From 57de16e612d63138bd2c618449af9d8312466e25 Mon Sep 17 00:00:00 2001 From: Martin Bachem Date: Sun, 26 Oct 2008 13:30:09 +0100 Subject: BUGFIX: used NULL pointer at ioctl(sk,IMGETDEVINFO,&devinfo) when devinfo.id not registered daxtar example # modprobe hfcsusb daxtar example # modprobe mISDN_l1loop daxtar example # ./misdnportinfo Found 3 devices id: 0 Dprotocols: 00000006 Bprotocols: 0000000e protocol: 0 nrbchan: 2 name: HFC-S_USB.1 id: 1 Dprotocols: 00000006 Bprotocols: 0000000e protocol: 0 nrbchan: 2 name: mISDN_l1loop.1 id: 2 Dprotocols: 00000006 Bprotocols: 0000000e protocol: 0 nrbchan: 2 name: mISDN_l1loop.2 daxtar example # rmmod hfcsusb daxtar example # ./misdnportinfo Found 2 devices *Segmentation* *fault* dmesg: [ 9914.939718] BUG: unable to handle kernel NULL pointer dereference at 000000d4 [ 9914.939721] IP: [] :mISDN_core:get_mdevice+0x19/0x22 [ 9914.939729] *pde = 00000000 [ 9914.939732] Oops: 0000 [#14] PREEMPT SMP [ 9914.939734] Modules linked in: mISDN_l1loop mISDN_core vmnet vmblock vmci vmmon coretemp w83627ehf hwmon_vid rfcomm l2cap blue tooth usbhid snd_usb_audio snd_usb_lib snd_rawmidi snd_hwdep fuse nvidia(P) uhci_hcd i2c_i801 ehci_hcd snd_hda_intel atl1 usbcore i2c_core parport_seria l [last unloaded: hfcsusb] [ 9914.939751] Pid: 29618, comm: misdnportinfo Tainted: P D (2.6.27.3 #5) [ 9914.939753] EIP: 0060:[] EFLAGS: 00210246 CPU: 0 [ 9914.939758] EIP is at get_mdevice+0x19/0x22 [mISDN_core] [ 9914.939760] EAX: 00000000 EBX: f8fa791c ECX: f6afaa58 EDX: f7960cf4 [ 9914.939762] ESI: 80044944 EDI: bfc2e62c EBP: bfc2e62c ESP: f5adbef4 [ 9914.939763] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 9914.939765] Process misdnportinfo (pid: 29618, ti=f5ada000 task=f6bec430 task.ti=f5ada000) [ 9914.939767] Stack: f8f9f4e0 00000000 f8f9f867 bfc2e62c 0000000a c02461e8 00200246 c042dde8 [ 9914.939771] 00000003 c042dde4 00000000 00000001 00200082 c0114775 00000000 00000000 [ 9914.939775] 00000003 f7088010 00200282 f8fa791c 80044944 bfc2e62c bfc2e62c c02f6615 [ 9914.939780] Call Trace: [ 9914.939782] [] _get_mdevice+0x0/0x18 [mISDN_core] [ 9914.939789] [] base_sock_ioctl+0x7a/0x129 [mISDN_core] [ 9914.939789] [] opost+0x171/0x182 [ 9914.939789] [] __wake_up+0x29/0x39 [ 9914.939789] [] sock_ioctl+0x1b5/0x1d9 [ 9914.939789] [] sock_ioctl+0x0/0x1d9 [ 9914.939789] [] vfs_ioctl+0x1c/0x5d [ 9914.939789] [] do_vfs_ioctl+0x23e/0x24e [ 9914.939789] [] sys_ioctl+0x2c/0x45 [ 9914.939789] [] sysenter_do_call+0x12/0x21 [ 9914.939789] [] pci_fixup_i450gx+0x4e/0x56 [ 9914.939789] ======================= [ 9914.939789] Code: 00 68 02 f0 f9 f8 e8 ae b4 2c c7 8b 44 24 04 5a 59 c3 83 ec 04 31 d2 89 04 24 89 e1 b8 ac df fa f8 68 e0 f4 f9 f8 e8 4a b5 2c c7 <8b> 80 d4 00 00 00 5a 59 c3 53 89 cb 8d 90 9c 00 00 00 89 c8 e8 [ 9914.939789] EIP: [] get_mdevice+0x19/0x22 [mISDN_core] SS:ESP 0068:f5adbef4 [ 9914.939858] ---[ end trace 50e18a715b019424 ]--- Signed-off-by: Martin Bachem Signed-off-by: Karsten Keil diff --git a/include/linux/mISDNif.h b/include/linux/mISDNif.h index 