On 2013/02/04 08:59 PM, Greg Kroah-Hartman wrote: > On Mon, Feb 04, 2013 at 07:57:15PM +0000, Ian Abbott wrote: >> On 04/02/2013 18:49, Greg Kroah-Hartman wrote: >>> On Mon, Feb 04, 2013 at 03:05:28PM +0000, Ian Abbott wrote: >>>> Some low-level comedi drivers (incorrectly) point `dev->read_subdev` or >>>> `dev->write_subdev` to a subdevice that does not support asynchronous >>>> commands. Comedi's poll(), read() and write() file operation handlers >>>> assume these subdevices do support asynchronous commands. In >>>> particular, they assume `s->async` is valid (where `s` points to the >>>> read or write subdevice), which it won't be if it has been set >>>> incorrectly. This can lead to a NULL pointer dereference. >>> >>> Are there any specific drivers that cause this to happen? >> >> comedi_test is one. I have a few others written on a piece of paper >> somewhere. :) >> >> I plan to add some sanitization during postconfig (after the >> low-level driver's attach or auto_attach routine is called) to trim >> out the bits that it doesn't set up properly with a warning. >> >>>> Check `s->async` is non-NULL in `comedi_poll()`, `comedi_read()` and >>>> `comedi_write()` to avoid the bug. >>>> >>>> Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx> >>>> --- >>>> v2: Corrected silly mistake. Deleted a line accidentally leading to >>>> compilation failure. >>>> Note: this is for Greg's staging-linus or master and stable kernels >>> >>> Can this wait until 3.9-rc1, and then backport to the 3.8.1 release and >>> older stable kernels? >> >> Sure thing. > > Turns out that this doesn't apply at all to my staging-next branch due > to the other changes in the tree. Can you refresh it on staging-next > and resend? > > thanks, Actually, I sent a patch for staging-next (message id <1359989570-3995-1-git-send-email-abbotti@xxxxxxxxx>), followed by a patch with the same subject line for staging-linus or master (message id <1359989780-4184-1-git-send-email-abbotti@xxxxxxxxx>), followed by this revised version of the latter patch. I.e. there are two patches with subject line "[PATCH] staging: comedi: check s->async for poll(), read() and write()", one of which should apply to staging-next. I'll resend the first one privately just in case you've already deleted it, since it's already been sent publicly. -- -=( Ian Abbott @ MEV Ltd. E-mail: <abbotti@xxxxxxxxx> )=- -=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=- _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
