korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-15 15:04:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
fe53985aaa
linux/drivers/net
History
Guillaume Nault fe53985aaa pppoe: fix memory corruption in padt work structure 
pppoe_connect() mustn't touch the padt_work field of pppoe sockets
because that work could be already pending.

[   21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004
[   21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c
[   21.475164] *pde = 00000000
[   21.475513] Oops: 0000 [#1] SMP
[   21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio
[   21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1
[   21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[   21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000
[   21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2
[   21.476168] EIP is at process_one_work+0x29/0x31c
[   21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000
[   21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc
[   21.484082]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690
[   21.484082] Stack:
[   21.484082]  00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000
[   21.484082]  00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970
[   21.484082]  f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74
[   21.484082] Call Trace:
[   21.484082]  [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30
[   21.484082]  [<c1043984>] worker_thread+0x1b1/0x244
[   21.484082]  [<c10437d3>] ? rescuer_thread+0x229/0x229
[   21.484082]  [<c10437d3>] ? rescuer_thread+0x229/0x229
[   21.484082]  [<c1047059>] kthread+0x8f/0x94
[   21.484082]  [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26
[   21.484082]  [<c1327ee9>] ret_from_kernel_thread+0x21/0x38
[   21.484082]  [<c1046fca>] ? kthread_parkme+0x19/0x19
[   21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d
[   21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc
[   21.496082] CR2: 0000000000000004
[   21.496082] ---[ end trace e362cc9cf10dae89 ]---

Reported-by: Andrew <nitr0@seti.kr.ua>
Fixes: 287f3a943f ("pppoe: Use workqueue to die properly when a PADT is received")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-04 16:48:52 -05:00
..
appletalk
arcnet arcnet/com20020: add LEDS_CLASS dependency 2015-11-03 11:29:56 -05:00
bonding bonding: fix panic on non-ARPHRD_ETHER enslave failure 2015-11-07 13:17:32 -05:00
caif net: caif: check return value of alloc_netdev 2015-11-09 11:31:13 -05:00
can can: remove obsolete assignment for CAN protocol error type 2015-11-23 09:37:38 +01:00
cris
dsa net: dsa: mv88e6060: replace magic values with register defines 2015-11-15 20:16:16 -05:00
ethernet net: mvpp2: fix refilling BM pools in RX path 2015-12-04 15:01:13 -05:00
fddi
fjes fjes: fix inconsistent indenting 2015-11-15 17:09:23 -05:00
hamradio Merge branch 'x86/urgent' into x86/asm to fix up conflicts and to pick up fixes 2015-08-18 09:39:47 +02:00
hippi
hyperv flow_dissector: Add flags argument to skb_flow_dissector functions 2015-09-01 15:06:22 -07:00
ieee802154 spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
ipvlan ipvlan: fix use after free of skb 2015-11-17 14:39:29 -05:00
irda net: irda: pxaficp_ir: dmaengine conversion 2015-09-28 22:32:48 -07:00
phy net: phy: reset only targeted phy 2015-12-03 15:26:13 -05:00
plip
ppp pppoe: fix memory corruption in padt work structure 2015-12-04 16:48:52 -05:00
slip ppp, slip: Validate VJ compression slot parameters completely 2015-11-02 16:25:00 -05:00
team net: team: convert to using IFF_NO_QUEUE 2015-08-18 11:55:05 -07:00
usb net: cdc_ncm: fix NULL pointer deref in cdc_ncm_bind_common 2015-11-24 14:26:16 -05:00
vmxnet3 vmxnet3: fix checks for dma mapping errors 2015-12-01 15:19:16 -05:00
wan wan/x25: Fix use-after-free in x25_asy_open_tty() 2015-12-01 15:17:42 -05:00
wimax
wireless rtlwifi: rtl8821ae: Fix lockups on boot 2015-11-17 15:58:53 +02:00
xen-netback xen: features for 4.4-rc0 2015-11-04 17:32:42 -08:00
dummy.c net: dummy: add more features 2015-10-21 19:36:10 -07:00
eql.c
geneve.c geneve: add IPv6 bits to geneve_fill_metadata_dst 2015-10-30 12:10:54 +09:00
ifb.c
Kconfig net: Add IPv6 support to VRF device 2015-10-13 04:55:07 -07:00
LICENSE.SRC
loopback.c net: loopback: convert to using IFF_NO_QUEUE 2015-08-18 11:55:05 -07:00
macvlan.c macvlan: fix leak in macvlan_handle_frame 2015-11-17 14:39:29 -05:00
macvtap.c net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
Makefile fjes: Introduce FUJITSU Extended Socket Network Device driver 2015-08-24 14:06:33 -07:00
mdio.c
mii.c
netconsole.c netconsole: use per-attribute show and store methods 2015-10-13 22:17:51 -07:00
nlmon.c net: nlmon: convert to using IFF_NO_QUEUE 2015-08-18 11:55:05 -07:00
ntb_netdev.c NTB: Add flow control to the ntb_netdev 2015-09-07 15:17:08 -04:00
rionet.c
sb1000.c
Space.c
sungem_phy.c
tun.c net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
veth.c net: veth: enable noqueue operation by default 2015-08-18 11:55:04 -07:00
virtio_net.c virtio-net: avoid unnecessary sg initialzation 2015-08-27 15:51:45 -07:00
vrf.c vrf: fix double free and memory corruption on register_netdevice failure 2015-11-23 17:52:46 -05:00
vxlan.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
xen-netfront.c xen: features for 4.4-rc0 2015-11-04 17:32:42 -08:00