557477a..5da3d95 100644 --- a/include/linux/mISDNif.h +++ b/include/linux/mISDNif.h @@ -559,7 +559,10 @@ extern void mISDN_unregister_clock(struct mISDNclock *); static inline struct mISDNdevice *dev_to_mISDN(struct device *dev) { - return dev_get_drvdata(dev); + if (dev) + return dev_get_drvdata(dev); + else + return NULL; } extern void set_channel_address(struct mISDNchannel *, u_int, u_int); -- cgit v0.10.2 From 9785a8f8db3df0605fa680f44185957aff9d8776 Mon Sep 17 00:00:00 2001 From: Karsten Keil Date: Sun, 11 Jan 2009 17:58:13 +0100 Subject: Make parameter debug writable Overseen in the last patch series. Signed-off-by: Karsten Keil diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c b/drivers/isdn/hardware/mISDN/hfcpci.c index 917bf41..f0e14df 100644 --- a/drivers/isdn/hardware/mISDN/hfcpci.c +++ b/drivers/isdn/hardware/mISDN/hfcpci.c @@ -61,7 +61,7 @@ u32 hfc_jiffies; MODULE_AUTHOR("Karsten Keil"); MODULE_LICENSE("GPL"); -module_param(debug, uint, 0); +module_param(debug, uint, S_IRUGO | S_IWUSR); module_param(poll, uint, S_IRUGO | S_IWUSR); enum { -- cgit v0.10.2 From f27b8c356c4fab9ad222b45bc1cd1c750e64d97b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= Date: Fri, 9 Jan 2009 12:22:50 -0800 Subject: indentation & braces disagree - add braces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Nothing is broken because of this - currently. Signed-off-by: Ilpo Järvinen Signed-off-by: Karsten Keil Signed-off-by: Andrew Morton diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c index 0ac67bf..b70c66b 100644 --- a/drivers/isdn/mISDN/dsp_cmx.c +++ b/drivers/isdn/mISDN/dsp_cmx.c @@ -1893,7 +1893,7 @@ dsp_cmx_hdlc(struct dsp *dsp, struct sk_buff *skb) /* in case of hardware (echo) */ if (dsp->pcm_slot_tx >= 0) return; - if (dsp->echo) + if (dsp->echo) { nskb = skb_clone(skb, GFP_ATOMIC); if (nskb) { hh = mISDN_HEAD_P(nskb); @@ -1902,6 +1902,7 @@ dsp_cmx_hdlc(struct dsp *dsp, struct sk_buff *skb) skb_queue_tail(&dsp->sendq, nskb); schedule_work(&dsp->workq); } + } return; } /* in case of hardware conference */ -- cgit v0.10.2 From 20b788045b73e81ace2498eae42220e64547d6d2 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Fri, 9 Jan 2009 12:22:53 -0800 Subject: drivers/isdn/hardware/mISDN: move a dereference below a NULL test In each case, if the NULL test is necessary, then the dereference should be moved below the NULL test. The semantic patch that makes this change is as follows: (http://www.emn.fr/x-info/coccinelle/) // @@ type T; expression E; identifier i,fld; statement S; @@ - T i = E->fld; + T i; ... when != E when != i if (E == NULL) S + i = E->fld; // Signed-off-by: Julia Lawall Signed-off-by: Andrew Morton Signed-off-by: Karsten Keil diff --git a/drivers/isdn/hardware/mISDN/hfcmulti.c b/drivers/isdn/hardware/mISDN/hfcmulti.c index 97f4708..595ba8e 100644 --- a/drivers/isdn/hardware/mISDN/hfcmulti.c +++ b/drivers/isdn/hardware/mISDN/hfcmulti.c @@ -3615,7 +3615,7 @@ hfcm_bctrl(struct mISDNchannel *ch, u_int cmd, void *arg) static void ph_state_change(struct