| Message ID | 1342149276-18435-1-git-send-email-klebers@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Commit | 10db8d212864cb6741df7d7fafda5ab6661f6f88 |
| Headers | show |
On Fri, 2012-07-13 at 00:14 -0300, Kleber Sacilotto de Souza wrote: > Function eeh_event_handler() dereferences the pointer returned by > handle_eeh_events() without checking, causing a crash if NULL was > returned, which is expected in some situations. > > This patch fixes this bug by checking for the value returned by > handle_eeh_events() before dereferencing it. Thanks, Ben. > Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com> > --- > arch/powerpc/platforms/pseries/eeh_event.c | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/platforms/pseries/eeh_event.c b/arch/powerpc/platforms/pseries/eeh_event.c > index 4cb375c..fb50631 100644 > --- a/arch/powerpc/platforms/pseries/eeh_event.c > +++ b/arch/powerpc/platforms/pseries/eeh_event.c > @@ -85,8 +85,10 @@ static int eeh_event_handler(void * dummy) > set_current_state(TASK_INTERRUPTIBLE); /* Don't add to load average */ > edev = handle_eeh_events(event); > > - eeh_clear_slot(eeh_dev_to_of_node(edev), EEH_MODE_RECOVERING); > - pci_dev_put(edev->pdev); > + if (edev) { > + eeh_clear_slot(eeh_dev_to_of_node(edev), EEH_MODE_RECOVERING); > + pci_dev_put(edev->pdev); > + } > > kfree(event); > mutex_unlock(&eeh_event_mutex);
diff --git a/arch/powerpc/platforms/pseries/eeh_event.c b/arch/powerpc/platforms/pseries/eeh_event.c index 4cb375c..fb50631 100644 --- a/arch/powerpc/platforms/pseries/eeh_event.c +++ b/arch/powerpc/platforms/pseries/eeh_event.c @@ -85,8 +85,10 @@ static int eeh_event_handler(void * dummy) set_current_state(TASK_INTERRUPTIBLE); /* Don't add to load average */ edev = handle_eeh_events(event); - eeh_clear_slot(eeh_dev_to_of_node(edev), EEH_MODE_RECOVERING); - pci_dev_put(edev->pdev); + if (edev) { + eeh_clear_slot(eeh_dev_to_of_node(edev), EEH_MODE_RECOVERING); + pci_dev_put(edev->pdev); + } kfree(event); mutex_unlock(&eeh_event_mutex);
Function eeh_event_handler() dereferences the pointer returned by handle_eeh_events() without checking, causing a crash if NULL was returned, which is expected in some situations. This patch fixes this bug by checking for the value returned by handle_eeh_events() before dereferencing it. Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com> --- arch/powerpc/platforms/pseries/eeh_event.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-)