Patchwork net: Fix oops in dev_ifsioc()

login
register
mail settings
Submitter Jarek Poplawski
Date Dec. 19, 2008, 7:04 a.m.
Message ID <20081219070431.GA7189@ff.dom.local>
Download mbox | patch
Permalink /patch/14809/
State Accepted
Delegated to: David Miller
Headers show

Comments

Jarek Poplawski - Dec. 19, 2008, 7:04 a.m.
A command like this: "brctl addif br1 eth1" issued as a user gave me
an oops when bridge module wasn't loaded. It's caused by using a dev
pointer before checking for NULL.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
---

 net/core/dev.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Wang Chen - Dec. 19, 2008, 8:02 a.m.
Jarek Poplawski said the following on 2008-12-19 15:04:
> A command like this: "brctl addif br1 eth1" issued as a user gave me
> an oops when bridge module wasn't loaded. It's caused by using a dev
> pointer before checking for NULL.
> 
> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
> ---
> 
>  net/core/dev.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
> 
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 048cf11..daca72e 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -3745,11 +3745,13 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
>  {
>  	int err;
>  	struct net_device *dev = __dev_get_by_name(net, ifr->ifr_name);
> -	const struct net_device_ops *ops = dev->netdev_ops;
> +	const struct net_device_ops *ops;
>  
>  	if (!dev)
>  		return -ENODEV;
>  
> +	ops = dev->netdev_ops;
> +
>  	switch (cmd) {
>  		case SIOCSIFFLAGS:	/* Set interface flags */
>  			return dev_change_flags(dev, ifr->ifr_flags);

Subject will be changed, sorry.
Seems Julia  is doing "Move a dereference below a NULL test" check,
but why the coccinelle missed this one?

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jarek Poplawski - Dec. 19, 2008, 8:11 a.m.
On Fri, Dec 19, 2008 at 04:02:51PM +0800, Wang Chen wrote:
> Jarek Poplawski said the following on 2008-12-19 15:04:
> > A command like this: "brctl addif br1 eth1" issued as a user gave me
> > an oops when bridge module wasn't loaded. It's caused by using a dev
> > pointer before checking for NULL.
...
> Subject will be changed, sorry.
> Seems Julia  is doing "Move a dereference below a NULL test" check,
> but why the coccinelle missed this one?

Probably because it's quite fresh?

Jarek P.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Wang Chen - Dec. 19, 2008, 8:14 a.m.
Jarek Poplawski said the following on 2008-12-19 16:11:
> On Fri, Dec 19, 2008 at 04:02:51PM +0800, Wang Chen wrote:
>> Jarek Poplawski said the following on 2008-12-19 15:04:
>>> A command like this: "brctl addif br1 eth1" issued as a user gave me
>>> an oops when bridge module wasn't loaded. It's caused by using a dev
>>> pointer before checking for NULL.
> ...
>> Subject will be changed, sorry.
>> Seems Julia  is doing "Move a dereference below a NULL test" check,
>> but why the coccinelle missed this one?
> 
> Probably because it's quite fresh?
> 

Yes. Maybe Julia never check the source of -next. :)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Julia Lawall - Dec. 19, 2008, 8:33 a.m.
On Fri, 19 Dec 2008, Wang Chen wrote:

> Jarek Poplawski said the following on 2008-12-19 16:11:
> > On Fri, Dec 19, 2008 at 04:02:51PM +0800, Wang Chen wrote:
> >> Jarek Poplawski said the following on 2008-12-19 15:04:
> >>> A command like this: "brctl addif br1 eth1" issued as a user gave me
> >>> an oops when bridge module wasn't loaded. It's caused by using a dev
> >>> pointer before checking for NULL.
> > ...
> >> Subject will be changed, sorry.
> >> Seems Julia  is doing "Move a dereference below a NULL test" check,
> >> but why the coccinelle missed this one?
> > 
> > Probably because it's quite fresh?
> > 
> 
> Yes. Maybe Julia never check the source of -next. :)

Sorry, my -next was mysteriously quite out of date.  It's up to date now.
Indeed, I found that one just now.

julia
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - Dec. 23, 2008, 3:35 a.m.
From: Jarek Poplawski <jarkao2@gmail.com>
Date: Fri, 19 Dec 2008 07:04:31 +0000

> A command like this: "brctl addif br1 eth1" issued as a user gave me
> an oops when bridge module wasn't loaded. It's caused by using a dev
> pointer before checking for NULL.
> 
> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>

Applied, thanks Jarek.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/core/dev.c b/net/core/dev.c
index 048cf11..daca72e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3745,11 +3745,13 @@  static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
 {
 	int err;
 	struct net_device *dev = __dev_get_by_name(net, ifr->ifr_name);
-	const struct net_device_ops *ops = dev->netdev_ops;
+	const struct net_device_ops *ops;
 
 	if (!dev)
 		return -ENODEV;
 
+	ops = dev->netdev_ops;
+
 	switch (cmd) {
 		case SIOCSIFFLAGS:	/* Set interface flags */
 			return dev_change_flags(dev, ifr->ifr_flags);