tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2784fe915cd25adf23ea28534019308d8a144721
ack-tegra/include/net
History
Luis R. Rodriguez 2784fe915c cfg80211: fix null pointer dereference with a custom regulatory request 
Once we moved the core regulatory request to the queue and let
the scheduler process it last_request will have been left NULL
until the schedular decides to process the first request. When
this happens and we are loading a driver with a custom regulatory
request like all Atheros drivers we end up with a NULL pointer
dereference. We fix this by checking if the request was a
custom one.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffffa016de87>] freq_reg_info_regd.clone.2+0x27/0x130 [cfg80211]
PGD 71f91067 PUD 712b2067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-1/firmware/2-1/loading
CPU 0
Modules linked in: ath9k_htc(+) ath9k_common ath9k_hw ath <etc>
Pid: 3094, comm: insmod Tainted: G        W   2.6.37-rc5-wl #16 INVALID/28427ZQ
RIP: 0010:[<ffffffffa016de87>]  [<ffffffffa016de87>] freq_reg_info_regd.clone.2+0x27/0x130 [cfg80211]
RSP: 0018:ffff88007045db78  EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffffffa047d9a0 RCX: ffff88007045dbd0
RDX: 0000000000004e20 RSI: 000000000024cde0 RDI: ffff8800700483e0
RBP: ffff88007045db98 R08: ffffffffa02f5b40 R09: 0000000000000001
R10: 000000000000000e R11: 0000000000000001 R12: 0000000000000000
R13: ffff88007004e3b0 R14: 0000000000000000 R15: ffff880070048340
FS:  00007f635a707700(0000) GS:ffff880077400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000004 CR3: 00000000708a9000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process insmod (pid: 3094, threadinfo ffff88007045c000, task ffff8800713e3ec0)
Stack:
 ffffffffa047d9a0 0000000000000000 ffff88007004e3b0 0000000000000000
 ffff88007045dc08 ffffffffa016e147 000000007045dc08 0000000000000002
 ffff8800700483e0 ffffffffa02f5b40 ffff88007045dbd8 0000000000000000
Call Trace:
 [<ffffffffa016e147>] wiphy_apply_custom_regulatory+0x137/0x1d0 [cfg80211]
 [<ffffffffa047a690>] ? ath9k_reg_notifier+0x0/0x50 [ath9k_htc]
 [<ffffffffa02f47f7>] ath_regd_init+0x347/0x430 [ath]
 [<ffffffffa047b1f5>] ath9k_htc_probe_device+0x6c5/0x960 [ath9k_htc]
 [<ffffffffa0472a2c>] ath9k_htc_hw_init+0xc/0x30 [ath9k_htc]
 [<ffffffffa04747e6>] ath9k_hif_usb_probe+0x216/0x3b0 [ath9k_htc]
 [<ffffffffa03bb6bc>] usb_probe_interface+0x10c/0x210 [usbcore]
 [<ffffffff812aec26>] driver_probe_device+0x96/0x1c0
 [<ffffffff812aedf3>] __driver_attach+0xa3/0xb0
 [<ffffffff812aed50>] ? __driver_attach+0x0/0xb0
 [<ffffffff812adaae>] bus_for_each_dev+0x5e/0x90
 [<ffffffff812ae8c9>] driver_attach+0x19/0x20
 [<ffffffff812ae438>] bus_add_driver+0x168/0x320
 [<ffffffff812af071>] driver_register+0x71/0x140
 [<ffffffff811fc4a8>] ? __raw_spin_lock_init+0x38/0x70
 [<ffffffffa03ba39c>] usb_register_driver+0xdc/0x190 [usbcore]
 [<ffffffffa03a2000>] ? ath9k_htc_init+0x0/0x4f [ath9k_htc]
 [<ffffffffa047499e>] ath9k_hif_usb_init+0x1e/0x20 [ath9k_htc]
 [<ffffffffa03a202b>] ath9k_htc_init+0x2b/0x4f [ath9k_htc]
 [<ffffffff8100212f>] do_one_initcall+0x3f/0x180
 [<ffffffff8109ef5b>] sys_init_module+0xbb/0x200
 [<ffffffff8100bf52>] system_call_fastpath+0x16/0x1b
Code: <etc, who cares>
RIP  [<ffffffffa016de87>] freq_reg_info_regd.clone.2+0x27/0x130 [cfg80211]
 RSP <ffff88007045db78>
CR2: 0000000000000004
---[ end trace 79e4193601c8b713 ]---

Reported-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-16 15:22:31 -05:00
..
