diff mbox

[Bug,15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028

Message ID 80769D7B14936844A23C0C43D9FBCF0F254E49A854@orsmsx501.amr.corp.intel.com
State RFC, archived
Delegated to: David Miller
Headers show

Commit Message

Duyck, Alexander H March 23, 2010, 6:32 p.m. UTC 
David Miller wrote:
> From: Andrew Morton <akpm@linux-foundation.org>
> Date: Mon, 22 Mar 2010 16:14:16 -0700
> 
>> 
>> (switched to email.  Please respond via emailed reply-to-all, not
>> via the bugzilla web interface). 
>> 
>> On Fri, 19 Mar 2010 12:01:10 GMT
>> bugzilla-daemon@bugzilla.kernel.org wrote:
>> 
>>> http://bugzilla.kernel.org/show_bug.cgi?id=15582
>>> 
>>>            Summary: BUG: unable to handle kernel NULL pointer
>>>                     dereference at 0000000000000028
>> 
>> A bug in igb or the vlan code, I guess.
> 
> Hmmm, should have been fixed by:
> 
> commit d1c76af9e2434fac3add561e26c61b06503de986
> Author: Herbert Xu <herbert@gondor.apana.org.au>
> Date:   Mon Mar 16 10:50:02 2009 -0700
> 
>     GRO: Move netpoll checks to correct location
> 
> 
> ...
> 
> Nevermind, the backtrace signature is different for this
> one.

Actually I think this may be a bug in igb_receive_skb.  My guess would be that promiscuous mode is somehow being enabled which is turning off the vlan filtering and as a result we are probably picking up vlan traffic when we have no vlans registered.  The null pointer in that case would be adapter->vlgrp.

The patch below should address it.  However I suspect it will get mangled by our email system here so I don't believe it will apply.  I have also sent a copy of to Jeff to pull into his tree for testing and submission.

Thanks,

Alex

---

This change makes it so that vlan_gro_receive is only used if vlans have been
registered to the adapter structure.  Previously we were just sending all vlan
tagged frames in via this function but this results in a null pointer
dereference when vlans are not registered.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
---

 drivers/net/igb/igb_main.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

David Miller March 23, 2010, 7:40 p.m. UTC | #1 
From: "Duyck, Alexander H" <alexander.h.duyck@intel.com>
Date: Tue, 23 Mar 2010 11:32:19 -0700

> The patch below should address it.  However I suspect it will get
> mangled by our email system here so I don't believe it will apply.
> I have also sent a copy of to Jeff to pull into his tree for testing
> and submission.

Good spotting, thanks Alex.

I'll wait for testing and a final version via Jeff.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/drivers/net/igb/igb_main.c b/drivers/net/igb/igb_main.c
index 45a0e4f..7855f71 100644
--- a/drivers/net/igb/igb_main.c
+++ b/drivers/net/igb/igb_main.c
@@ -5110,7 +5110,7 @@  static void igb_receive_skb(struct igb_q_vector *q_vector,
 {
 	struct igb_adapter *adapter = q_vector->adapter;
 
-	if (vlan_tag)
+	if (vlan_tag && adapter->vlgrp)
 		vlan_gro_receive(&q_vector->napi, adapter->vlgrp,
 		                 vlan_tag, skb);
 	else--