Re: fixed PCMCIA au1000_generic.c potential crash.

From: Andrew Morton
Date: Sun Oct 08 2006 - 16:56:02 EST

Next message: Duran, Leo: "RE: [discuss] Re: Please pull x86-64 bug fixes"
Previous message: Thomas Gleixner: "Re: + clocksource-increase-initcall-priority.patch added to -mmtree"
Next in thread: Om Narasimhan: "Re: fixed PCMCIA au1000_generic.c potential crash."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 7 Oct 2006 16:26:40 -0700
"Om Narasimhan" <om.turyx@xxxxxxxxx> wrote:

> Please find the corrected patch.

The patch is wordwrapped, has spaces replaced by tabs and each version is
subtly different from its predecessor. This confuses me.

Please confirm that the below is the appropriate and final patch, thanks.

From: "Om Narasimhan" <om.turyx@xxxxxxxxx>

The previous code did something like,

if (error) goto out_err;
....
do {
struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
del_timer_sync(&skt->poll_timer);
pcmcia_unregister_socket(&skt->socket);
out_err:
flush_scheduled_work();
ops->hw_shutdown(skt);
i--;
} while (i > 0)
.....

- On the error path, skt would not contain a valid value for the first
iteration (skt is masked by uninitialized automatic skt)

- Does not do hw_shutdown() for 0th element of PCMCIA_SOCKET

Signed-off-by: Om Narasimhan <om.turyx@xxxxxxxxx>
Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
Cc: "Yoichi Yuasa" <yoichi_yuasa@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

drivers/pcmcia/au1000_generic.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)

diff -puN drivers/pcmcia/au1000_generic.c~pcmcia-au1000_generic-fix drivers/pcmcia/au1000_generic.c
--- a/drivers/pcmcia/au1000_generic.c~pcmcia-au1000_generic-fix
+++ a/drivers/pcmcia/au1000_generic.c
@@ -351,6 +351,7 @@ struct skt_dev_info {
int au1x00_pcmcia_socket_probe(struct device *dev, struct pcmcia_low_level *ops, int first, int nr)
{
struct skt_dev_info *sinfo;
+ struct au1000_pcmcia_socket *skt;
int ret, i;

sinfo = kzalloc(sizeof(struct skt_dev_info), GFP_KERNEL);
@@ -365,7 +366,7 @@ int au1x00_pcmcia_socket_probe(struct de
* Initialise the per-socket structure.
*/
for (i = 0; i < nr; i++) {
- struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+ skt = PCMCIA_SOCKET(i);
memset(skt, 0, sizeof(*skt));

skt->socket.resource_ops = &pccard_static_ops;
@@ -438,17 +439,19 @@ int au1x00_pcmcia_socket_probe(struct de
dev_set_drvdata(dev, sinfo);
return 0;

- do {
- struct au1000_pcmcia_socket *skt = PCMCIA_SOCKET(i);
+
+out_err:
+ flush_scheduled_work();
+ ops->hw_shutdown(skt);
+ while (i-- > 0) {
+ skt = PCMCIA_SOCKET(i);

del_timer_sync(&skt->poll_timer);
pcmcia_unregister_socket(&skt->socket);
-out_err:
flush_scheduled_work();
ops->hw_shutdown(skt);

- i--;
- } while (i > 0);
+ }
kfree(sinfo);
out:
return ret;
_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Duran, Leo: "RE: [discuss] Re: Please pull x86-64 bug fixes"
Previous message: Thomas Gleixner: "Re: + clocksource-increase-initcall-priority.patch added to -mmtree"
Next in thread: Om Narasimhan: "Re: fixed PCMCIA au1000_generic.c potential crash."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]