9p
9p: Add datasync to client side TFSYNC/RFSYNC for dotl
2010-10-28 09:08:49 -05:00
bluetooth
Bluetooth: clean up legal text
2010-12-01 21:04:43 -02:00
caif
caif-u5500: Adding shared memory include
2010-10-27 12:29:51 -07:00
irda
net: return operator cleanup
2010-09-23 14:33:39 -07:00
iucv
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-10-23 11:47:02 -07:00
netns
netns: reorder fields in struct net
2010-10-17 13:49:14 -07:00
phonet
Phonet: 'connect' socket implementation for Pipe controller
2010-10-13 14:40:34 -07:00
sctp
net: return operator cleanup
2010-09-23 14:33:39 -07:00
tc_act
net/sched: add ACT_CSUM action to update packets checksums
2010-08-20 01:42:59 -07:00
tipc
tipc: cleanup function namespace
2010-10-16 11:13:24 -07:00
act_api.h
pkt_sched: gen_kill_estimator() rcu fixes
2010-06-11 18:37:08 -07:00
addrconf.h
ipv6: make __ipv6_isatap_ifid static
2010-10-05 00:47:39 -07:00
af_ieee802154.h
af_ieee802154: add support for WANT_ACK socket option
2009-08-12 21:54:50 -07:00
af_rxrpc.h
af_unix.h
af_unix: Allow credentials to work across user and pid namespaces.
2010-06-16 14:58:16 -07:00
ah.h
net: cleanup include/net
2009-11-04 05:06:25 -08:00
arp.h
arp: remove unnecessary export of arp_broken_ops
2010-09-29 19:45:35 -07:00
atmclip.h
ax25.h
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
ax88796.h
ax88796: Add method to take MAC from platform data
2009-03-24 23:32:03 -07:00
cfg80211.h
cfg80211: fix null pointer dereference with a custom regulatory request
2010-12-16 15:22:31 -05:00
checksum.h
cipso_ipv4.h
netlabel: Label incoming TCP connections correctly in SELinux
2009-03-28 15:01:36 +11:00
cls_cgroup.h
Merge commit 'v2.6.36-rc7' into core/rcu
2010-10-07 09:43:45 +02:00
compat.h
net: fix compat_sys_recvmmsg parameter type
2009-12-11 15:07:56 -08:00
datalink.h
dcbnl.h
dcbnl: Add support for setapp/getapp to netdev dcbnl_rtnl_ops
2009-09-01 01:24:30 -07:00
dn_dev.h
net: use __packed annotation
2010-06-03 03:21:52 -07:00
dn_fib.h
decnet: Remove unused FIB metric macros.
2010-03-27 19:23:46 -07:00
dn_neigh.h
dn_nsp.h
net: use __packed annotation
2010-06-03 03:21:52 -07:00
dn_route.h
net-next: remove useless union keyword
2010-06-10 23:31:35 -07:00
dn.h
dsa.h
dsa: add switch chip cascading support
2009-03-21 19:06:54 -07:00
dsfield.h
dst_ops.h
b43legacy: Fix compile on ARM architecture
2010-11-15 15:00:42 -05:00
dst.h
ipv4: add __rcu annotations to routes.c
2010-10-27 11:37:31 -07:00
esp.h
ethoc.h
net: Add support for the OpenCores 10/100 Mbps Ethernet MAC.
