q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers
History
James Chapman 3feec9095d l2tp: Fix oops in pppol2tp_xmit 
When transmitting L2TP frames, we derive the outgoing interface's UDP
checksum hardware assist capabilities from the tunnel dst dev. This
can sometimes be NULL, especially when routing protocols are used and
routing changes occur. This patch just checks for NULL dst or dev
pointers when checking for netdev hardware assist features.

BUG: unable to handle kernel NULL pointer dereference at 0000000c
IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp]
*pde = 00000000
Oops: 0000 [#1] SMP
last sysfs file: /sys/class/net/lo/operstate
Modules linked in: pppol2tp pppox ppp_generic slhc ipv6 dummy loop snd_hda_codec_atihdmi snd_hda_intel snd_hda_codec snd_pcm snd_timer snd soundcore snd_page_alloc evdev psmouse serio_raw processor button i2c_piix4 i2c_core ati_agp agpgart pcspkr ext3 jbd mbcache sd_mod ide_pci_generic atiixp ide_core ahci ata_generic floppy ehci_hcd ohci_hcd libata e1000e scsi_mod usbcore nls_base thermal fan thermal_sys [last unloaded: scsi_wait_scan]

Pid: 0, comm: swapper Not tainted (2.6.32.8 #1)
EIP: 0060:[<f89d074c>] EFLAGS: 00010297 CPU: 3
EIP is at pppol2tp_xmit+0x341/0x4da [pppol2tp]
EAX: 00000000 EBX: f64d1680 ECX: 000005b9 EDX: 00000000
ESI: f6b91850 EDI: f64d16ac EBP: f6a0c4c0 ESP: f70a9cac
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=f70a8000 task=f70a31c0 task.ti=f70a8000)
Stack:
 000005a9 000005b9 f734c400 f66652c0 f7352e00 f67dc800 00000000 f6b91800
<0> 000005a3 f70ef6c4 f67dcda9 000005a3 f89b192e 00000246 000005a3 f64d1680
<0> f63633e0 f6363320 f64d1680 f65a7320 f65a7364 f65856c0 f64d1680 f679f02f
Call Trace:
 [<f89b192e>] ? ppp_push+0x459/0x50e [ppp_generic]
 [<f89b217f>] ? ppp_xmit_process+0x3b6/0x430 [ppp_generic]
 [<f89b2306>] ? ppp_start_xmit+0x10d/0x120 [ppp_generic]
 [<c11c15cb>] ? dev_hard_start_xmit+0x21f/0x2b2
 [<c11d0947>] ? sch_direct_xmit+0x48/0x10e
 [<c11c19a0>] ? dev_queue_xmit+0x263/0x3a6
 [<c11e2a9f>] ? ip_finish_output+0x1f7/0x221
 [<c11df682>] ? ip_forward_finish+0x2e/0x30
 [<c11de645>] ? ip_rcv_finish+0x295/0x2a9
 [<c11c0b19>] ? netif_receive_skb+0x3e9/0x404
 [<f814b791>] ? e1000_clean_rx_irq+0x253/0x2fc [e1000e]
 [<f814cb7a>] ? e1000_clean+0x63/0x1fc [e1000e]
 [<c1047eff>] ? sched_clock_local+0x15/0x11b
 [<c11c1095>] ? net_rx_action+0x96/0x195
 [<c1035750>] ? __do_softirq+0xaa/0x151
 [<c1035828>] ? do_softirq+0x31/0x3c
 [<c10358fe>] ? irq_exit+0x26/0x58
 [<c1004b21>] ? do_IRQ+0x78/0x89
 [<c1003729>] ? common_interrupt+0x29/0x30
 [<c101ac28>] ? native_safe_halt+0x2/0x3
 [<c1008c54>] ? default_idle+0x55/0x75
 [<c1009045>] ? c1e_idle+0xd2/0xd5
 [<c100233c>] ? cpu_idle+0x46/0x62
Code: 8d 45 08 f0 ff 45 08 89 6b 08 c7 43 68 7e fb 9c f8 8a 45 24 83 e0 0c 3c 04 75 09 80 63 64 f3 e9 b4 00 00 00 8b 43 18 8b 4c 24 04 <8b> 40 0c 8d 79 11 f6 40 44 0e 8a 43 64 75 51 6a 00 8b 4c 24 08
EIP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] SS:ESP 0068:f70a9cac
CR2: 000000000000000c

Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2010-03-16 14:15:43 -07:00
..
accessibility
acpi Merge branches 'battery-2.6.34', 'bugzilla-10805', 'bugzilla-14668', 'bugzilla-531916-power-state', 'ht-warn-2.6.34', 'pnp', 'processor-rename', 'sony-2.6.34', 'suse-bugzilla-531547', 'tz-check', 'video' and 'misc-2.6.34' into release 2010-03-14 21:30:17 -04:00
amba
ata Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
atm atm: use for_each_set_bit() 2010-03-15 16:00:47 -07:00
auxdisplay auxdisplay: move cfag12864bfb's probe function to .devinit.text 2010-03-07 17:04:50 -08:00
base Driver core: create lock/unlock functions for struct device 2010-03-07 17:04:52 -08:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
bluetooth
cdrom
char Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-03-13 14:45:49 -08:00
clocksource MFGPT: move clocksource menu 2010-03-06 11:26:28 -08:00
connector
cpufreq Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
cpuidle Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
crypto Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
dca
dio
dma Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
edac edac: e752x: add dram scrubbing support 2010-03-12 15:52:40 -08:00
eisa eisa: fix coding style for eisa bus code 2010-03-06 11:26:32 -08:00
firewire Driver core: create lock/unlock functions for struct device 2010-03-07 17:04:52 -08:00
firmware Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
gpio driver-core: Add attribute argument to class_attribute show/store 2010-03-07 17:04:48 -08:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
hid Input: scancode in get/set_keycodes should be unsigned 2010-03-08 23:19:15 -08:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-03-06 11:33:09 -08:00
i2c Add include to i2c-xii.c to fix build error 2010-03-14 11:14:58 -07:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-next-2.6 2010-03-04 08:24:06 -08:00
idle
ieee1394 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
ieee802154
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2010-03-13 14:38:31 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-03-14 11:13:54 -07:00
isdn gigaset: correct range checking off by one error 2010-03-16 14:15:41 -07:00
leds led: Enable led in 88pm860x 2010-03-07 22:17:05 +01:00
lguest
macintosh powerpc: Fix G5 thermal shutdown 2010-03-09 11:55:27 +11:00
mca
md Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
media Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-03-14 11:13:54 -07:00
memstick
message Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
mfd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2010-03-12 16:41:09 -08:00
misc init dynamic bin_attribute structures 2010-03-14 20:28:39 -07:00
mmc Merge branch 'msm-mmc_sdcc' of git://codeaurora.org/quic/kernel/dwalker/linux-msm 2010-03-12 16:21:24 -08:00
mtd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
net l2tp: Fix oops in pppol2tp_xmit 2010-03-16 14:15:43 -07:00
nubus
of
oprofile
parisc Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
parport Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
pci Merge branches 'battery-2.6.34', 'bugzilla-10805', 'bugzilla-14668', 'bugzilla-531916-power-state', 'ht-warn-2.6.34', 'pnp', 'processor-rename', 'sony-2.6.34', 'suse-bugzilla-531547', 'tz-check', 'video' and 'misc-2.6.34' into release 2010-03-14 21:30:17 -04:00
pcmcia Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2010-03-12 16:00:54 -08:00
platform Merge branches 'battery-2.6.34', 'bugzilla-10805', 'bugzilla-14668', 'bugzilla-531916-power-state', 'ht-warn-2.6.34', 'pnp', 'processor-rename', 'sony-2.6.34', 'suse-bugzilla-531547', 'tz-check', 'video' and 'misc-2.6.34' into release 2010-03-14 21:30:17 -04:00
pnp PNPACPI: add bus number support 2010-03-14 20:08:38 -04:00
power Merge branches 'battery-2.6.34', 'bugzilla-10805', 'bugzilla-14668', 'bugzilla-531916-power-state', 'ht-warn-2.6.34', 'pnp', 'processor-rename', 'sony-2.6.34', 'suse-bugzilla-531547', 'tz-check', 'video' and 'misc-2.6.34' into release 2010-03-14 21:30:17 -04:00
pps pps: serial clients support 2010-03-12 15:52:43 -08:00
ps3
rapidio
regulator regulator: Add max8925 support 2010-03-07 22:17:08 +01:00
rtc init dynamic bin_attribute structures 2010-03-14 20:28:39 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-03-13 14:50:18 -08:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 2010-03-13 21:29:38 -08:00
serial Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
sfi
sh Merge branch 'origin' into devel-stable 2010-03-08 20:21:04 +00:00
sn
spi Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
ssb
staging driver core: Convert some drivers to CLASS_ATTR_STRING 2010-03-07 17:04:48 -08:00
tc
telephony
thermal
uio UIO: Remove SMX Cryptengine driver 2010-03-07 17:04:51 -08:00
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
uwb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
vhost
video Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 2010-03-13 21:29:38 -08:00
virtio
vlynq
w1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
watchdog [WATCHDOG] i6300esb.c: change platform_driver to pci_driver 2010-03-08 13:48:01 +00:00
xen Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
zorro
Kconfig MFGPT: move clocksource menu 2010-03-06 11:26:28 -08:00
Makefile Merge branch 'origin' into devel-stable 2010-03-08 20:21:04 +00:00