linux/pci_back: fix NULL pointer ref.
This patch fixes the following panic.
pcistub_device_release() can be called during
initialization. Thus pci_get_drvdata() can return NULL.
Fix it by inserting NULL check.
Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
[<ffffffff8122ec4d>] pciback_config_free_dyn_fields+0xb/0x67
PGD eeb6b067 PUD eb833067 PMD 0
Oops: 0000 [1] SMP
CPU 0
Modules linked in:
Pid: 3181, comm: bash Not tainted 2.6.18.8 #5
RIP: e030:[<ffffffff8122ec4d>] [<ffffffff8122ec4d>]
pciback_config_free_dyn_fields+0xb/0x67
RSP: e02b:ffff8800e91edb98 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff8800ecfe3ec0 RCX: ffff8800ea8e0000
RDX: ffffffffff578000 RSI: ffff8800ea8e0000 RDI: ffff8800ea8e0000
RBP: ffffffff8122d403 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff81283086 R12: 0000000000000000
R13: ffffffff813f1050 R14: 0000000000000000 R15: ffff8800027c9870
FS: 00002b093b121af0(0000) GS:ffffffff8144b000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000
Process bash (pid: 3181, threadinfo ffff8800e91ec000, task ffff8800ebf53810)
Stack: ffff8800ecfe3ec0 ffffffff8122d403 ffff8800ea8e0000 ffffffff8122d419
ffff8800ecfe3ec0 ffffffff81162976 ffff8800ecfe3ec0 ffff8800ecfe3ec0
00000000ffffffea ffffffff8122d6e7 ffffffff813f10a8 ffff8800ea8e0000
Call Trace:
[<ffffffff8122d403>] pcistub_device_release+0x0/0x50
[<ffffffff8122d419>] pcistub_device_release+0x16/0x50
[<ffffffff81162976>] kref_put+0x63/0x6e
[<ffffffff8122d6e7>] pcistub_seize+0x104/0x10b
[<ffffffff8116ed07>] pci_device_probe+0x4c/0x73
[<ffffffff812154cc>] pci_bus_probe_wrapper+0x1f2/0x1fe
[<ffffffff81026bd3>] __wake_up+0x38/0x4f
[<ffffffff8129d7f6>] netlink_broadcast+0x31a/0x362
[<ffffffff8116ec15>] pci_match_device+0x13/0xb9
[<ffffffff8116ed42>] pci_bus_match+0x14/0x20
[<ffffffff811c9449>] driver_probe_device+0x52/0xa4
[<ffffffff811c9542>] __device_attach+0x0/0x5
[<ffffffff811c8b2f>] bus_for_each_drv+0x43/0x77
[<ffffffff811c93e2>] device_attach+0x56/0x6b
[<ffffffff811c880f>] bus_attach_device+0x1a/0x35
[<ffffffff811c7b13>] device_add+0x24d/0x365
[<ffffffff8116acbc>] pci_bus_add_device+0xd/0x52
[<ffffffff8117635c>] pci_rescan_buses+0xde/0x1ec
[<ffffffff8116bbd2>] pci_scan_single_device+0x21/0x11e
[<ffffffff81176445>] pci_rescan_buses+0x1c7/0x1ec
[<ffffffff810615b0>] __alloc_pages+0x79/0x2c4
[<ffffffff8117647a>] enable_slot+0x10/0x1a
[<ffffffff81175368>] power_write_file+0xa8/0x114
[<ffffffff810bbc23>] sysfs_write_file+0xbb/0xe6
[<ffffffff81080b8f>] vfs_write+0xad/0x153
[<ffffffff81080cf1>] sys_write+0x45/0x6e
[<ffffffff8100a634>] system_call+0x68/0x6d
[<ffffffff8100a5cc>] system_call+0x0/0x6d
Code: 49 8b 1c 24 48 8b 2b eb 49 48 8b 7b 10 48 8b 47 28 48 85 c0
RIP [<ffffffff8122ec4d>] pciback_config_free_dyn_fields+0xb/0x67
RSP <ffff8800e91edb98>
CR2: 0000000000000000
Signed-off-by: Isaku Yamahata <yamahata@xxxxxxxxxxxxx>
diff --git a/drivers/xen/pciback/conf_space.c b/drivers/xen/pciback/conf_space.c
--- a/drivers/xen/pciback/conf_space.c
+++ b/drivers/xen/pciback/conf_space.c
@@ -297,6 +297,8 @@ void pciback_config_free_dyn_fields(stru
dev_dbg(&dev->dev,
"free-ing dynamically allocated virtual configuration space
fields\n");
+ if (!dev_data)
+ return;
list_for_each_entry_safe(cfg_entry, t, &dev_data->config_fields, list) {
field = cfg_entry->field;
@@ -321,6 +323,8 @@ void pciback_config_reset_dev(struct pci
const struct config_field *field;
dev_dbg(&dev->dev, "resetting virtual configuration space\n");
+ if (!dev_data)
+ return;
list_for_each_entry(cfg_entry, &dev_data->config_fields, list) {
field = cfg_entry->field;
@@ -337,6 +341,8 @@ void pciback_config_free_dev(struct pci_
const struct config_field *field;
dev_dbg(&dev->dev, "free-ing virtual configuration space fields\n");
+ if (!dev_data)
+ return;
list_for_each_entry_safe(cfg_entry, t, &dev_data->config_fields, list) {
list_del(&cfg_entry->list);
--
yamahata
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home