[Intel-wired-lan] e1000: check on netif_running() before calling e1000_up()

Brown, Aaron F aaron.f.brown at intel.com
Thu Aug 2 22:06:54 UTC 2018


> From: Intel-wired-lan [mailto:intel-wired-lan-bounces at osuosl.org] On
> Behalf Of Jeff Kirsher
> Sent: Monday, July 23, 2018 9:01 AM
> To: intel-wired-lan at lists.osuosl.org
> Cc: Bo Chen <chenbo at pdx.edu>
> Subject: [Intel-wired-lan] e1000: check on netif_running() before calling
> e1000_up()
> 
> From: Bo Chen <chenbo at pdx.edu>
> 
> When the device is not up, the call to 'e1000_up()' from the error handling
> path
> of 'e1000_set_ringparam()' causes a kernel oops with a null-pointer
> dereference. The null-pointer dereference is triggered in function
> 'e1000_alloc_rx_buffers()' at line 'buffer_info = &rx_ring->buffer_info[i]'.
> 
> This bug was reported by COD, a tool for testing kernel module binaries I am
> building. This bug was also detected by KFI from Dr. Kai Cong.
> 
> This patch fixes the bug by checking on 'netif_running()' before calling
> 'e1000_up()' in 'e1000_set_ringparam()'.
> 
> Signed-off-by: Bo Chen <chenbo at pdx.edu>
> Acked-by: Alexander Duyck <alexander.h.duyck at intel.com>
> ---
>  drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Tested-by: Aaron Brown <aaron.f.brown at intel.com>


More information about the Intel-wired-lan mailing list