projects
/
GitHub
/
exynos8895
/
android_kernel_samsung_universal8895.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
472dd35
)
NFC: Prevent NULL deref when getting socket name
author
Sasha Levin
<levinsasha928@gmail.com>
Sat, 30 Jun 2012 09:56:47 +0000
(11:56 +0200)
committer
John W. Linville
<linville@tuxdriver.com>
Mon, 9 Jul 2012 19:01:00 +0000
(15:01 -0400)
llcp_sock_getname can be called without a device attached to the nfc_llcp_sock.
This would lead to the following BUG:
[ 362.341807] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 362.341815] IP: [<
ffffffff836258e5
>] llcp_sock_getname+0x75/0xc0
[ 362.341818] PGD
31b35067
PUD
30631067
PMD 0
[ 362.341821] Oops: 0000 [#627] PREEMPT SMP DEBUG_PAGEALLOC
[ 362.341826] CPU 3
[ 362.341827] Pid: 7816, comm: trinity-child55 Tainted: G D W
3.5.0-rc4-next-20120628-sasha-00005-g9f23eb7
#479
[ 362.341831] RIP: 0010:[<
ffffffff836258e5
>] [<
ffffffff836258e5
>] llcp_sock_getname+0x75/0xc0
[ 362.341832] RSP: 0018:
ffff8800304fde88
EFLAGS:
00010286
[ 362.341834] RAX:
0000000000000000
RBX:
ffff880033cb8000
RCX:
0000000000000001
[ 362.341835] RDX:
ffff8800304fdec4
RSI:
ffff8800304fdec8
RDI:
ffff8800304fdeda
[ 362.341836] RBP:
ffff8800304fdea8
R08:
7ebcebcb772b7ffb
R09:
5fbfcb9c35bdfd53
[ 362.341838] R10:
4220020c54326244
R11:
0000000000000246
R12:
ffff8800304fdec8
[ 362.341839] R13:
ffff8800304fdec4
R14:
ffff8800304fdec8
R15:
0000000000000044
[ 362.341841] FS:
00007effa376e700
(0000) GS:
ffff880035a00000
(0000) knlGS:
0000000000000000
[ 362.341843] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 362.341844] CR2:
0000000000000000
CR3:
0000000030438000
CR4:
00000000000406e0
[ 362.341851] DR0:
0000000000000000
DR1:
0000000000000000
DR2:
0000000000000000
[ 362.341856] DR3:
0000000000000000
DR6:
00000000ffff0ff0
DR7:
0000000000000400
[ 362.341858] Process trinity-child55 (pid: 7816, threadinfo
ffff8800304fc000
, task
ffff880031270000
)
[ 362.341858] Stack:
[ 362.341862]
ffff8800304fdea8
ffff880035156780
0000000000000000
0000000000001000
[ 362.341865]
ffff8800304fdf78
ffffffff83183b40
00000000304fdec8
0000006000000000
[ 362.341868]
ffff8800304f0027
ffffffff83729649
ffff8800304fdee8
ffff8800304fdf48
[ 362.341869] Call Trace:
[ 362.341874] [<
ffffffff83183b40
>] sys_getpeername+0xa0/0x110
[ 362.341877] [<
ffffffff83729649
>] ? _raw_spin_unlock_irq+0x59/0x80
[ 362.341882] [<
ffffffff810f342b
>] ? do_setitimer+0x23b/0x290
[ 362.341886] [<
ffffffff81985ede
>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[ 362.341889] [<
ffffffff8372a539
>] system_call_fastpath+0x16/0x1b
[ 362.341921] Code: 84 00 00 00 00 00 b8 b3 ff ff ff 48 85 db 74 54 66 41 c7 04 24 27 00 49 8d 7c 24 12 41 c7 45 00 60 00 00 00 48 8b 83 28 05 00 00 <8b> 00 41 89 44 24 04 0f b6 83 41 05 00 00 41 88 44 24 10 0f b6
[ 362.341924] RIP [<
ffffffff836258e5
>] llcp_sock_getname+0x75/0xc0
[ 362.341925] RSP <
ffff8800304fde88
>
[ 362.341926] CR2:
0000000000000000
[ 362.341928] ---[ end trace
6d450e935ee18bf3
]---
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/nfc/llcp/sock.c
patch
|
blob
|
blame
|
history
diff --git
a/net/nfc/llcp/sock.c
b/net/nfc/llcp/sock.c
index 17a707db40eb9865000cd073d3661fef1d1ced13..e06d458fc7197ff73e1f1f6f155c154c330cfa67 100644
(file)
--- a/
net/nfc/llcp/sock.c
+++ b/
net/nfc/llcp/sock.c
@@
-292,7
+292,7
@@
static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
pr_debug("%p\n", sk);
- if (llcp_sock == NULL)
+ if (llcp_sock == NULL
|| llcp_sock->dev == NULL
)
return -EBADFD;
addr->sa_family = AF_NFC;