2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-23 04:34:11 +08:00
linux-next/drivers
Guillaume Nault fe53985aaa pppoe: fix memory corruption in padt work structure
pppoe_connect() mustn't touch the padt_work field of pppoe sockets
because that work could be already pending.

[   21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004
[   21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c
[   21.475164] *pde = 00000000
[   21.475513] Oops: 0000 [#1] SMP
[   21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio
[   21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1
[   21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[   21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000
[   21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2
[   21.476168] EIP is at process_one_work+0x29/0x31c
[   21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000
[   21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc
[   21.484082]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690
[   21.484082] Stack:
[   21.484082]  00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000
[   21.484082]  00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970
[   21.484082]  f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74
[   21.484082] Call Trace:
[   21.484082]  [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30
[   21.484082]  [<c1043984>] worker_thread+0x1b1/0x244
[   21.484082]  [<c10437d3>] ? rescuer_thread+0x229/0x229
[   21.484082]  [<c10437d3>] ? rescuer_thread+0x229/0x229
[   21.484082]  [<c1047059>] kthread+0x8f/0x94
[   21.484082]  [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26
[   21.484082]  [<c1327ee9>] ret_from_kernel_thread+0x21/0x38
[   21.484082]  [<c1046fca>] ? kthread_parkme+0x19/0x19
[   21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d
[   21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc
[   21.496082] CR2: 0000000000000004
[   21.496082] ---[ end trace e362cc9cf10dae89 ]---

Reported-by: Andrew <nitr0@seti.kr.ua>
Fixes: 287f3a943f ("pppoe: Use workqueue to die properly when a PADT is received")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-04 16:48:52 -05:00
..
accessibility
acpi Merge branches 'acpi-smbus', 'acpi-ec' and 'acpi-pci' 2015-11-20 01:22:52 +01:00
amba
android
ata SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
atm
auxdisplay
base Merge branch 'pm-sleep' 2015-11-20 01:22:33 +01:00
bcma
block null_blk: change type of completion_nsec to unsigned long 2015-12-01 10:52:12 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
bus Merge branch 'x15-audio-fixes' into omap-for-v4.4/fixes 2015-11-12 09:58:21 -08:00
cdrom
char ipmi watchdog : add panic_wdt_timeout parameter 2015-11-16 06:28:43 -06:00
clk h8300 update for v4.4 2015-11-12 15:26:39 -08:00
clocksource clocksource: Disallow drivers for ARCH_USES_GETTIMEOFFSET 2015-11-16 19:07:08 +01:00
connector mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
cpufreq Merge branches 'pm-cpufreq' and 'acpi-cppc' 2015-11-27 16:23:59 +01:00
cpuidle
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-11-17 09:40:05 -08:00
dca
devfreq
dio
dma dmaengine: at_hdmac: use %pad format string for dma_addr_t 2015-11-16 09:21:05 +05:30
dma-buf dma-buf/fence: add fence_wait_any_timeout function v2 2015-10-30 01:16:16 -04:00
edac asm-generic cleanups 2015-11-06 14:22:15 -08:00
eisa
extcon Merge branches 'ib-extcon-mfd-4.4', 'ib-mfd-i2c-v4.4', 'ib-mfd-power-4.4', 'ib-mfd-regmap-4.4' and 'ib-mfd-regulator-4.4' into ibs-for-mfd-merged 2015-10-26 14:48:22 +00:00
firewire IEEE 1394 subsystem patch: 2015-11-11 10:21:34 -08:00
firmware ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
fmc
fpga fpga: socfpga: Fix check of return value of devm_request_irq 2015-10-29 15:20:25 -07:00
gpio gpio: omap: drop omap1 mpuio specific irq_mask/unmask callbacks 2015-11-30 13:50:21 +01:00
gpu Merge branch 'linux-4.4' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes 2015-11-28 06:50:34 +10:00
hid HID: lg: restrict filtering out of first interface to G29 only 2015-12-02 14:51:00 +01:00
hsi hsi: controllers:remove redundant code 2015-10-30 16:10:40 +01:00
hv drivers/hv: share Hyper-V SynIC constants with userspace 2015-11-04 16:24:33 +01:00
hwmon hwmon: (scpi) skip unsupported sensors properly 2015-11-16 09:59:50 -08:00
hwspinlock
hwtracing Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
i2c i2c: i801: add Intel Lewisburg device IDs 2015-11-20 16:22:21 +01:00
