fixed PCMCIA au1000_generic.c potential crash.
From: Om Narasimhan
Date: Sat Oct 07 2006 - 19:27:20 EST
Hi,
Please find the corrected patch.
This patch fixes the following issues in drivers/pcmcia/au1000_generic.c.
1. On the error path, skt would not contain a valid value for the
first iteration (skt is masked by uninitialized automatic variable
skt) which would cause a crash.
2. does not do hw_shutdown() for 0th element of PCMCIA_SOCKET.
Applies cleanly to 2.6.18-rc6, rc7, 2.6.18, and 2.6.19-rc1
Regards,
Om.
drivers/pcmcia/au1000_generic.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/pcmcia/au1000_generic.c b/drivers/pcmcia/au1000_generic.c
index d5dd0ce..5387de6 100644
--- a/drivers/pcmcia/au1000_generic.c
+++ b/drivers/pcmcia/au1000_generic.c
@@ -351,6 +351,7 @@ struct skt_dev_info {
int au1x00_pcmcia_socket_probe(struct device *dev, struct
pcmcia_low_level *ops, int first, int nr)
{
struct skt_dev_info *sinfo;
+ struct au1000_pcmcia_socket *skt;
int ret, i;
sinfo = kzalloc(sizeof(struct skt_dev_info), GFP_KERNEL);
@@ -365,7 +366,7 @@ int au1x00_pcmcia_socket_probe(struct de
* Initialise the per-socket structure.
*/
for (i = 0; i < nr; i++) {
- struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+ skt = PCMCIA_SOCKET(i);
memset(skt, 0, sizeof(*skt));
skt->socket.resource_ops = &pccard_static_ops;
@@ -438,17 +439,19 @@ #endif
dev_set_drvdata(dev, sinfo);
return 0;
- do {
- struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+
+out_err:
+ flush_scheduled_work();
+ ops->hw_shutdown(skt);
+ while (i-- > 0) {
+ skt = PCMCIA_SOCKET(i);
del_timer_sync(&skt->poll_timer);
pcmcia_unregister_socket(&skt->socket);
-out_err:
flush_scheduled_work();
ops->hw_shutdown(skt);
- i--;
- } while (i > 0);
+ }
kfree(sinfo);
out:
return ret;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/