From: Abraham Arce Date: Fri, 16 Apr 2010 14:48:43 +0000 (+0000) Subject: KS8851: NULL pointer dereference if list is empty X-Git-Tag: v2.6.34-rc6~30^2~12 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=761172fbf672c5784b2a0d71ca2f4389eb7a2c21;p=platform%2Fkernel%2Flinux-3.10.git KS8851: NULL pointer dereference if list is empty Fix NULL pointer dereference in ks8851_tx_work by checking if dequeued list is already empty before writing the packet to TX FIFO Unable to handle kernel NULL pointer dereference at virtual address 00000050 PC is at ks8851_tx_work+0xdc/0x1b0 LR is at wait_for_common+0x148/0x164 pc : [] lr : [] psr: 20000013 Backtrace: ks8851_tx_work+0x0/0x1b0 worker_thread+0x0/0x190 kthread+0x0/0x90 Signed-off-by: Abraham Arce Signed-off-by: David S. Miller --- diff --git a/drivers/net/ks8851.c b/drivers/net/ks8851.c index 13cc1ca..9e9f9b3 100644 --- a/drivers/net/ks8851.c +++ b/drivers/net/ks8851.c @@ -722,12 +722,14 @@ static void ks8851_tx_work(struct work_struct *work) txb = skb_dequeue(&ks->txq); last = skb_queue_empty(&ks->txq); - ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA); - ks8851_wrpkt(ks, txb, last); - ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr); - ks8851_wrreg16(ks, KS_TXQCR, TXQCR_METFE); + if (txb != NULL) { + ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA); + ks8851_wrpkt(ks, txb, last); + ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr); + ks8851_wrreg16(ks, KS_TXQCR, TXQCR_METFE); - ks8851_done_tx(ks, txb); + ks8851_done_tx(ks, txb); + } } mutex_unlock(&ks->lock);