[PATCH v2] staging: comedi: check s->async for poll(), read() and write()
Ian Abbott
abbotti at mev.co.uk
Mon Feb 4 19:57:15 UTC 2013
On 04/02/2013 18:49, Greg Kroah-Hartman wrote:
> On Mon, Feb 04, 2013 at 03:05:28PM +0000, Ian Abbott wrote:
>> Some low-level comedi drivers (incorrectly) point `dev->read_subdev` or
>> `dev->write_subdev` to a subdevice that does not support asynchronous
>> commands. Comedi's poll(), read() and write() file operation handlers
>> assume these subdevices do support asynchronous commands. In
>> particular, they assume `s->async` is valid (where `s` points to the
>> read or write subdevice), which it won't be if it has been set
>> incorrectly. This can lead to a NULL pointer dereference.
>
> Are there any specific drivers that cause this to happen?
comedi_test is one. I have a few others written on a piece of paper
somewhere. :)
I plan to add some sanitization during postconfig (after the low-level
driver's attach or auto_attach routine is called) to trim out the bits
that it doesn't set up properly with a warning.
>> Check `s->async` is non-NULL in `comedi_poll()`, `comedi_read()` and
>> `comedi_write()` to avoid the bug.
>>
>> Signed-off-by: Ian Abbott <abbotti at mev.co.uk>
>> ---
>> v2: Corrected silly mistake. Deleted a line accidentally leading to
>> compilation failure.
>> Note: this is for Greg's staging-linus or master and stable kernels
>
> Can this wait until 3.9-rc1, and then backport to the 3.8.1 release and
> older stable kernels?
Sure thing.
--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti at mev.co.uk> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
More information about the devel
mailing list