On Tue, Feb 05, 2013 at 12:35:12PM +0000, Ian Abbott wrote: > On 2013/02/04 08:59 PM, Greg Kroah-Hartman wrote: > > On Mon, Feb 04, 2013 at 07:57:15PM +0000, Ian Abbott wrote: > >> On 04/02/2013 18:49, Greg Kroah-Hartman wrote: > >>> On Mon, Feb 04, 2013 at 03:05:28PM +0000, Ian Abbott wrote: > >>>> Some low-level comedi drivers (incorrectly) point `dev->read_subdev` or > >>>> `dev->write_subdev` to a subdevice that does not support asynchronous > >>>> commands. Comedi's poll(), read() and write() file operation handlers > >>>> assume these subdevices do support asynchronous commands. In > >>>> particular, they assume `s->async` is valid (where `s` points to the > >>>> read or write subdevice), which it won't be if it has been set > >>>> incorrectly. This can lead to a NULL pointer dereference. > >>> > >>> Are there any specific drivers that cause this to happen? > >> > >> comedi_test is one. I have a few others written on a piece of paper > >> somewhere. :) > >> > >> I plan to add some sanitization during postconfig (after the > >> low-level driver's attach or auto_attach routine is called) to trim > >> out the bits that it doesn't set up properly with a warning. > >> > >>>> Check `s->async` is non-NULL in `comedi_poll()`, `comedi_read()` and > >>>> `comedi_write()` to avoid the bug. > >>>> > >>>> Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx> > >>>> --- > >>>> v2: Corrected silly mistake. Deleted a line accidentally leading to > >>>> compilation failure. > >>>> Note: this is for Greg's staging-linus or master and stable kernels > >>> > >>> Can this wait until 3.9-rc1, and then backport to the 3.8.1 release and > >>> older stable kernels? > >> > >> Sure thing. > > > > Turns out that this doesn't apply at all to my staging-next branch due > > to the other changes in the tree. Can you refresh it on staging-next > > and resend? > > > > thanks, > > Actually, I sent a patch for staging-next (message id > <1359989570-3995-1-git-send-email-abbotti@xxxxxxxxx>), followed by a > patch with the same subject line for staging-linus or master (message id > <1359989780-4184-1-git-send-email-abbotti@xxxxxxxxx>), followed by this > revised version of the latter patch. > > I.e. there are two patches with subject line "[PATCH] staging: comedi: > check s->async for poll(), read() and write()", one of which should > apply to staging-next. I'll resend the first one privately just in case > you've already deleted it, since it's already been sent publicly. You are right, sorry about that, I've now applied the patch you resent. thanks, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
