[PATCH update 3/3] fs: Fix crash caused by write to dummy debugfs interface like HW_latency exposed
[ 141.311906] BUG: unable to handle kernel NULL pointer dereference at 0008 [ 141.314071] IP: [] simple_attr_write+0x2c/0x100 [ 141.316195] PGD c3bd7067 PUD cb41d067 PMD 0 [ 141.318287] Oops: [#1] SMP [ 141.320338] Modules linked in: hw_latency_test lockd sunrpc iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack rfcomm bnep coretemp kvm arc4 iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_realtek option usb_wwan snd_hda_intel snd_hda_codec btusb bluetooth snd_hwdep snd_seq snd_seq_device snd_pcm iwlwifi thinkpad_acpi cfg80211 snd_page_alloc snd_timer crc32c_intel snd e1000e tpm_tis ghash_clmulni_intel tpm tpm_bios soundcore iTCO_wdt rfkill joydev microcode i2c_i801 wmi iTCO_vendor_support mei lpc_ich mfd_core pcspkr uinput i915 usb_storage i2c_algo_bit uas drm_kms_helper sdhci_pci sdhci drm mmc_core i2c_core video [ 141.329446] CPU 2 [ 141.329467] Pid: 804, comm: bash Not tainted 3.7.0-rc2+ #5 LENOVO 232045C/232045C [ 141.333922] RIP: 0010:[] [] simple_attr_write+0x2c/0x100 [ 141.336173] RSP: 0018:8800cb6c3eb8 EFLAGS: 00010286 [ 141.338377] RAX: 811f8f10 RBX: 8800c4549600 RCX: 8800cb6c3f50 [ 141.340573] RDX: 0002 RSI: 7fcbf9ef RDI: 8800c4549600 [ 141.342744] RBP: 8800cb6c3ef8 R08: 000a R09: 7fcbf9edd740 [ 141.344896] R10: 0001 R11: 0246 R12: 0002 [ 141.347017] R13: 7fcbf9ef R14: 8800cb6c3f50 R15: [ 141.349115] FS: 7fcbf9edd740() GS:88011920() knlGS: [ 141.351209] CS: 0010 DS: ES: CR0: 80050033 [ 141.353314] CR2: 0008 CR3: c696c000 CR4: 001407e0 [ 141.355457] DR0: DR1: DR2: [ 141.357590] DR3: DR6: 0ff0 DR7: 0400 [ 141.359685] Process bash (pid: 804, threadinfo 8800cb6c2000, task 8800cb7ccd20) [ 141.361767] Stack: [ 141.363793] 8800c4549600 7fcbf9ef 8800cb6c3ef8 8800c4549600 [ 141.365864] 0002 7fcbf9ef 8800cb6c3f50 [ 141.367905] 8800cb6c3f28 811cf27f 8800c4549600 7fcbf9ef [ 141.369924] Call Trace: [ 141.371882] [] vfs_write+0xaf/0x190 [ 141.373827] [] sys_write+0x55/0xa0 [ 141.375745] [] system_call_fastpath+0x16/0x1b [ 141.377661] Code: 1f 44 00 00 55 48 89 e5 48 83 ec 40 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 4c 8b bf 28 01 00 00 48 89 75 c8 <49> 83 7f 08 00 0f 84 b1 00 00 00 4d 8d 67 50 31 f6 49 89 d5 4c [ 141.382206] RIP [] simple_attr_write+0x2c/0x100 [ 141.384326] RSP [ 141.386401] CR2: 0008 [ 141.388548] ---[ end trace 9c28eee46fcb7871 ]--- Signed-off-by: Luming Yu --- fs/libfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/libfs.c b/fs/libfs.c index 7cc37ca..bc51574 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -819,7 +819,7 @@ ssize_t simple_attr_write(struct file *file, const char __user *buf, ssize_t ret; attr = file->private_data; - if (!attr->set) + if (!attr || !attr->set) return -EACCES; ret = mutex_lock_interruptible(>mutex); -- 1.7.12.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH update 3/3] fs: Fix crash caused by write to dummy debugfs interface like HW_latency exposed
