Menu
▾
▴
#14 Kernel Panic in SIOCGIWNAME implementation
In ib-net.c in ib_ioctl_getname the strcpy line copies a 17 byte string. The buffer it gets copied into is in a struct ifreq in dev_ioctl, which has a buffer of size IFNAMSIZ, which is 16 bytes.
Technically 17 bytes shouldn't matter, but on my kernel it's detected as a stack overflow, which causes the stack protector to trigger a kernel panic and either dump core or freeze the system, depending on your configuration. I figure this could happen on many systems.
I fixed it by changing the line to:
strncpy(name, "HC-SDMA iBurst", IFNAMSIZ);
It's basically an ignored string, so the name change (2 parentheses removed) shouldn't matter.
This change is also included in the patch I added to the patches section under the title "Complete patch for 2.6.31", which includes changes to porting to the new netdev API and structs as well as the struct name change in the PCMCIA subsystem.
Hi Quentin.
Thanks for this. I will certainly apply this along with your other patches.
FYI: the string isn't actually ignored - if you run "iwconfig" with your iburst device active, you should see the "HC-SDMA iBurst" name being displayed - at least I used to see it. I haven't looked in a while, and I'm not near an iBurst device right at this moment.
Thanks again for the patches, I'll work on an updated release in the next few days.
Cheers!
Nik
Sorry, 'ignored' was a bad word. What I meant to say was that it has no real function other than information. Meaning, choosing a different value won't affect the driver.
Thanks for the great work.
You should try and get this integrated upstream. It's certainly kernel quality.