projects
/
GitHub
/
exynos8895
/
android_kernel_samsung_universal8895.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
67de956
)
NFC: Return from rawsock_release when sk is NULL
author
Eric Dumazet
<edumazet@google.com>
Mon, 11 Jun 2012 22:47:58 +0000
(
00:47
+0200)
committer
Samuel Ortiz
<sameo@linux.intel.com>
Mon, 25 Jun 2012 23:35:26 +0000
(
01:35
+0200)
Sasha Levin reported following panic :
[ 2136.383310] BUG: unable to handle kernel NULL pointer dereference at
00000000000003b0
[ 2136.384022] IP: [<
ffffffff8114e400
>] __lock_acquire+0xc0/0x4b0
[ 2136.384022] PGD
131c4067
PUD
11c0c067
PMD 0
[ 2136.388106] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 2136.388106] CPU 1
[ 2136.388106] Pid: 24855, comm: trinity-child1 Tainted: G W
3.5.0-rc2-sasha-00015-g7b268f7
#374
[ 2136.388106] RIP: 0010:[<
ffffffff8114e400
>] [<
ffffffff8114e400
>]
__lock_acquire+0xc0/0x4b0
[ 2136.388106] RSP: 0018:
ffff8800130b3ca8
EFLAGS:
00010046
[ 2136.388106] RAX:
0000000000000086
RBX:
ffff88001186b000
RCX:
0000000000000000
[ 2136.388106] RDX:
0000000000000000
RSI:
0000000000000000
RDI:
0000000000000000
[ 2136.388106] RBP:
ffff8800130b3d08
R08:
0000000000000001
R09:
0000000000000000
[ 2136.388106] R10:
0000000000000000
R11:
0000000000000001
R12:
0000000000000002
[ 2136.388106] R13:
00000000000003b0
R14:
0000000000000000
R15:
0000000000000000
[ 2136.388106] FS:
00007fa5b1bd4700
(0000) GS:
ffff88001b800000
(0000)
knlGS:
0000000000000000
[ 2136.388106] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 2136.388106] CR2:
00000000000003b0
CR3:
0000000011d1f000
CR4:
00000000000406e0
[ 2136.388106] DR0:
0000000000000000
DR1:
0000000000000000
DR2:
0000000000000000
[ 2136.388106] DR3:
0000000000000000
DR6:
00000000ffff0ff0
DR7:
0000000000000400
[ 2136.388106] Process trinity-child1 (pid: 24855, threadinfo
ffff8800130b2000
, task
ffff88001186b000
)
[ 2136.388106] Stack:
[ 2136.388106]
ffff8800130b3cd8
ffffffff81121785
ffffffff81236774
000080d000000001
[ 2136.388106]
ffff88001b9d6c00
00000000001d6c00
ffffffff130b3d08
ffff88001186b000
[ 2136.388106]
0000000000000000
0000000000000002
0000000000000000
0000000000000000
[ 2136.388106] Call Trace:
[ 2136.388106] [<
ffffffff81121785
>] ? sched_clock_local+0x25/0x90
[ 2136.388106] [<
ffffffff81236774
>] ? get_empty_filp+0x74/0x220
[ 2136.388106] [<
ffffffff8114e97a
>] lock_acquire+0x18a/0x1e0
[ 2136.388106] [<
ffffffff836b37df
>] ? rawsock_release+0x4f/0xa0
[ 2136.388106] [<
ffffffff837c0ef0
>] _raw_write_lock_bh+0x40/0x80
[ 2136.388106] [<
ffffffff836b37df
>] ? rawsock_release+0x4f/0xa0
[ 2136.388106] [<
ffffffff836b37df
>] rawsock_release+0x4f/0xa0
[ 2136.388106] [<
ffffffff8321cfe8
>] sock_release+0x18/0x70
[ 2136.388106] [<
ffffffff8321d069
>] sock_close+0x29/0x30
[ 2136.388106] [<
ffffffff81236bca
>] __fput+0x11a/0x2c0
[ 2136.388106] [<
ffffffff81236d85
>] fput+0x15/0x20
[ 2136.388106] [<
ffffffff8321de34
>] sys_accept4+0x1b4/0x200
[ 2136.388106] [<
ffffffff837c165c
>] ? _raw_spin_unlock_irq+0x4c/0x80
[ 2136.388106] [<
ffffffff837c1669
>] ? _raw_spin_unlock_irq+0x59/0x80
[ 2136.388106] [<
ffffffff837c2565
>] ? sysret_check+0x22/0x5d
[ 2136.388106] [<
ffffffff8321de8b
>] sys_accept+0xb/0x10
[ 2136.388106] [<
ffffffff837c2539
>] system_call_fastpath+0x16/0x1b
[ 2136.388106] Code: ec 04 00 0f 85 ea 03 00 00 be d5 0b 00 00 48 c7 c7
8a c1 40 84 e8 b1 a5 f8 ff 31 c0 e9 d4 03 00 00 66 2e 0f 1f 84 00 00 00
00 00 <49> 81 7d 00 60 73 5e 85 b8 01 00 00 00 44 0f 44 e0 83 fe 01 77
[ 2136.388106] RIP [<
ffffffff8114e400
>] __lock_acquire+0xc0/0x4b0
[ 2136.388106] RSP <
ffff8800130b3ca8
>
[ 2136.388106] CR2:
00000000000003b0
[ 2136.388106] ---[ end trace
6d450e935ee18982
]---
[ 2136.388106] Kernel panic - not syncing: Fatal exception in interrupt
rawsock_release() should test if sock->sk is NULL before calling
sock_orphan()/sock_put()
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
net/nfc/rawsock.c
patch
|
blob
|
blame
|
history
diff --git
a/net/nfc/rawsock.c
b/net/nfc/rawsock.c
index ec1134c9e07fcd34fc5d6116e1a4aef9dedf6f23..8b8a6a2b2badaf61e9c71a174809ca989438668f 100644
(file)
--- a/
net/nfc/rawsock.c
+++ b/
net/nfc/rawsock.c
@@
-54,7
+54,10
@@
static int rawsock_release(struct socket *sock)
{
struct sock *sk = sock->sk;
- pr_debug("sock=%p\n", sock);
+ pr_debug("sock=%p sk=%p\n", sock, sk);
+
+ if (!sk)
+ return 0;
sock_orphan(sk);
sock_put(sk);