KS8851: NULL pointer dereference if list is empty

Fix NULL pointer dereference in ks8851_tx_work by checking if dequeued list is already empty before writing the packet to TX FIFO Unable to handle kernel NULL pointer dereference at virtual address 00000050 PC is at ks8851_tx_work+0xdc/0x1b0 LR is at wait_for_common+0x148/0x164 pc : [<c01c0df4>] lr : [<c025a980>] psr: 20000013 Backtrace: ks8851_tx_work+0x0/0x1b0 worker_thread+0x0/0x190 kthread+0x0/0x90 Signed-off-by: Abraham Arce <x0066660@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Apr 21, 2010 · 761172f · 761172f
1 parent df245dc
commit 761172f
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/drivers/net/ks8851.c b/drivers/net/ks8851.c
@@ -722,12 +722,14 @@ static void ks8851_tx_work(struct work_struct *work)
 		txb = skb_dequeue(&ks->txq);
 		last = skb_queue_empty(&ks->txq);
 
-		ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA);
-		ks8851_wrpkt(ks, txb, last);
-		ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr);
-		ks8851_wrreg16(ks, KS_TXQCR, TXQCR_METFE);
+		if (txb != NULL) {
+			ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA);
+			ks8851_wrpkt(ks, txb, last);
+			ks8851_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr);
+			ks8851_wrreg16(ks, KS_TXQCR, TXQCR_METFE);
 
-		ks8851_done_tx(ks, txb);
+			ks8851_done_tx(ks, txb);
+		}
 	}
 
 	mutex_unlock(&ks->lock);