[ 141.311906] BUG: unable to handle kernel NULL pointer dereference at 0008 [ 141.314071] IP: [811f8f3c] simple_attr_write+0x2c/0x100 [ 141.316195] PGD c3bd7067 PUD cb41d067 PMD 0 [ 141.318287] Oops: [#1] SMP [ 141.320338] Modules linked in: hw_latency_test lockd sunrpc iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack rfcomm bnep coretemp kvm arc4 iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_realtek option usb_wwan snd_hda_intel snd_hda_codec btusb bluetooth snd_hwdep snd_seq snd_seq_device snd_pcm iwlwifi thinkpad_acpi cfg80211 snd_page_alloc snd_timer crc32c_intel snd e1000e tpm_tis ghash_clmulni_intel tpm tpm_bios soundcore iTCO_wdt rfkill joydev microcode i2c_i801 wmi iTCO_vendor_support mei lpc_ich mfd_core pcspkr uinput i915 usb_storage i2c_algo_bit uas drm_kms_helper sdhci_pci sdhci drm mmc_core i2c_core video [ 141.329446] CPU 2 [ 141.329467] Pid: 804, comm: bash Not tainted 3.7.0-rc2+ #5 LENOVO 232045C/232045C [ 141.333922] RIP: 0010:[811f8f3c] [811f8f3c] simple_attr_write+0x2c/0x100 [ 141.336173] RSP: 0018:8800cb6c3eb8 EFLAGS: 00010286 [ 141.338377] RAX: 811f8f10 RBX: 8800c4549600 RCX: 8800cb6c3f50 [ 141.340573] RDX: 0002 RSI: 7fcbf9ef RDI: 8800c4549600 [ 141.342744] RBP: 8800cb6c3ef8 R08: 000a R09: 7fcbf9edd740 [ 141.344896] R10: 0001 R11: 0246 R12: 0002 [ 141.347017] R13: 7fcbf9ef R14: 8800cb6c3f50 R15: [ 141.349115] FS: 7fcbf9edd740() GS:88011920() knlGS: [ 141.351209] CS: 0010 DS: ES: CR0: 80050033 [ 141.353314] CR2: 0008 CR3: c696c000 CR4: 001407e0 [ 141.355457] DR0: DR1: DR2: [ 141.357590] DR3: DR6: 0ff0 DR7: 0400 [ 141.359685] Process bash (pid: 804, threadinfo 8800cb6c2000, task 8800cb7ccd20) [ 141.361767] Stack: [ 141.363793] 8800c4549600 7fcbf9ef 8800cb6c3ef8 8800c4549600 [ 141.365864] 0002 7fcbf9ef 8800cb6c3f50 [ 141.367905] 8800cb6c3f28 811cf27f 8800c4549600 7fcbf9ef [ 141.369924] Call Trace: [ 141.371882] [811cf27f] vfs_write+0xaf/0x190 [ 141.373827] [811cf5d5] sys_write+0x55/0xa0 [ 141.375745] [816f0199] system_call_fastpath+0x16/0x1b [ 141.377661] Code: 1f 44 00 00 55 48 89 e5 48 83 ec 40 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 4c 8b bf 28 01 00 00 48 89 75 c8 49 83 7f 08 00 0f 84 b1 00 00 00 4d 8d 67 50 31 f6 49 89 d5 4c [ 141.382206] RIP [811f8f3c] simple_attr_write+0x2c/0x100 [ 141.384326] RSP 8800cb6c3eb8 [ 141.386401] CR2: 0008 [ 141.388548] ---[ end trace 9c28eee46fcb7871 ]--- Signed-off-by: Luming Yu luming...@intel.com --- fs/libfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/libfs.c b/fs/libfs.c index 7cc37ca..bc51574 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -819,7 +819,7 @@ ssize_t simple_attr_write(struct file *file, const char __user *buf, ssize_t ret; attr = file-private_data; - if (!attr-set) + if (!attr || !attr-set) return -EACCES; ret = mutex_lock_interruptible(attr-mutex); -- 1.7.12.1 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
