Re: [patch 03/83] cxgb3: Fix kernel crash caused by uninitializedl2t_entry.arpq

[Greg KH]

On Thu, Dec 11, 2008 at 10:12:34PM +0100, Stefan Lippers-Hollmann wrote:
> Hi
> 
> On Donnerstag, 11. Dezember 2008, Greg KH wrote:
> > 2.6.27-stable review patch.  If anyone has any objections, please let us know.
> > 
> > ------------------
> > 
> > From: Roland Dreier <rdreier@xxxxxxxxx>
> > 
> > [ Upstream commit 6d329af9967e7ab3f4a3d7f1e8ef87539c3a069f ]
> > 
> > Commit 147e70e6 ("cxgb3: Use SKB list interfaces instead of home-grown
> > implementation.") causes a crash in t3_l2t_send_slow() when an iWARP
> > connection request is received.  This is because the new l2t_entry.arpq
> > skb queue is never initialized, and therefore trying to add an skb to
> > it causes a NULL dereference.  With the old code there was no need to
> > initialize the queues because the l2t_entry structures were zeroed,
> > and the code used NULL to mean empty.
> > 
> > Fix this by adding __skb_queue_head_init() when all the l2t_entry
> > structures get allocated.
> 
> This patch doesn't compile.
> 
> > Signed-off-by: Roland Dreier <rolandd@xxxxxxxxx>
> > Signed-off-by: Jeff Garzik <jgarzik@xxxxxxxxxx>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
> > 
> > ---
> >  drivers/net/cxgb3/l2t.c |    1 +
> >  1 file changed, 1 insertion(+)
> > 
> > --- a/drivers/net/cxgb3/l2t.c
> > +++ b/drivers/net/cxgb3/l2t.c
> > @@ -436,6 +436,7 @@ struct l2t_data *t3_init_l2t(unsigned in
> >  	for (i = 0; i < l2t_capacity; ++i) {
> >  		d->l2tab[i].idx = i;
> >  		d->l2tab[i].state = L2T_STATE_UNUSED;
> > +		__skb_queue_head_init(&d->l2tab[i].arpq);
> >  		spin_lock_init(&d->l2tab[i].lock);
> >  		atomic_set(&d->l2tab[i].refcnt, 0);
> >  	}
> 
>   CC [M]  drivers/net/cxgb3/cxgb3_main.o
>   CC [M]  drivers/net/cxgb3/ael1002.o
>   CC [M]  drivers/net/cxgb3/vsc8211.o
>   CC [M]  drivers/net/cxgb3/t3_hw.o
>   CC [M]  drivers/net/cxgb3/mc5.o
>   CC [M]  drivers/net/cxgb3/xgmac.o
>   CC [M]  drivers/net/cxgb3/sge.o
>   CC [M]  drivers/net/cxgb3/l2t.o
> drivers/net/cxgb3/l2t.c: In function ât3_init_l2tâ:
> drivers/net/cxgb3/l2t.c:439: error: implicit declaration of function â__skb_queue_head_initâ
> drivers/net/cxgb3/l2t.c:439: error: âstruct l2t_entryâ has no member named âarpqâ
> make[3]: *** [drivers/net/cxgb3/l2t.o] Error 1
> make[2]: *** [drivers/net/cxgb3] Error 2
> make[1]: *** [drivers/net] Error 2
> make: *** [drivers] Error 2
> 
> It seems to depend on
> 
> commit 147e70e62fdd5af6263106ad634b03c5154c1e56
> Author: David S. Miller <davem@xxxxxxxxxxxxx>
> Date:   Mon Sep 22 01:29:52 2008 -0700
> 
>     cxgb3: Use SKB list interfaces instead of home-grown implementation.
> 
>     Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

Hm, no, adding that patch also breaks the build for other reasons :)

David, I'm going to have to drop the original patch you sent me here, as
it doesn't build in the 2.6.27 tree.  If you have a replacement for it
that does build, I'll be glad to take it.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/