diff options
| author | Bernard Pidoux <[email protected]> | 2019-01-25 11:46:40 +0100 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2019-01-27 10:40:01 -0800 |
| commit | b0cf029234f9b18e10703ba5147f0389c382bccc (patch) | |
| tree | ce465f39a10f701dcc03cca11e152d7e1b6bd80a /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | 6571ebce112a21ec9be68ef2f53b96fcd41fd81b (diff) | |
net/rose: fix NULL ax25_cb kernel panic
When an internally generated frame is handled by rose_xmit(),
rose_route_frame() is called:
if (!rose_route_frame(skb, NULL)) {
dev_kfree_skb(skb);
stats->tx_errors++;
return NETDEV_TX_OK;
}
We have the same code sequence in Net/Rom where an internally generated
frame is handled by nr_xmit() calling nr_route_frame(skb, NULL).
However, in this function NULL argument is tested while it is not in
rose_route_frame().
Then kernel panic occurs later on when calling ax25cmp() with a NULL
ax25_cb argument as reported many times and recently with syzbot.
We need to test if ax25 is NULL before using it.
Testing:
Built kernel with CONFIG_ROSE=y.
Signed-off-by: Bernard Pidoux <[email protected]>
Acked-by: Dmitry Vyukov <[email protected]>
Reported-by: [email protected]
Cc: "David S. Miller" <[email protected]>
Cc: Ralf Baechle <[email protected]>
Cc: Bernard Pidoux <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions