forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Arend van Spriel 7d072b404c brcmfmac: avoid null pointer access when brcmf_msgbuf_get_pktid() fails 
The function brcmf_msgbuf_get_pktid() may return a NULL pointer so
the callers should check the return pointer before accessing it to
avoid the crash below (see [1]):

brcmfmac: brcmf_msgbuf_get_pktid: Invalid packet id 273 (not in use)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
IP: [<ffffffff8145b225>] skb_pull+0x5/0x50
PGD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: pci_stub vboxpci(O) vboxnetflt(O) vboxnetadp(O) vboxdrv(O)
 snd_hda_codec_hdmi bnep mousedev hid_generic ushwmon msr ext4 crc16 mbcache
 jbd2 sd_mod uas usb_storage ahci libahci libata scsi_mod xhci_pci xhci_hcd
 usbcore usb_common
CPU: 0 PID: 1661 Comm: irq/61-brcmf_pc Tainted: G O    4.0.1-MacbookPro-ARCH #1
Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6,
 BIOS MBP121.88Z.0167.B02.1503241251 03/24/2015
task: ffff880264203cc0 ti: ffff88025ffe4000 task.ti: ffff88025ffe4000
RIP: 0010:[<ffffffff8145b225>]  [<ffffffff8145b225>] skb_pull+0x5/0x50
RSP: 0018:ffff88025ffe7d40  EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff88008a33c000 RCX: 0000000000000044
RDX: 0000000000000000 RSI: 000000000000004a RDI: 0000000000000000
RBP: ffff88025ffe7da8 R08: 0000000000000096 R09: 000000000000004a
R10: 0000000000000000 R11: 000000000000048e R12: ffff88025ff14f00
R13: 0000000000000000 R14: ffff880263b48200 R15: ffff88008a33c000
FS:  0000000000000000(0000) GS:ffff88026ec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000080 CR3: 000000000180b000 CR4: 00000000003407f0
Stack:
 ffffffffa06aed74 ffff88025ffe7dc8 ffff880263b48270 ffff880263b48278
 05ea88020000004a 0002ffff81014635 000000001720b2f6 ffff88026ec116c0
 ffff880263b48200 0000000000010000 ffff880263b4ae00 ffff880264203cc0
Call Trace:
 [<ffffffffa06aed74>] ? brcmf_msgbuf_process_rx+0x404/0x480 [brcmfmac]
 [<ffffffff810cea60>] ? irq_finalize_oneshot.part.30+0xf0/0xf0
 [<ffffffffa06afb55>] brcmf_proto_msgbuf_rx_trigger+0x35/0xf0 [brcmfmac]
 [<ffffffffa06baf2a>] brcmf_pcie_isr_thread_v2+0x8a/0x130 [brcmfmac]
 [<ffffffff810cea80>] irq_thread_fn+0x20/0x50
 [<ffffffff810ceddf>] irq_thread+0x13f/0x170
 [<ffffffff810cebf0>] ? wake_threads_waitq+0x30/0x30
 [<ffffffff810ceca0>] ? irq_thread_dtor+0xb0/0xb0
 [<ffffffff81092a08>] kthread+0xd8/0xf0
 [<ffffffff81092930>] ? kthread_create_on_node+0x1c0/0x1c0
 [<ffffffff8156d898>] ret_from_fork+0x58/0x90
 [<ffffffff81092930>] ? kthread_create_on_node+0x1c0/0x1c0
Code: 01 83 e2 f7 88 50 01 48 83 c4 08 5b 5d f3 c3 0f 1f 80 00 00 00 00 83 e2
 f7 88 50 01 c3 66 0f 1f 84 00 00 00 00 00 0f 1f
RIP  [<ffffffff8145b225>] skb_pull+0x5/0x50
 RSP <ffff88025ffe7d40>
CR2: 0000000000000080
---[ end trace b074c0f90e7c997d ]---

