On Mon, Feb 23, 2004 at 09:43:22PM -0500, Pavel Roskin wrote:
> Hello!
>
> Linux 2.6.3-bk5 (and perhaps older versions too) accesses uninitialized
> memory if register_netdev() fails in the dev->init call. I could
> reproduce the problem in the dummy driver.
It's not register_netdev(); it's broken cleanup code in the driver.
Note that loop in dummy.c
for (i = 0; i < numdummies && !err; i++)
err = dummy_init_one(i);
if (err) {
while (--i >= 0)
dummy_free_one(i);
}
ignores errors except the last one. Where we fail doesn't matter - if you
simulate alloc_netdev() failure in there (-ENOMEM exit) you'll get exacly
the same behaviour.
Fix in case of dummy.c is trivial -
diff -urN RC3-bk1/drivers/net/dummy.c RC3-bk1-current/drivers/net/dummy.c
--- RC3-bk1/drivers/net/dummy.c Wed Feb 18 13:40:43 2004
+++ RC3-bk1-current/drivers/net/dummy.c Mon Feb 23 21:56:46 2004
@@ -124,7 +124,7 @@
dummies = kmalloc(numdummies * sizeof(void *), GFP_KERNEL);
if (!dummies)
return -ENOMEM;
- for (i = 0; i < numdummies && !err; i++)
+ for (i = 0; !err && i < numdummies && !err; i++)
err = dummy_init_one(i);
if (err) {
while (--i >= 0)
Now, which driver have you actually seen it in?
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