dchannel *dch) { - struct hfc_multi *hc = dch->hw; + struct hfc_multi *hc; int ch, i; if (!dch) { @@ -3623,6 +3623,7 @@ ph_state_change(struct dchannel *dch) __func__); return; } + hc = dch->hw; ch = dch->slot; if (hc->type == 1) { -- cgit v0.10.2 From 1916ebb2ddad78ae6405b1291acb9f9de212ec49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= Date: Fri, 9 Jan 2009 12:22:51 -0800 Subject: misdn: one handmade ARRAY_SIZE converted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Defined as: static struct device_attribute element_attributes[] = { Signed-off-by: Ilpo Järvinen Signed-off-by: Andrew Morton Signed-off-by: Karsten Keil diff --git a/drivers/isdn/mISDN/dsp_pipeline.c b/drivers/isdn/mISDN/dsp_pipeline.c index bf999bd..0c773fa 100644 --- a/drivers/isdn/mISDN/dsp_pipeline.c +++ b/drivers/isdn/mISDN/dsp_pipeline.c @@ -110,8 +110,7 @@ int mISDN_dsp_element_register(struct mISDN_dsp_element *elem) } list_add_tail(&entry->list, &dsp_elements); - for (i = 0; i < (sizeof(element_attributes) - / sizeof(struct device_attribute)); ++i) + for (i = 0; i < ARRAY_SIZE(element_attributes); ++i) ret = device_create_file(&entry->dev, &element_attributes[i]); if (ret) { -- cgit v0.10.2 From 21c150a6d2c39fe6975e91437095a2c31efdb550 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= Date: Fri, 9 Jan 2009 12:22:52 -0800 Subject: misdn: indentation and braces disagree - add braces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is not buggy due to plain luck as there is only one entry currently in the element_attributes. Signed-off-by: Ilpo Järvinen Signed-off-by: Andrew Morton Signed-off-by: Karsten Keil diff --git a/drivers/isdn/mISDN/dsp_pipeline.c b/drivers/isdn/mISDN/dsp_pipeline.c index 0c773fa..18cf87c 100644 --- a/drivers/isdn/mISDN/dsp_pipeline.c +++ b/drivers/isdn/mISDN/dsp_pipeline.c @@ -110,7 +110,7 @@ int mISDN_dsp_element_register(struct mISDN_dsp_element *elem) } list_add_tail(&entry->list, &dsp_elements); - for (i = 0; i < ARRAY_SIZE(element_attributes); ++i) + for (i = 0; i < ARRAY_SIZE(element_attributes); ++i) { ret = device_create_file(&entry->dev, &element_attributes[i]); if (ret) { @@ -118,6 +118,7 @@ int mISDN_dsp_element_register(struct mISDN_dsp_element *elem) __func__); goto err2; } + } #ifdef PIPELINE_DEBUG printk(KERN_DEBUG "%s: %s registered\n", __func__, elem->name); -- cgit v0.10.2 From fae3e7fba4c664b3a15f2cf15ac439e8d754afc2 Mon Sep 17 00:00:00 2001 From: Karsten Keil Date: Sun, 11 Jan 2009 18:36:30 +0100 Subject: Fix small typo Remove additional ; Signed-off-by: Karsten Keil diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c index b70c66b..58c43e4 100644 --- a/drivers/isdn/mISDN/dsp_cmx.c +++ b/drivers/isdn/mISDN/dsp_cmx.c @@ -1579,7 +1579,7 @@ send_packet: schedule_work(&dsp->workq); } -static u32 jittercount; /* counter for jitter check */; +static u32 jittercount; /* counter for jitter check */ struct timer_list dsp_spl_tl; u32 dsp_spl_jiffies; /* calculate the next time to fire */ static u16 dsp_count; /* last sample count */ -- cgit v0.10.2