ide mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM 2015-11-06 17:50:42 -08:00
idle
iio First set of IIO fixes for the 4.4 cycle. 2015-11-18 13:15:50 -08:00
infiniband SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-11-13 21:41:14 -08:00
iommu s390/pci_dma: handle dma table failures 2015-11-09 09:10:49 +01:00
ipack
irqchip irqchip/gic: Add save/restore of the active state 2015-11-17 14:25:59 +01:00
isdn isdn: Partially revert debug format string usage clean up 2015-11-25 11:49:58 -05:00
leds spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
lguest
lightnvm lightnvm: missing nvm_lock acquire 2015-11-29 14:34:58 -07:00
macintosh
mailbox mailbox: mailbox-test: avoid reading iomem twice 2015-11-04 14:03:04 +05:30
mcb mcb: Destroy IDA on module unload 2015-10-29 09:02:16 +09:00
md dm thin: fix regression in advertised discard limits 2015-11-23 14:54:46 -05:00
media various: fix pci_set_dma_mask return value checking 2015-11-20 16:17:32 -08:00
memory ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
memstick
message SCSI queue for 4.4. 2015-11-12 07:06:18 -05:00
mfd asm-generic cleanups 2015-11-06 14:22:15 -08:00
misc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
mmc mmc: remove bondage between REQ_META and reliable write 2015-11-09 14:04:52 +01:00
mtd mtd: nand: fix shutdown/reboot for multi-chip systems 2015-11-16 10:51:39 -08:00
net pppoe: fix memory corruption in padt work structure 2015-12-04 16:48:52 -05:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
ntb NTB: fix 32-bit compiler warning 2015-11-08 16:24:43 -05:00
nubus
nvdimm libnvdimm, pmem: fix size trim in pmem_direct_access() 2015-11-12 09:55:23 -08:00
nvme nvme: temporary fix for Apple controller reset 2015-12-01 13:23:22 -07:00
nvmem
of More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
oprofile
parisc pci: remove pci_dma_supported 2015-11-10 16:32:11 -08:00
parport
pci ARM/PCI: Move align_resource function pointer to pci_host_bridge structure 2015-11-25 13:23:38 -06:00
pcmcia
perf arm64 updates for 4.4: 2015-11-04 14:47:13 -08:00
phy phy: qcom-ufs: fix build error when the component is built as a module 2015-11-09 17:44:24 -05:00
pinctrl pinctrl: sh-pfc: sh7734: Add missing cfg macro parameter to fix build 2015-12-01 11:13:04 +01:00
platform platform/chrome: Branch for v4.4 2015-11-13 21:53:18 -08:00
pnp
power - New Device Support 2015-11-06 10:23:50 -08:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
rapidio
ras
regulator spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
remoteproc remoteproc: fix memory leak of remoteproc ida cache layers 2015-11-26 17:44:28 +02:00
reset
rpmsg
rtc rtc: ds1307: fix alarm reading at probe time 2015-11-26 18:11:26 +01:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-11-18 08:59:29 -08:00
sbus
scsi qla2xxx: Fix regression introduced by target configFS changes 2015-11-28 19:52:10 -08:00
sfi
sh drivers: sh: Get rid of CONFIG_ARCH_SHMOBILE_MULTI 2015-11-17 02:12:46 +09:00
sn
soc Few Keystone fixes for 4.4-rcx 2015-11-25 23:48:12 +01:00
spi Merge remote-tracking branches 'spi/fix/bcm63xx', 'spi/fix/doc', 'spi/fix/mediatek' and 'spi/fix/pl022' into spi-linus 2015-11-30 12:26:47 +00:00
spmi char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
ssb ssb: add Kconfig entry for compiling SoC related code 2015-10-28 21:05:21 +02:00
staging Revert "Staging: wilc1000: coreconfigurator: Drop unneeded wrapper functions" 2015-11-18 13:22:44 -08:00
target target/stat: print full t10_wwn.model buffer 2015-11-28 21:23:13 -08:00
tc
thermal imx: thermal: use CPU temperature grade info for thresholds 2015-11-23 16:38:40 -08:00
thunderbolt
tty serial: export fsl8250_handle_irq 2015-11-20 16:19:54 -08:00
uio
usb usblp: do not set TASK_INTERRUPTIBLE before lock 2015-11-19 16:31:42 -08:00
uwb driver core update for 4.4-rc1 2015-11-04 21:50:37 -08:00
vfio VFIO updates for v4.4-rc1 2015-11-13 17:05:32 -08:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
video fbdev changes for 4.4 2015-11-10 10:00:09 -08:00
virt
virtio
vlynq
vme char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
w1 power supply and reset changes for the v4.4 series 2015-11-05 12:28:15 -08:00
watchdog watchdog: mtk_wdt: Use MODE_KEY when stopping the watchdog 2015-11-23 09:00:09 +01:00
xen xen: bug fixes for 4.4-rc2 2015-11-26 11:42:25 -08:00
zorro
Kconfig char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
Makefile null_blk: register as a LightNVM device 2015-11-16 15:22:28 -07:00