers/net/atlx/atl1.c > index 63b9ba0..bbd6e30 100644 > --- a/drivers/net/atlx/atl1.c > +++ b/drivers/net/atlx/atl1.c > @@ -2847,10 +2847,11 @@ static int atl1_resume(struct pci_dev *pdev) > pci_enable_wake(pdev, PCI_D3cold, 0); > > atl1_reset_hw(&adapter->hw); > - adapter->cmb.cmb->int_stats = 0; > > - if (netif_running(netdev)) > + if (netif_running(netdev)) { > + adapter->cmb.cmb->int_stats = 0; > atl1_up(adapter); > + } > netif_device_attach(netdev); > > return 0; > -- > 1.7.1 > > Thanks. I confirmed that the other atlx drivers (which I have been reminded I need to finish merging into a single driver) do not have this bug. Acked-by: Chris Snook <chris.snook@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Sep 16, 2010 at 09:29:46PM +0200, Luca Tettamanti wrote: > adapter->cmb.cmb is initialized when the device is opened and freed when > it's closed. Accessing it unconditionally during resume results either > in a crash (NULL pointer dereference, when the interface has not been > opened yet) or data corruption (when the interface has been used and > brought down adapter->cmb.cmb points to a deallocated memory area). > > Cc: stable@kernel.org > --- You do realize you need to sign-off on a patch you create, right? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Greg KH <greg@kroah.com> Date: Thu, 16 Sep 2010 14:13:18 -0700 > On Thu, Sep 16, 2010 at 09:29:46PM +0200, Luca Tettamanti wrote: >> adapter->cmb.cmb is initialized when the device is opened and freed when >> it's closed. Accessing it unconditionally during resume results either >> in a crash (NULL pointer dereference, when the interface has not been >> opened yet) or data corruption (when the interface has been used and >> brought down adapter->cmb.cmb points to a deallocated memory area). >> >> Cc: stable@kernel.org >> --- > > You do realize you need to sign-off on a patch you create, right? Right. Luca please formally resubmit these patches with a proper signoff and all of the accumulated ACKs so far. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/atlx/atl1.c b/drivers/net/atlx/atl1.c index 63b9ba0..bbd6e30 100644 --- a/drivers/net/atlx/atl1.c +++ b/drivers/net/atlx/atl1.c @@ -2847,10 +2847,11 @@ static int atl1_resume(struct pci_dev *pdev) pci_enable_wake(pdev, PCI_D3cold, 0); atl1_reset_hw(&adapter->hw); - adapter->cmb.cmb->int_stats = 0; - if (netif_running(netdev)) + if (netif_running(netdev)) { + adapter->cmb.cmb->int_stats = 0; atl1_up(adapter); + } netif_device_attach(netdev); return 0;