[1] http://mid.gmane.org/20150430193259.GA5630@googlemail.com

Cc: <stable@vger.kernel.org> # v3.18, v3.19, v4.0, v4.1
Reported-by: Michael Hornung <mhornung.linux@gmail.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2015-05-28 16:27:44 +03:00
..
accessibility
acpi More power management and ACPI updates for v4.1-rc1 2015-04-26 13:56:35 -07:00
amba
android
ata powerpc updates for 4.1 2015-04-16 13:53:32 -05:00
atm
auxdisplay
base Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
bcma Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-04-17 15:50:54 -04:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
bluetooth
bus ARM: SoC driver updates for v4.1 2015-04-22 09:18:17 -07:00
cdrom
char Char/Misc driver patches for 4.1-rc1 2015-04-21 09:42:58 -07:00
clk ARM: SoC multiplatform code changes for v4.1 2015-04-22 09:20:15 -07:00
clocksource Initial ACPI support for arm64: 2015-04-24 08:23:45 -07:00
connector
cpufreq cpufreq: intel_pstate: Fix an annoying !CONFIG_SMP warning 2015-04-15 23:02:24 +02:00
cpuidle ARM: SoC fixes for v4.1 2015-04-22 09:03:30 -07:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-04-26 13:51:05 -07:00
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2015-04-24 09:49:37 -07:00
dma-buf dma-buf: cleanup dma_buf_export() to make it easily extensible 2015-04-21 14:47:16 +05:30
edac
eisa
extcon Char/Misc driver patches for 4.1-rc1 2015-04-21 09:42:58 -07:00
firewire
firmware ARM: SoC driver updates for v4.1 2015-04-22 09:18:17 -07:00
fmc
gpio ARM: SoC cleanups for v4.1 2015-04-22 09:04:39 -07:00
gpu Merge tag 'drm-intel-next-fixes-2015-04-25' of git://anongit.freedesktop.org/drm-intel into drm-fixes 2015-04-27 10:35:15 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-04-14 18:25:15 -07:00
hsi
hv
hwmon hwmon: (w83795) use find_closest_descending() in pwm_freq_to_reg() 2015-04-17 09:03:55 -04:00
hwspinlock
hwtracing/coresight Char/Misc driver patches for 4.1-rc1 2015-04-21 09:42:58 -07:00
i2c Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2015-04-26 17:44:09 -07:00
ide ide: remove deprecated use of pci api 2015-04-17 15:32:07 -04:00
idle Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
iio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
input platform/chrome: Updates for v4.1 2015-04-26 13:36:02 -07:00
iommu Merge git://git.infradead.org/intel-iommu 2015-04-26 17:47:46 -07:00
ipack
irqchip Initial ACPI support for arm64: 2015-04-24 08:23:45 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
leds This is the bulk of GPIO changes for the v4.1 development 2015-04-18 08:22:10 -04:00
lguest Some virtio internal cleanups, a new virtio device "virtio input", and 2015-04-22 10:55:06 -07:00
macintosh
mailbox
mcb
md md updates for 4.1 2015-04-24 09:28:01 -07:00
media v4l: xilinx: fix for include file movement 2015-04-26 09:56:08 -07:00
memory ARM: SoC driver updates for v4.1 2015-04-22 09:18:17 -07:00
memstick memstick: mspro_block: add missing curly braces 2015-04-17 09:04:09 -04:00
message
mfd platform/chrome: Updates for v4.1 2015-04-26 13:36:02 -07:00
misc Char/Misc driver patches for 4.1-rc1 2015-04-21 09:42:58 -07:00
mmc Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2015-04-24 09:49:37 -07:00
mtd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
net brcmfmac: avoid null pointer access when brcmf_msgbuf_get_pktid() fails 2015-05-28 16:27:44 +03:00
nfc
ntb
nubus
of Devicetree updates for 4.1: 2015-04-24 08:46:18 -07:00
oprofile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
parisc parisc: Eliminate sg_virt_addr() and private scatterlist.h 2015-04-21 22:02:43 +02:00
parport
pci xen: features and fixes for 4.1-rc0 2015-04-16 14:01:03 -05:00
pcmcia ARM: SoC cleanups for v4.1 2015-04-22 09:04:39 -07:00
phy USB patches for 4.1-rc1 2015-04-13 17:07:21 -07:00
pinctrl pinctrl: fix allmodconfig noise 2015-04-15 10:02:42 +02:00
platform platform-drivers-x86 for 4.1 2015-04-26 13:44:46 -07:00
pnp Power management and ACPI updates for v4.1-rc1 2015-04-14 20:21:54 -07:00
power
powercap powercap / RAPL: Add support for Intel Skylake processors 2015-04-15 23:06:16 +02:00
pps
ps3
ptp
pwm pwm: Remove __init initializer for pwm_add_table() 2015-04-23 14:50:52 +02:00
rapidio
ras
regulator == Changes to existing drivers == 2015-04-14 17:29:55 -07:00
remoteproc
reset
rpmsg
rtc drivers/rtc/rtc-at91rm9200.c: make IO endian agnostic 2015-04-17 09:04:12 -04:00
s390 Some virtio internal cleanups, a new virtio device "virtio input", and 2015-04-22 10:55:06 -07:00
sbus drivers/sbus/char/envctrl.c: ignore orderly_poweroff return value 2015-04-15 16:35:23 -07:00
scsi Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-04-24 10:22:09 -07:00
sfi
sh
sn
soc - fix unused variable warning for pmic-wrapper 2015-04-14 00:43:28 +02:00
spi Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2015-04-24 09:49:37 -07:00
spmi
ssb ssb: extend fix for PCI related silent reboots to all chipsets 2015-05-20 16:36:06 +03:00
staging Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-04-24 10:22:09 -07:00
tc
thermal
thunderbolt
tty Devicetree updates for 4.1: 2015-04-24 08:46:18 -07:00
uio
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
uwb
vfio
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-04-24 10:22:09 -07:00
video fbdev changes for v4.1 2015-04-20 15:16:25 -07:00
virt
virtio virtio: drop virtio_device_is_legacy_only 2015-04-15 12:41:14 +09:30
vlynq
vme
w1
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2015-04-22 11:22:55 -07:00
xen Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-04-24 10:22:09 -07:00
zorro
Kconfig
Makefile