[Intel-wired-lan] e1000: check on netif_running() before calling e1000_up()
Brown, Aaron F
aaron.f.brown at intel.com
Thu Aug 2 22:06:54 UTC 2018
> From: Intel-wired-lan [mailto:intel-wired-lan-bounces at osuosl.org] On
> Behalf Of Jeff Kirsher
> Sent: Monday, July 23, 2018 9:01 AM
> To: intel-wired-lan at lists.osuosl.org
> Cc: Bo Chen <chenbo at pdx.edu>
> Subject: [Intel-wired-lan] e1000: check on netif_running() before calling
> e1000_up()
>
> From: Bo Chen <chenbo at pdx.edu>
>
> When the device is not up, the call to 'e1000_up()' from the error handling
> path
> of 'e1000_set_ringparam()' causes a kernel oops with a null-pointer
> dereference. The null-pointer dereference is triggered in function
> 'e1000_alloc_rx_buffers()' at line 'buffer_info = &rx_ring->buffer_info[i]'.
>
> This bug was reported by COD, a tool for testing kernel module binaries I am
> building. This bug was also detected by KFI from Dr. Kai Cong.
>
> This patch fixes the bug by checking on 'netif_running()' before calling
> 'e1000_up()' in 'e1000_set_ringparam()'.
>
> Signed-off-by: Bo Chen <chenbo at pdx.edu>
> Acked-by: Alexander Duyck <alexander.h.duyck at intel.com>
> ---
> drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Tested-by: Aaron Brown <aaron.f.brown at intel.com>
More information about the Intel-wired-lan
mailing list