| Submitter | Pavel Emelyanov |
|---|---|
| Date | May 11, 2009, 10:36 a.m. |
| Message ID | <4A07FFB3.70308@openvz.org> |
| Download | mbox | patch |
| Permalink | /patch/27044/ |
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
Comments
From: Pavel Emelyanov <xemul@openvz.org> Date: Mon, 11 May 2009 14:36:35 +0400 > It looks like the dev in netpoll_poll can be NULL - at lease it's > checked at the function beginning. Thus the dev->netde_ops dereference > looks dangerous. > > Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Good catch, probably added by the netdev_ops changes. Applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Patch
diff --git a/net/core/netpoll.c b/net/core/netpoll.c index b5873bd..64f51ee 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -175,9 +175,13 @@ static void service_arp_queue(struct netpoll_info *npi) void netpoll_poll(struct netpoll *np) { struct net_device *dev = np->dev; - const struct net_device_ops *ops = dev->netdev_ops; + const struct net_device_ops *ops; + + if (!dev || !netif_running(dev)) + return; - if (!dev || !netif_running(dev) || !ops->ndo_poll_controller) + ops = dev->netdev_ops; + if (!ops->ndo_poll_controller) return; /* Process pending work on NIC */
It looks like the dev in netpoll_poll can be NULL - at lease it's checked at the function beginning. Thus the dev->netde_ops dereference looks dangerous. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html