2009-03-27 00:16:21 -07:00
fib_rules.h
fib_rules: __rcu annotates ctarget
2010-10-27 11:37:32 -07:00
flow.h
ipv4: Allow configuring subnets as local addresses
2010-09-28 23:38:15 -07:00
garp.h
net/802: add __rcu annotations
2010-10-25 13:09:44 -07:00
gen_stats.h
net: cleanup include/net
2009-11-04 05:06:25 -08:00
genetlink.h
genetlink: introduce pre_doit/post_doit hooks
2010-10-05 13:35:30 -04:00
gre.h
PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol)
2010-08-21 23:05:39 -07:00
icmp.h
ipv4: raw: move struct raw_sock and raw_sk() to include/net/raw.h
2010-04-13 14:49:31 -07:00
ieee80211_radiotap.h
wireless: update radiotap parser
2010-02-08 16:50:53 -05:00
ieee802154_netdev.h
ieee802154: add an mlme_ops call to retrieve PHY object
2009-11-06 14:32:18 +03:00
ieee802154.h
ieee802154: move headers out of extra directory
2009-07-23 17:08:51 +04:00
if_inet6.h
ipv6: Replace inet6_ifaddr->dead with state
2010-05-18 15:36:06 -07:00
inet6_connection_sock.h
net: replace ipfragok with skb->local_df
2010-04-15 23:36:37 -07:00
inet6_hashtables.h
tcp: Fix a connect() race with timewait sockets
2009-12-08 20:17:51 -08:00
inet_common.h
inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage()
2010-07-12 20:21:46 -07:00
inet_connection_sock.h
tcp: Add TCP_USER_TIMEOUT socket option.
2010-08-30 13:23:33 -07:00
inet_ecn.h
net: return operator cleanup
2010-09-23 14:33:39 -07:00
inet_frag.h
fragment: add fast path for in-order fragments
2010-06-30 13:44:29 -07:00
inet_hashtables.h
tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()
2010-10-21 13:06:43 +02:00
inet_sock.h
net - IP_NODEFRAG option for IPv4 socket
2010-06-23 13:16:38 -07:00
inet_timewait_sock.h
net: suppress RCU lockdep false positive in twsk_net()
2010-04-27 12:39:01 -07:00
inetpeer.h
inetpeer: __rcu annotations
2010-10-27 11:37:33 -07:00
ip6_checksum.h
ip6_fib.h
net-next: remove useless union keyword
2010-06-10 23:31:35 -07:00
ip6_route.h
net: sk_dst_cache RCUification
2010-04-13 01:41:33 -07:00
ip6_tunnel.h
tunnels: add _rcu annotations
2010-10-25 13:09:45 -07:00
ip_fib.h
fib: Fix fib zone and its hash leak on namespace stop
2010-10-28 10:27:03 -07:00
ip_vs.h
ipvs: provide address family for debugging
2010-10-21 11:04:43 +02:00
ip.h
ipv4: add __rcu annotations to ip_ra_chain
2010-10-25 14:18:28 -07:00
ipcomp.h
percpu: add __percpu sparse annotations to net
2010-02-16 23:05:38 -08:00
ipconfig.h
ipip.h
tunnels: add __rcu annotations
2010-10-27 11:37:32 -07:00
ipv6.h
net: return operator cleanup
2010-09-23 14:33:39 -07:00
ipx.h
net: use __packed annotation
2010-06-03 03:21:52 -07:00
iw_handler.h
include/net/iw_handler.h: Use SIOCIWFIRST not SIOCSIWCOMMIT in comment
2010-03-31 14:49:12 -04:00
lapb.h
lib80211.h
lib80211: remove unused host_build_iv option
2010-07-26 15:09:04 -04:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc: use a device based hash table to speed up multicast delivery
2009-12-26 20:43:57 -08:00
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
llc: convert llc_sap_list to RCU
2009-12-26 20:46:28 -08:00
mac80211.h
mac80211: Add timeout to BA session start API
2010-12-15 17:03:59 -05:00
mip6.h
net: use __packed annotation
2010-06-03 03:21:52 -07:00
mld.h
ipv6 mcast: Introduce include/net/mld.h for MLD definitions.
