Re: [IrDA] Oops with NULL deref in irda_device_set_media_busy

From: Jean Tourrilhes
Date: Wed Apr 06 2005 - 11:52:59 EST


On Wed, Apr 06, 2005 at 09:22:48AM +0200, Michal Rokos wrote:
> Hello again,
>
> I'm gonna provide more info this time...
>
> > > When I turn debug on, I get just
> > > Assertion failed! net/irda/irda_device.c:irda_device_set_media_busy:128
> > > self != NULL
> > >
> > > The obvious reason is that I don't have irlap module in that inits
> > > dev->atalk_ptr, so I'm getting assertion exception in irda_device.c:489.
>
> The assertion is seen when ifup -a is called so it's when 'ifconfig irda0 up'
> is used.

That was the crucial bit that was missing. Now I get it. A
good night of sleep also did help.
Patch attached.

Jean

-----------------------------------------------------

diff -u -p linux/net/irda/irda_device.d2.c linux/net/irda/irda_device.c
--- linux/net/irda/irda_device.d2.c Wed Apr 6 09:40:09 2005
+++ linux/net/irda/irda_device.c Wed Apr 6 09:45:22 2005
@@ -125,8 +125,15 @@ void irda_device_set_media_busy(struct n

self = (struct irlap_cb *) dev->atalk_ptr;

- IRDA_ASSERT(self != NULL, return;);
- IRDA_ASSERT(self->magic == LAP_MAGIC, return;);
+ /* Some drivers may enable the receive interrupt before calling
+ * irlap_open(), or they may disable the receive interrupt
+ * after calling irlap_close().
+ * The IrDA stack is protected from this in irlap_driver_rcv().
+ * However, the driver calls directly the wrapper, that calls
+ * us directly. Make sure we protect ourselves.
+ * Jean II */
+ if (!self || self->magic != LAP_MAGIC)
+ return;

if (status) {
self->media_busy = TRUE;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/