Oops after register_netdev() failure in 2.6.3-bk5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

Linux 2.6.3-bk5 (and perhaps older versions too) accesses uninitialized
memory if register_netdev() fails in the dev->init call.  I could
reproduce the problem in the dummy driver.

That's what I changed in the driver:
==========================
--- linux.orig/drivers/net/dummy.c
+++ linux/drivers/net/dummy.c
@@ -91,6 +91,11 @@ static struct net_device **dummies;
 /* Number of dummy devices to be set up by this module. */
 module_param(numdummies, int, 0);

+static int dummy_bad_init(struct net_device *dev)
+{
+	return -EBUSY;
+}
+
 static int __init dummy_init_one(int index)
 {
 	struct net_device *dev_dummy;
@@ -102,6 +107,7 @@ static int __init dummy_init_one(int ind
 	if (!dev_dummy)
 		return -ENOMEM;

+	dev_dummy->init = dummy_bad_init;
 	if ((err = register_netdev(dev_dummy))) {
 		free_netdev(dev_dummy);
 		dev_dummy = NULL;
==========================

And that's what I get:

# modprobe dummy
Unable to handle kernel paging request at virtual address 5a5a5bde
 printing eip:
c02c98a4
*pde = 00000000
Oops: 0000 [#1]
CPU:    0
EIP:    0060:[<c02c98a4>]    Not tainted
EFLAGS: 00010202
EIP is at unregister_netdevice+0x34/0x395
eax: 00000001   ebx: 5a5a5a5a   ecx: c03b2520   edx: 00000000
esi: 5a5a5a5a   edi: c0371c00   ebp: cdc49f64   esp: cdc49f38
ds: 007b   es: 007b   ss: 0068
Process modprobe (pid: 1099, threadinfo=cdc48000 task=ce2ee660)
Stack: 00000286 00000246 d0003079 cdc49f44 cdc49f44 d08c40b7 c03b2520
fffffff0
       5a5a5a5a fffffff0 c0371c00 cdc49f70 c026ec02 00000000 cdc49f7c
d08c2083
       00000000 cdc49f8c d08c4127 c0371c40 d08c2600 cdc49fbc c013f8d9
cdc49fbc
Call Trace:
 [<d08c40b7>] dummy_init_one+0x67/0x70 [dummy]
 [<c026ec02>] unregister_netdev+0x12/0x20
 [<d08c2083>] dummy_free_one+0x13/0x30 [dummy]
 [<d08c4127>] dummy_init_module+0x67/0x78 [dummy]
 [<c013f8d9>] sys_init_module+0x1b9/0x330
 [<c0168dbf>] filp_close+0x4f/0x80
 [<c0109bff>] syscall_call+0x7/0xb

Code: 8b 86 84 01 00 00 85 c0 0f 84 f9 02 00 00 83 f8 02 0f 85 e3
 Segmentation fault


The kernel configuration is here:
http://www.red-bean.com/~proski/tmp/bad-dummy.config

-- 
Regards,
Pavel Roskin
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux