review.tizen.org Git - kernel/kernel-generic.git/commit

author	Nikolay Aleksandrov <nikolay@redhat.com>
	Wed, 23 Oct 2013 13:04:49 +0000 (15:04 +0200)
committer	David S. Miller <davem@davemloft.net>
	Fri, 25 Oct 2013 23:26:58 +0000 (19:26 -0400)
commit	45e526e80e6fdc796d3bc05716d5c930a427df4d
tree	1d6909c66190e5e5a30c28fa66b6edd760126f07	tree \| snapshot
parent	0e67d9903d71ce3c5889fa2e1788d4335794a0f6	commit \| diff

netconsole: fix NULL pointer dereference

We need to disable the netconsole (enabled = 0) before setting nt->np.dev
to NULL because otherwise we might still have users after the
netpoll_cleanup() since nt->enabled is set afterwards and we can
have a message which will result in a NULL pointer dereference.
It is very easy to hit dereferences all over the netpoll_send_udp function
by running the following two loops in parallel:
while [ 1 ]; do echo 1 > enabled; echo 0 > enabled; done;
while [ 1 ]; do echo 00:11:22:33:44:55 > remote_mac; done;
(the second loop is to generate messages, it can be done by anything)

We're safe to set nt->np.dev = NULL and nt->enabled = 0 with the spinlock
since it's required in the write_msg() function.

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Reviewed-by: Veacelsav Falico <vfalico@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>