asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/drivers/net/wireless/rt2x00
History
Stanislaw Gruszka 674db13444 rt2x00: fix crash in rt2800usb_get_txwi 
Patch should fix this oops:

BUG: unable to handle kernel NULL pointer dereference at 000000a0
IP: [<f81b30c9>] rt2800usb_get_txwi+0x19/0x70 [rt2800usb]
*pdpt = 0000000000000000 *pde = f000ff53f000ff53
Oops: 0000 [#1] SMP
Pid: 198, comm: kworker/u:3 Tainted: G        W   3.0.0-wl+ #9 LENOVO 6369CTO/6369CTO
EIP: 0060:[<f81b30c9>] EFLAGS: 00010283 CPU: 1
EIP is at rt2800usb_get_txwi+0x19/0x70 [rt2800usb]
EAX: 00000000 EBX: f465e140 ECX: f4494960 EDX: ef24c5f8
ESI: 810f21f5 EDI: f1da9960 EBP: f4581e80 ESP: f4581e70
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process kworker/u:3 (pid: 198, ti=f4580000 task=f4494960 task.ti=f4580000)
Call Trace:
 [<f804790f>] rt2800_txdone_entry+0x2f/0xf0 [rt2800lib]
 [<c045110d>] ? warn_slowpath_common+0x7d/0xa0
 [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb]
 [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb]
 [<f81b3a13>] rt2800usb_work_txdone+0x263/0x360 [rt2800usb]
 [<c046a8d6>] process_one_work+0x186/0x440
 [<c046a85a>] ? process_one_work+0x10a/0x440
 [<f81b37b0>] ? rt2800usb_probe_hw+0x120/0x120 [rt2800usb]
 [<c046c283>] worker_thread+0x133/0x310
 [<c04885db>] ? trace_hardirqs_on+0xb/0x10
 [<c046c150>] ? manage_workers+0x1e0/0x1e0
 [<c047054c>] kthread+0x7c/0x90
 [<c04704d0>] ? __init_kthread_worker+0x60/0x60
 [<c0826b42>] kernel_thread_helper+0x6/0x1

Oops might happen because we check rt2x00queue_empty(queue) twice,
but this condition can change and we can process entry in
rt2800_txdone_entry(), which was already processed by
rt2800usb_txdone_entry_check() -> rt2x00lib_txdone_noinfo() and
has nullify entry->skb .

Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-11 14:34:37 -04:00
..
Kconfig
Makefile
rt2x00.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-07-08 11:03:36 -04:00
rt2x00config.c
rt2x00crypto.c rt2x00: Don't use queue entry as parameter when creating TX descriptor. 2011-07-07 13:20:58 -04:00
rt2x00debug.c
rt2x00debug.h
rt2x00dev.c
rt2x00dump.h
rt2x00firmware.c
rt2x00leds.c
rt2x00leds.h
rt2x00lib.h rt2x00: Fix compilation without CONFIG_RT2X00_LIB_CRYPTO 2011-08-02 13:48:14 -04:00
rt2x00link.c
rt2x00mac.c rt2x00: fix usage of NULL queue 2011-08-02 13:48:14 -04:00
rt2x00pci.c
rt2x00pci.h
rt2x00queue.c rt2x00: Reduce window of a queue's tx lock. 2011-07-07 13:20:58 -04:00
rt2x00queue.h rt2x00: Serialize TX operations on a queue. 2011-07-07 13:20:57 -04:00
rt2x00reg.h
rt2x00soc.c
rt2x00soc.h
rt2x00usb.c rt2x00: fix order of entry flags modification 2011-08-11 14:34:36 -04:00
rt2x00usb.h
rt61pci.c rt2x00: Implement tx_frames_pending mac80211 callback function. 2011-07-07 13:21:00 -04:00
rt61pci.h
rt73usb.c rt2x00: Add new rt73 buffalo USB id 2011-08-09 16:11:32 -04:00
rt73usb.h
rt2400pci.c rt2x00: Implement tx_frames_pending mac80211 callback function. 2011-07-07 13:21:00 -04:00
rt2400pci.h
rt2500pci.c rt2x00: Implement tx_frames_pending mac80211 callback function. 2011-07-07 13:21:00 -04:00
rt2500pci.h
rt2500usb.c rt2x00: Implement tx_frames_pending mac80211 callback function. 2011-07-07 13:21:00 -04:00
rt2500usb.h
rt2800.h
rt2800lib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2011-08-03 09:18:21 -04:00
rt2800lib.h
rt2800pci.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-07-08 11:03:36 -04:00
rt2800pci.h
rt2800usb.c rt2x00: fix crash in rt2800usb_get_txwi 2011-08-11 14:34:37 -04:00
rt2800usb.h