Commit 46dfa3d8 authored by Tim Sell's avatar Tim Sell Committed by Greg Kroah-Hartman

staging: unisys: neglect to NULL rcvbuf pointer

Neglect to NULL rcvbuf pointer array could result in faults later

This problem would exhibit itself as a fault when when attempting to stop
any visornic device (i.e., in visornic_disable_with_timeout() or
visornic_serverdown_complete()) that had never been started (i.e., for
which init_rcv_bufs() had never been called).  Because the array of rcvbuf
was never cleared to NULLs, we would mistakenly attempt to call kfree_skb()
on garbage memory.
Signed-off-by: default avatarTim Sell <Timothy.Sell@unisys.com>
Signed-off-by: default avatarBenjamin Romer <benjamin.romer@unisys.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5deeea33
...@@ -1845,7 +1845,7 @@ static int visornic_probe(struct visor_device *dev) ...@@ -1845,7 +1845,7 @@ static int visornic_probe(struct visor_device *dev)
if (err) if (err)
goto cleanup_netdev; goto cleanup_netdev;
devdata->rcvbuf = kmalloc(sizeof(struct sk_buff *) * devdata->rcvbuf = kzalloc(sizeof(struct sk_buff *) *
devdata->num_rcv_bufs, GFP_KERNEL); devdata->num_rcv_bufs, GFP_KERNEL);
if (!devdata->rcvbuf) { if (!devdata->rcvbuf) {
err = -ENOMEM; err = -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment