aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKyle McMartin <kyle@redhat.com>2009-08-19 21:17:08 -0400
committerIngo Molnar <mingo@elte.hu>2009-08-21 04:04:24 -0400
commitec9c96ef3cc0124cb94375b17faaa8cff5dfdf97 (patch)
tree477cfb87ab455a9adf26cb897252290f110494dd
parent429966b8f644dda2afddb4f834a944e9b46a7645 (diff)
dma-debug: Fix check_unmap null pointer dereference
While it's debatable whether or not a NULL device argument to the DMA API functions is valid... since it certainly isn't valid on devices with an IOMMU... dma-debug really shouldn't be dereferencing null pointers either. Guard against that in err_printk and the driver_filter functions. A Fedora rawhide user was seeing this in one of the dvb drivers resulting in an oops on boot. [ A patch has been sent for testing to the driver, but I feel the dma debugging support should be fixed as well. (There's still a pile of legacy garbage in the kernel passing null pointers to dma_{alloc,free}_*. :( ] Signed-off-by: Kyle McMartin <kyle@redhat.com> Cc: mchehab@infradead.org Cc: Joerg Roedel <joerg.roedel@amd.com> LKML-Reference: <20090820011708.GP25206@bombadil.infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r--lib/dma-debug.c28
1 files changed, 16 insertions, 12 deletions
diff --git a/lib/dma-debug.c b/lib/dma-debug.c
index 65b0d99b6d0a..58a9f9fc609a 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
@@ -156,9 +156,13 @@ static bool driver_filter(struct device *dev)
156 return true; 156 return true;
157 157
158 /* driver filter on and initialized */ 158 /* driver filter on and initialized */
159 if (current_driver && dev->driver == current_driver) 159 if (current_driver && dev && dev->driver == current_driver)
160 return true; 160 return true;
161 161
162 /* driver filter on, but we can't filter on a NULL device... */
163 if (!dev)
164 return false;
165
162 if (current_driver || !current_driver_name[0]) 166 if (current_driver || !current_driver_name[0])
163 return false; 167 return false;
164 168
@@ -183,17 +187,17 @@ static bool driver_filter(struct device *dev)
183 return ret; 187 return ret;
184} 188}
185 189
186#define err_printk(dev, entry, format, arg...) do { \ 190#define err_printk(dev, entry, format, arg...) do { \
187 error_count += 1; \ 191 error_count += 1; \
188 if (driver_filter(dev) && \ 192 if (driver_filter(dev) && \
189 (show_all_errors || show_num_errors > 0)) { \ 193 (show_all_errors || show_num_errors > 0)) { \
190 WARN(1, "%s %s: " format, \ 194 WARN(1, "%s %s: " format, \
191 dev_driver_string(dev), \ 195 dev ? dev_driver_string(dev) : "NULL", \
192 dev_name(dev) , ## arg); \ 196 dev ? dev_name(dev) : "NULL", ## arg); \
193 dump_entry_trace(entry); \ 197 dump_entry_trace(entry); \
194 } \ 198 } \
195 if (!show_all_errors && show_num_errors > 0) \ 199 if (!show_all_errors && show_num_errors > 0) \
196 show_num_errors -= 1; \ 200 show_num_errors -= 1; \
197 } while (0); 201 } while (0);
198 202
199/* 203/*