[PATCH] NET: r8169: fix oops in r8169_get_mac_version

From: Ivan Vecera
Date: Thu Apr 17 2008 - 11:02:20 EST


When does r8169_get_mac_version find unknown MAC then kernel crash occurs
because tp->pci_dev is NULL and is dereferenced. Problem is that the function
r8169_get_mac_version is called from rtl8169_init_one at line 1704 but
tp->pci_dev is filled at line 1780.

Ivan

---
diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
index 3acfeea..a45c8e8 100644
--- a/drivers/net/r8169.c
+++ b/drivers/net/r8169.c
@@ -1700,6 +1700,9 @@ rtl8169_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
msleep_interruptible(1);
}

+ /* rtl8169_get_mac_version uses tp->pci_dev when unknown MAC found */
+ tp->pci_dev = pdev;
+
/* Identify chip attached to board */
rtl8169_get_mac_version(tp, ioaddr);

@@ -1777,7 +1780,6 @@ rtl8169_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
#endif

tp->intr_mask = 0xffff;
- tp->pci_dev = pdev;
tp->mmio_addr = ioaddr;
tp->align = cfg->align;
tp->hw_start = cfg->hw_start;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/