#18256: pppd restart may cause NULL pointer deference
-------------------------+-----------------------------------
Reporter: spiritbook | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone: Barrier Breaker 14.07
Component: kernel | Version: Trunk
Keywords: ppp;kernel; |
-------------------------+-----------------------------------
env: Linux 3.10.44 + pppd 2.4.6
when i am doing /etc/init.d/network restart
sometimes a oops occur
{{{
[ 342.020000] CPU 0 Unable to handle kernel paging request at virtual
address 000001f4, epc == 80fc17e8, ra == 80fc17a8
[ 342.020000] Oops[#1]:
[ 342.020000] CPU: 0 PID: 1128 Comm: pppd Tainted: G W 3.10.44
#35
[ 342.020000] task: 804a5920 ti: 809f0000 task.ti: 809f0000
[ 342.020000] $ 0 : 00000000 00000001 00000001 00000000
[ 342.020000] $ 4 : 804e1800 00000000 802ab614 00010000
[ 342.020000] $ 8 : 802b0000 00010000 802a9260 6f707070
[ 342.020000] $12 : 00000000 00000001 00000000 00070012
[ 342.020000] $16 : 804e1800 00000000 8059f160 8059f180
[ 342.020000] $20 : 80550be8 8059f180 8180e3d0 802b0000
[ 342.020000] $24 : 00000000 8014fb00
[ 342.020000] $28 : 809f0000 809f1ce8 802653c0 80fc17a8
[ 342.020000] Hi : 00000000
[ 342.020000] Lo : ec4e4000
[ 342.020000] epc : 80fc17e8 0x80fc17e8
[ 342.020000] Tainted: G W
[ 342.020000] ra : 80fc17a8 0x80fc17a8
[ 342.020000] Status: 1100e402 KERNEL EXL
[ 342.020000] Cause : 00800008
[ 342.020000] BadVA : 000001f4
[ 342.020000] PrId : 00019650 (MIPS 24KEc)
[ 342.020000] Modules linked in: url_log rg_sys pppoe ppp_async
iptable_nat pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv4 iptable_raw
iptable_mangle iptable_filter ipt_REJECT ipt_MASQUERADE ip_tables xt_time
xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit
xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_CT x_tables
ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200
ums_freecom ums_datafab ums_cypress ums_alauda slhc nf_nat_irc nf_nat_ftp
nf_nat nf_defrag_ipv4 nf_conntrack_irc nf_conntrack_ftp crc_itu_t
crc_ccitt rt2860v2_ap ledtrig_usbdev vfat fat ntfs nls_utf8 nls_iso8859_1
nls_cp437 eeprom_93cx6 arc4 crypto_blkcipher usb_storage leds_gpio
dwc2_platform dwc2 ohci_hcd ehci_platform ehci_hcd sd_mod scsi_mod
gpio_button_hotplug ext4 crc16 jbd2 mbcache usbcore nls_base usb_common
crypto_hash
[ 342.020000] Process pppd (pid: 1128, threadinfo=809f0000,
task=804a5920, tls=778b6440)
[ 342.020000] Stack : 8059f2e0 80550be0 80550be8 00000001 80bc8770
8059f160 80fc2164 80bc87f8
8059f180 80550be8 8059f180 80188f00 804f2d80 8042f700 80bc8770
00000000
80550be0 80550be0 00000008 80188fac 80550be8 8059f180 80550be0
00000008
80bc87f8 8008e830 8101b760 80a31d20 00000000 8008b040 00000000
00000000
804a5920 80550460 80310000 802b0000 00010000 00000001 802b0000
800363f8
...
[ 342.020000] Call Trace:
[ 342.020000] [<80fc17e8>] 0x80fc17e8
[ 342.020000]
[ 342.020000]
Code: 41626000 30420001 000000c0 <8c6301f4> 8c640000 2484ffff ac640000
10400002 41606000
[ 342.480000] ---[ end trace d919561d19e24c02 ]---
}}}
review the code, i think it may be caused by
@function : pppoe_release
{{{
if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE))
{
dev_put(po->pppoe_dev);
po->pppoe_dev = NULL;
}
}}}
here "po->pppoe_dev" may be NULL, cause when interface going down
@function: pppoe_device_event -> pppoe_flush_dev
{{{
if (po->pppoe_dev == dev &&
sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND
| PPPOX_ZOMBIE)) {
pppox_unbind_sock(sk);
sk->sk_state = PPPOX_ZOMBIE;
sk->sk_state_change(sk);
po->pppoe_dev = NULL;
dev_put(dev);
}
}}}
here "po->pppoe_dev" set to NULL.
is it the right replace cause the oops?
does it need if (po->pppoe_dev == NULL) before using it ?
Thanks.
--
Ticket URL: <https://dev.openwrt.org/ticket/18256>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
