On Mon, Feb 04, 2013 at 07:57:15PM +0000, Ian Abbott wrote: > On 04/02/2013 18:49, Greg Kroah-Hartman wrote: > >On Mon, Feb 04, 2013 at 03:05:28PM +0000, Ian Abbott wrote: > >>Some low-level comedi drivers (incorrectly) point `dev->read_subdev` or > >>`dev->write_subdev` to a subdevice that does not support asynchronous > >>commands. Comedi's poll(), read() and write() file operation handlers > >>assume these subdevices do support asynchronous commands. In > >>particular, they assume `s->async` is valid (where `s` points to the > >>read or write subdevice), which it won't be if it has been set > >>incorrectly. This can lead to a NULL pointer dereference. > > > >Are there any specific drivers that cause this to happen? > > comedi_test is one. I have a few others written on a piece of paper > somewhere. :) > > I plan to add some sanitization during postconfig (after the > low-level driver's attach or auto_attach routine is called) to trim > out the bits that it doesn't set up properly with a warning. > > >>Check `s->async` is non-NULL in `comedi_poll()`, `comedi_read()` and > >>`comedi_write()` to avoid the bug. > >> > >>Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx> > >>--- > >>v2: Corrected silly mistake. Deleted a line accidentally leading to > >>compilation failure. > >>Note: this is for Greg's staging-linus or master and stable kernels > > > >Can this wait until 3.9-rc1, and then backport to the 3.8.1 release and > >older stable kernels? > > Sure thing. Turns out that this doesn't apply at all to my staging-next branch due to the other changes in the tree. Can you refresh it on staging-next and resend? thanks, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
