korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-21 18:14:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
3df3ba2d4d
linux/drivers/net
History
Bjørn Mork 3df3ba2d4d qmi_wwan: fix NULL deref on disconnect 
qmi_wwan_disconnect is called twice when disconnecting devices with
separate control and data interfaces.  The first invocation will set
the interface data to NULL for both interfaces to flag that the
disconnect has been handled.  But the matching NULL check was left
out when qmi_wwan_disconnect was added, resulting in this oops:

  usb 2-1.4: USB disconnect, device number 4
  qmi_wwan 2-1.4:1.6 wwp0s29u1u4i6: unregister 'qmi_wwan' usb-0000:00:1d.0-1.4, WWAN/QMI device
  BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0
  IP: qmi_wwan_disconnect+0x25/0xc0 [qmi_wwan]
  PGD 0
  P4D 0
  Oops: 0000 [#1] SMP
  Modules linked in: <stripped irrelevant module list>
  CPU: 2 PID: 33 Comm: kworker/2:1 Tainted: G            E   4.12.3-nr44-normandy-r1500619820+ #1
  Hardware name: LENOVO 4291LR7/4291LR7, BIOS CBET4000 4.6-810-g50522254fb 07/21/2017
  Workqueue: usb_hub_wq hub_event [usbcore]
  task: ffff8c882b716040 task.stack: ffffb8e800d84000
  RIP: 0010:qmi_wwan_disconnect+0x25/0xc0 [qmi_wwan]
  RSP: 0018:ffffb8e800d87b38 EFLAGS: 00010246
  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  RDX: 0000000000000001 RSI: ffff8c8824f3f1d0 RDI: ffff8c8824ef6400
  RBP: ffff8c8824ef6400 R08: 0000000000000000 R09: 0000000000000000
  R10: ffffb8e800d87780 R11: 0000000000000011 R12: ffffffffc07ea0e8
  R13: ffff8c8824e2e000 R14: ffff8c8824e2e098 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff8c8835300000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00000000000000e0 CR3: 0000000229ca5000 CR4: 00000000000406e0
  Call Trace:
   ? usb_unbind_interface+0x71/0x270 [usbcore]
   ? device_release_driver_internal+0x154/0x210
   ? qmi_wwan_unbind+0x6d/0xc0 [qmi_wwan]
   ? usbnet_disconnect+0x6c/0xf0 [usbnet]
   ? qmi_wwan_disconnect+0x87/0xc0 [qmi_wwan]
   ? usb_unbind_interface+0x71/0x270 [usbcore]
   ? device_release_driver_internal+0x154/0x210

Reported-and-tested-by: Nathaniel Roach <nroach44@gmail.com>
Fixes: c6adf77953 ("net: usb: qmi_wwan: add qmap mux protocol support")
Cc: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-08 21:13:33 -07:00
..
appletalk drivers/net: Fix ptr_ret.cocci warnings. 2017-07-25 12:27:06 -07:00
arcnet arcnet: com20020-pci: constify attribute_group structures. 2017-07-18 12:04:56 -07:00
bonding Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-01 10:07:50 -07:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-07-05 12:31:59 -07:00
can net: can: janz-ican3: constify attribute_group structures. 2017-07-18 12:04:56 -07:00
cris
dsa net: dsa: lan9303: Only allocate 3 ports 2017-08-08 18:13:59 -07:00
ethernet cxgb4: Clear On FLASH config file after a FW upgrade 2017-08-08 20:34:31 -07:00
fddi
fjes
hamradio hamradio: baycom: make hdlcdrv_ops const 2017-08-07 14:26:46 -07:00
hippi
hyperv netvsc: make sure and unregister datapath 2017-08-08 18:09:52 -07:00
ieee802154 mrf24j40: Fix en error handling path in 'mrf24j40_probe()' 2017-07-25 13:17:31 +02:00
ipvlan ipvlan: Stop advertising NETIF_F_UFO support. 2017-07-17 09:52:57 -07:00
irda net: irda: stir4200: constify usb_device_id 2017-08-08 17:47:58 -07:00
phy net: phy: mdio-bcm-unimac: fix unsigned wrap-around when decrementing timeout 2017-08-08 21:07:41 -07:00
plip
ppp ppp: Fix a scheduling-while-atomic bug in del_chan 2017-07-31 21:59:01 -07:00
slip
team team: use a larger struct for mac address 2017-07-29 11:25:05 -07:00
usb qmi_wwan: fix NULL deref on disconnect 2017-08-08 21:13:33 -07:00
vmxnet3 vmxnet3: avoid format strint overflow warning 2017-07-14 09:03:11 -07:00
wan
wimax
wireless wireless-drivers-next patches for 4.14 2017-08-07 11:37:47 -07:00
xen-netback
dummy.c dummy: Remove references to NETIF_F_UFO. 2017-07-17 09:52:57 -07:00
eql.c
geneve.c geneve/vxlan: offload ports on register/unregister events 2017-07-24 13:52:59 -07:00
gtp.c net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
ifb.c net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
Kconfig
LICENSE.SRC
loopback.c
macsec.c net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
macvlan.c macvlan/macvtap: Remove NETIF_F_UFO advertisement. 2017-07-17 09:52:57 -07:00
macvtap.c macvlan/macvtap: Remove NETIF_F_UFO advertisement. 2017-07-17 09:52:57 -07:00
Makefile
mdio.c
mii.c
netconsole.c
nlmon.c net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
ntb_netdev.c ntb_netdev: set the net_device's parent 2017-07-06 11:30:08 -04:00
rionet.c net: convert sk_buff.users from atomic_t to refcount_t 2017-07-01 07:39:07 -07:00
sb1000.c
Space.c
sungem_phy.c
tap.c tun/tap: Remove references to NETIF_F_UFO. 2017-07-17 09:52:57 -07:00
tun.c sock: enable MSG_ZEROCOPY 2017-08-03 21:37:30 -07:00
veth.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-30 12:43:08 -04:00
virtio_net.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-01 10:07:50 -07:00
vrf.c net: vrf: Add extack messages for newlink failures 2017-08-07 15:16:33 -07:00
vsockmon.c
vxlan.c geneve/vxlan: offload ports on register/unregister events 2017-07-24 13:52:59 -07:00
xen-netfront.c