redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Wang Chen b88a2a22c6 netdevice zd1201: Use after free 
| commit 3d29b0c33d
| Author: John W. Linville <linville@tuxdriver.com>
| Date:   Fri Oct 31 14:13:12 2008 -0400
|
|     netdevice zd1201: Convert directly reference of netdev->priv to netdev_priv()
|
|     We have some reasons to kill netdev->priv:
|     1. netdev->priv is equal to netdev_priv().
|     2. netdev_priv() wraps the calculation of netdev->priv's offset, obviously
|        netdev_priv() is more flexible than netdev->priv.
|     But we cann't kill netdev->priv, because so many drivers reference to it
|     directly.
|
|     OK, becasue Dave S. Miller said, "every direct netdev->priv usage is a bug",
|     and I want to kill netdev->priv later, I decided to convert all the direct
|     reference of netdev->priv first.
|
|     (Original patch posted by Wang Chen <wangchen@cn.fujitsu.com> w/ above
|     changelog but using dev->ml_priv.  That doesn't seem appropriate
|     to me for this driver, so I've revamped it to use netdev_priv()
|     instead. -- JWL)

This commit changed the allocation of netdev, but didn't change
the free method of it.
This causes "zd" be used after the memory, which is pointed by "zd", being
freed by free_netdev().

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-12-18 22:27:38 -08:00
..
accessibility
acpi ACPI toshiba: only register rfkill if bt is enabled 2008-12-15 16:27:07 -08:00
amba
ata ata: Fix experimental tags 2008-12-09 00:44:29 -05:00
atm ATM: horizon, fix hrz_probe fail path 2008-11-29 20:42:28 -08:00
auxdisplay
base
block Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-15 20:03:50 -08:00
bluetooth Bluetooth: Enable per-module dynamic debug messages 2008-11-30 12:17:28 +01:00
cdrom Commands needing to be retried require a complete re-initialization. 2008-12-12 16:04:26 +01:00
char console ASCII glyph 1:1 mapping 2008-12-13 11:25:49 -08:00
clocksource
connector
cpufreq
cpuidle
crypto fix talitos 2008-11-30 10:03:36 -08:00
dca
dio
dma
edac i82875p_edac: fix module remove 2008-12-01 19:55:25 -08:00
eisa
firewire firewire: fw-ohci: fix IOMMU resource exhaustion 2008-12-10 12:45:34 +01:00
firmware
gpio
gpu drm/i915: Disable the GM965 MSI errata workaround. 2008-12-09 15:37:24 +10:00
hid HID: Apple ALU wireless keyboards are bluetooth devices 2008-11-28 15:09:26 +01:00
hwmon hwmon: applesmc: make applesmc load automatically on startup 2008-12-01 19:55:24 -08:00
i2c i2c-highlander: Trivial endian casting fixes 2008-12-11 12:11:21 +01:00
ide [IA64] Clear up section mismatch for ioc4_ide_attach_one. 2008-12-09 10:08:48 -08:00
idle
ieee1394 ieee1394: node manager causes up to ~3.25s delay in freezing tasks 2008-12-09 19:34:33 +01:00
infiniband Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-02 19:50:27 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2008-11-30 11:05:21 -08:00
isdn isdn: eicon: fix sparse warning: make global functions static 2008-12-16 01:17:33 -08:00
leds
lguest
macintosh rackmeter section fixes 2008-11-30 10:03:37 -08:00
mca
md block: fix setting of max_segment_size and seg_boundary mask 2008-12-03 12:55:55 +01:00
media dvb: Kill directly reference of netdev->priv 2008-12-03 21:13:13 -08:00
memstick
message Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-15 20:03:50 -08:00
mfd
misc Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-15 20:03:50 -08:00
mmc
mtd Merge git://git.infradead.org/mtd-2.6 2008-12-09 08:28:36 -08:00
net netdevice zd1201: Use after free 2008-12-18 22:27:38 -08:00
nubus
of
oprofile
parisc
parport parport_serial: fix array overflow 2008-12-01 19:55:24 -08:00
pci PCIe: ASPM: Break out of endless loop waiting for PCI config bits to switch 2008-12-09 14:59:24 -08:00
pcmcia pcmcia: blackfin: fix bug - add missing ; to MODULE macro 2008-12-15 16:27:06 -08:00
pnp
power
ps3
rapidio rapidio section noise 2008-11-30 10:03:37 -08:00
regulator
rtc rtc twl4030: rename ioctl function when RTC_INTF_DEV=n 2008-12-10 08:01:53 -08:00
s390 s390_net: Kill directly reference of netdev->priv 2008-12-06 23:57:49 -08:00
sbus Revert "of_platform_driver noise on sparce" 2008-12-01 07:55:14 -08:00
scsi Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-15 20:03:50 -08:00
serial Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2008-12-10 10:04:25 -08:00
sh
sn
spi spi: fix spi_s3c24xx_gpio num_chipselect 2008-12-01 19:55:24 -08:00
ssb
staging staging-winbond: Kill directly reference of netdev->priv 2008-12-08 01:13:25 -08:00
tc
telephony
thermal
uio
usb Phonet: USB CDC Phonet function for gadget framework 2008-12-17 15:49:09 -08:00
uwb
video Revert "radeonfb: accelerate imageblit and other improvements" 2008-12-10 16:53:32 -08:00
virtio
w1 W1_MASTER_DS1WM should depend on HAVE_CLK 2008-11-30 10:03:36 -08:00
watchdog iTCO_wdt: fix typo when setting TCO_EN bit 2008-12-03 16:20:19 -08:00
xen
zorro
Kconfig
Makefile