Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933194AbcDYQwz (ORCPT ); Mon, 25 Apr 2016 12:52:55 -0400 Received: from lxorguk.ukuu.org.uk ([81.2.110.251]:34884 "EHLO lxorguk.ukuu.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932696AbcDYQwy (ORCPT ); Mon, 25 Apr 2016 12:52:54 -0400 Date: Mon, 25 Apr 2016 17:51:57 +0100 From: One Thousand Gnomes To: Cc: , , Felipe Balbi , Greg Kroah-Hartman , Mike Looijmans , Robert Baldyga , Mark Craske Subject: Re: [PATCH v1 1/1] usb: gadget: NCM: NULL pointer dereference in eth_start_xmit Message-ID: <20160425175157.012ec034@lxorguk.ukuu.org.uk> In-Reply-To: <1461597903-17788-1-git-send-email-jim_baxter@mentor.com> References: <1461597903-17788-1-git-send-email-jim_baxter@mentor.com> Organization: Intel Corporation X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 662 Lines: 20 On Mon, 25 Apr 2016 16:25:03 +0100 wrote: > From: Jim Baxter > > "Unable to handle kernel NULL pointer dereference at virtual address > 00000078" is reported with "PC is at eth_start_xmit+0x19c/0x378 [u_ether]" > > The failure scenario is seen when closing the NCM connection while the > TCP/IPv6 stack is still trying to transmit over NCM. > > Defensive code is missing from commit > 6d3865f9d41f15ddbcecaa6722871fc0db21d7ab > "usb: gadget: NCM: Add transmit multi-frame." This looks inadequate. Surely you also need to hold dev->lock ? Also it'll also crash at the no zlp test with the same problem. Alan