On Thu, Jan 5, 2017 at 12:17 PM, David Miller wrote:
> From: Michael Chan
> Date: Thu, 5 Jan 2017 12:04:13 -0800
>
>> But it looks like ndo_get_stats() can be called without rtnl lock from
>> net-procfs.c. So it is possible that we'll read tp->hw_stats after it
>> has been freed. For example, i
From: Michael Chan
Date: Thu, 5 Jan 2017 12:04:13 -0800
> But it looks like ndo_get_stats() can be called without rtnl lock from
> net-procfs.c. So it is possible that we'll read tp->hw_stats after it
> has been freed. For example, if we are reading /proc/net/dev and
> closing tg3 at the same t
On Thu, Jan 5, 2017 at 9:33 AM, David Miller wrote:
> From: Wang Yufen
> Date: Thu, 5 Jan 2017 22:13:21 +0800
>
>> From: Yufen Wang
>>
>> A possible NULL pointer dereference in tg3_get_stats64 while doing
>> tg3_free_consistent.
> ...
>> This patch avoids the NULL pointer dereference by using !
From: Wang Yufen
Date: Thu, 5 Jan 2017 22:13:21 +0800
> From: Yufen Wang
>
> A possible NULL pointer dereference in tg3_get_stats64 while doing
> tg3_free_consistent.
...
> This patch avoids the NULL pointer dereference by using !tg3_flag(tp,
> INIT_COMPLETE)
> instate of !tp->hw_stats.
>
>
From: Yufen Wang
A possible NULL pointer dereference in tg3_get_stats64 while doing
tg3_free_consistent.
The following trace is seen when the error is triggered:
[360729.331080] BUG: unable to handle kernel NULL pointer dereference at
0130
[360729.339357] IP: [] tg3_get_nstats+0x276
