On 2013-12-11 11:58, Bernd Porr wrote:
From d83a3e0cda7559e9b91759ab4ef8a6c3eb19fbc0 Mon Sep 17 00:00:00 2001
From: Bernd Porr<m...@berndporr.me.uk>
Date: Wed, 11 Dec 2013 11:45:09 +0000
Subject: [PATCH 1/1] If the channel list is not set in userspace we get an
error at PTR_ERR(async->cmd.chanlist). However, do_become_nonbusy(dev, s)
cleans up this pointer which causes a kernel ooops. Setting the channel list
in async to NULL and checking this in do_become_nonbusy prevents the oops.
Signed-off-by: Bernd Porr<m...@berndporr.me.uk>
---
drivers/staging/comedi/comedi_fops.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/comedi/comedi_fops.c
b/drivers/staging/comedi/comedi_fops.c
index f3d59e2..cb546f8 100644
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -560,8 +560,10 @@ static void do_become_nonbusy(struct comedi_device *dev,
if (async) {
comedi_buf_reset(async);
async->inttrig = NULL;
- kfree(async->cmd.chanlist);
- async->cmd.chanlist = NULL;
+ if (async->cmd.chanlist) {
+ kfree(async->cmd.chanlist);
+ async->cmd.chanlist = NULL;
+ }
That part of the patch is unnecessary as kfree() allows its argument to
be a null pointer.
} else {
dev_err(dev->class_dev,
"BUG: (?) do_become_nonbusy called with async=NULL\n");
@@ -1425,6 +1427,7 @@ static int do_cmd_ioctl(struct comedi_device *dev,
async->cmd.chanlist_len *
sizeof(int));
if (IS_ERR(async->cmd.chanlist)) {
ret = PTR_ERR(async->cmd.chanlist);
+ async->cmd.chanlist = NULL;
DPRINTK("memdup_user failed with code %d\n", ret);
goto cleanup;
}
This needs rebasing for Greg's "staging-next" branch due to other
changes (the DPRINTK() has been replaced). Let me do that for you and
set you as the author.
--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbo...@mev.co.uk> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