2010-04-23 13:35:55 +09:00
ndisc.h
net: use __packed annotation
2010-06-03 03:21:52 -07:00
neighbour.h
neigh: reorder struct neighbour fields
2010-10-11 16:09:14 -07:00
net_namespace.h
net_ns: add __rcu annotations
2010-10-25 14:18:27 -07:00
netdma.h
netevent.h
netlabel.h
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
netlink.h
net: Fix a typo in netlink.h
2010-06-23 12:58:40 -07:00
netrom.h
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
nexthop.h
nl802154.h
ieee802154: add support for channel pages from IEEE 802.15.4-2006
2009-08-19 23:08:22 +04:00
p8022.h
pkt_cls.h
net: rename skb->iif to skb->skb_iif
2009-11-20 15:35:04 -08:00
pkt_sched.h
net: Define accessors to manipulate QDISC_STATE_RUNNING
2010-06-02 03:23:51 -07:00
protocol.h
net: add __rcu annotations to protocol
2010-10-27 11:37:31 -07:00
psnap.h
snap: use const for descriptor
2009-03-21 19:06:50 -07:00
raw.h
include/net/raw.h: Convert raw_seq_private macro to inline
2010-09-08 13:42:22 -07:00
rawv6.h
ipv6: Use correct data types for ICMPv6 type and code
2009-06-23 04:31:07 -07:00
red.h
net: cleanup include/net
2009-11-04 05:06:25 -08:00
regulatory.h
cfg80211: Fix regulatory bug with multiple cards and delays
2010-11-22 15:48:51 -05:00
request_sock.h
tcp: account SYN-ACK timeouts & retransmissions
2010-01-17 19:09:39 -08:00
rose.h
NET: ROSE: Don't use static buffer.
2009-07-26 19:11:14 -07:00
route.h
tproxy: check for transparent flag in ip_route_newports
2010-09-27 15:03:33 -07:00
rtnetlink.h
rtnetlink: remove rtnl_kill_links
2010-10-21 03:09:45 -07:00
sch_generic.h
net_sched: remove the unused parameter of qdisc_create_dflt()
2010-10-21 03:09:47 -07:00
scm.h
scm: Capture the full credentials of the scm sender.
2010-06-16 14:55:56 -07:00
slhc_vj.h
snmp.h
snmp: 64bit ipstats_mib for all arches
2010-06-30 13:31:19 -07:00
sock.h
net: add __rcu annotation to sk_filter
2010-10-25 14:18:28 -07:00
stp.h
tcp_states.h
tcp.h
tcp: tcp_enter_quickack_mode can be static
2010-09-29 19:45:36 -07:00
timewait_sock.h
transp_v6.h
IPv6: Add dontfrag argument to relevant functions
2010-04-23 23:35:28 -07:00
udp.h
tproxy: added udp6_lib_lookup function
2010-10-21 16:05:41 +02:00
udplite.h
wext.h
wext: refactor
2009-10-07 16:39:43 -04:00
wimax.h
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2009-12-09 19:43:33 -08:00
wpan-phy.h
ieee802154: add support for creation/removal of logic interfaces
2009-11-06 14:32:24 +03:00
x25.h
X25: Move accept approve flag to bitfield
2010-05-17 17:39:27 -07:00
x25device.h
X25: Add if_x25.h and x25 to device identifiers
2010-04-22 16:12:36 -07:00
xfrm.h
tunnels: add __rcu annotations
2010-10-27 11:37:32 -07:00