diff options
| author | Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> | 2015-07-02 19:13:00 -0600 |
|---|---|---|
| committer | David Keitel <dkeitel@codeaurora.org> | 2016-03-22 11:05:38 -0700 |
| commit | 2eda907ab5fa31ee8ed2127f7326d2c5fd63aa12 (patch) | |
| tree | 0fca0f396ecd2c0bcc7620cd7af7353d59e017ee /net | |
| parent | 35377fac7a1b148c3d572a8f6a3e0c5442dbf37e (diff) | |
net: rmnet_data: Handle info pointer from netdevice notifier
Commit 351638e7deeed2e ("net: pass info struct via netdevice notifier")
adds support for passing a custom struct rather than a net device.
BUG: KASan: out of bounds on stack in rmnet_config_notify_cb+0x11c/0x728i
at addr ffffffc01232fb48
Read of size 8 by task WifiStateMachin/2268
page:ffffffbb056ce3e8 count:0 mapcount:0 mapping: (null) index:0x2
flags: 0x0()
page dumped because: kasan: bad access detected
CPU: 2 PID: 2268 Comm: WifiStateMachin Tainted: G W O
3.18.0-g092b7e8-dirty #6
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 MTP (DT)
Call trace:
[<ffffffc000089c70>] dump_backtrace+0x0/0x1c4
[<ffffffc000089e44>] show_stack+0x10/0x1c
[<ffffffc0010cae0c>] dump_stack+0x74/0xc8
[<ffffffc00020e360>] kasan_report_error+0x2ac/0x3d0
[<ffffffc00020e560>] kasan_report+0x34/0x40
[<ffffffc00020d520>] __asan_load8+0x84/0x90
[<ffffffc0010ba434>] rmnet_config_notify_cb+0x118/0x728
[<ffffffc0000d1858>] notifier_call_chain+0x68/0xb4
[<ffffffc0000d1940>] raw_notifier_call_chain+0x10/0x1c
[<ffffffc000e2a39c>] call_netdevice_notifiers_info+0x60/0x74
[<ffffffc000e2a418>] call_netdevice_notifiers+0x68/0x84
[<ffffffc000e367c8>] netdev_run_todo+0x100/0x348
[<ffffffc000e4545c>] rtnl_unlock+0x8/0x14
[<ffffffc000e31a4c>] unregister_netdev+0x20/0x30
[<ffffffbffc02420c>] hdd_cleanup_adapter+0x88/0x9c [wlan]
[<ffffffbffc026630>] hdd_close_all_adapters+0xc4/0x128 [wlan]
[<ffffffbffc02a8d4>] hdd_wlan_exit+0x660/0x744 [wlan]
[<ffffffbffc02c388>] __hdd_wlan_exit+0x104/0x138 [wlan]
[<ffffffbffc284410>] hif_pci_remove+0x68/0x114 [wlan]
[<ffffffc0007f45c8>] cnss_wlan_unregister_driver+0xa0/0x21c
[<ffffffbffc286118>] hif_unregister_driver+0x14/0x20 [wlan]
[<ffffffbffc2a0288>] hdd_module_exit+0x1b4/0x218 [wlan]
[<ffffffc00014f804>] SyS_delete_module+0x1f4/0x290
Memory state around the buggy address:
ffffffc01232fa00: f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00
ffffffc01232fa80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4
>ffffffc01232fb00: f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 00
^
ffffffc01232fb80: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
ffffffc01232fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Update the netdevice callback to handle this change.
Also remove a redundant check for associated devices.
CRs-Fixed: 865889
Change-Id: I96461807631447aef84eb3eac906057e3ce6827c
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/rmnet_data/rmnet_data_config.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/net/rmnet_data/rmnet_data_config.c b/net/rmnet_data/rmnet_data_config.c index a166a60cd1b7..c49393924e26 100644 --- a/net/rmnet_data/rmnet_data_config.c +++ b/net/rmnet_data/rmnet_data_config.c @@ -1195,7 +1195,7 @@ static void rmnet_force_unassociate_device(struct net_device *dev) int rmnet_config_notify_cb(struct notifier_block *nb, unsigned long event, void *data) { - struct net_device *dev = (struct net_device *)data; + struct net_device *dev = netdev_notifier_info_to_dev(data); if (!dev) BUG(); @@ -1206,10 +1206,8 @@ int rmnet_config_notify_cb(struct notifier_block *nb, case NETDEV_UNREGISTER_FINAL: case NETDEV_UNREGISTER: trace_rmnet_unregister_cb_entry(dev); - if (_rmnet_is_physical_endpoint_associated(dev)) { - LOGH("Kernel is trying to unregister %s", dev->name); - rmnet_force_unassociate_device(dev); - } + LOGH("Kernel is trying to unregister %s", dev->name); + rmnet_force_unassociate_device(dev); trace_rmnet_unregister_cb_exit(dev); break; |