[PATCH 18/20] rt2x00: Fix oops caused by error path in rt2x00lib_start

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ivo van Doorn <ivdoorn@gmail.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: users@rt2x00.serialmonkey.com, linux-wireless@vger.kernel.org,
	Helmut Schaa <helmut.schaa@googlemail.com>
Subject: [PATCH 18/20] rt2x00: Fix oops caused by error path in rt2x00lib_start
Date: Sat, 2 Oct 2010 11:34:05 +0200	[thread overview]
Message-ID: <201010021134.06174.IvDoorn@gmail.com> (raw)
In-Reply-To: <201010021133.43033.IvDoorn@gmail.com>

From: Helmut Schaa <helmut.schaa@googlemail.com>

When rt2x00lib_enable_radio fails to enable the radio, rt2x00lib_start
will call rt2x00queue_uninitialize to uninitialize the queues. Since,
the queues are not initialized here but already in rt2x00lib_initialize
we shouldn't uninitialize the queues here. Otherwise, a consecutive call
to rt2x00lib_start will oops (see below) because it assumes the queues
are already initialized.

BUG: unable to handle kernel NULL pointer dereference at 00000010
IP: [<f8d2d901>] :rt2800pci:rt2800pci_clear_entry+0x1/0x40
*pde = 00000000
Oops: 0000 [#1] SMP
Modules linked in: ... rt2800pci ...

Pid: 5995, comm: hostapd Not tainted (2.6.27.8 #1)
EIP: 0060:[<f8d2d901>] EFLAGS: 00210246 CPU: 3
EIP is at rt2800pci_clear_entry+0x1/0x40 [rt2800pci]
EAX: 00000000 EBX: f698863c ECX: 00200296 EDX: f8d2dee0
ESI: f6988600 EDI: f5b6f000 EBP: 00000000 ESP: f6d75e4c
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process hostapd (pid: 5995, ti=f6d74000 task=f6ce2300 task.ti=f6d74000)
Stack: f698863c fa00eaec 00000000 f5b6f000 00000000 f7b67000 f5b6e280 fa00c629
      f5b6f000 00000000 fa00ca3d f7b67480 00000001 fa177d4c 01b6e890 f7b67000
      00000000 f7b67000 00000001 00001003 00001002 c066c366 f7b67000 c0668ad0
Call Trace:
 [<fa00eaec>] rt2x00queue_init_queues+0x5c/0x90 [rt2x00lib]
 [<fa00c629>] rt2x00lib_enable_radio+0x29/0xa0 [rt2x00lib]
 [<fa00ca3d>] rt2x00lib_start+0x5d/0xd0 [rt2x00lib]
 [<fa177d4c>] ieee80211_do_open+0x21c/0x510 [mac80211]
 [<c066c366>] dev_open+0x56/0xb0
 [<c0668ad0>] dev_set_rx_mode+0x20/0x40
 [<c066a67f>] dev_change_flags+0x7f/0x190
 [<c06b1495>] devinet_ioctl+0x515/0x690
 [<c0668d24>] __dev_get_by_name+0x74/0x90
 [<c065d3f0>] sock_ioctl+0xd0/0x240
 [<c065d320>] sock_ioctl+0x0/0x240
 [<c018179b>] vfs_ioctl+0x2b/0x90
 [<c0181a5b>] do_vfs_ioctl+0x25b/0x2a0
 [<c0181af6>] sys_ioctl+0x56/0x70
 [<c0103262>] syscall_call+0x7/0xb
 [<c0700000>] add_card+0xad0/0xba0
 =======================
Code: 83 78 08 0e 74 14 8b 02 8b 48 04 85 c9 0f 99 c0 0f b6 c0 c3 8d b6
      00 00 00 00 8b 02 8b 40 04 85 c0 0f 99 c0 0f b6 c0 c3 66 90 53 <8b>
      48 10 8b 58 08 8b 40 04 83 78 08 0e 74 15 8b 11 83 c2 04 8b
EIP: [<f8d2d901>] rt2800pci_clear_entry+0x1/0x40 [rt2800pci] SS:ESP 0068:f6d75e4c
---[ end trace cff9a5c094bb8837 ]---

Reported-by: Joshua Smith <jesmith@kaon.com>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
---
 drivers/net/wireless/rt2x00/rt2x00dev.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c
index b03e6e4..6f442b0 100644
--- a/drivers/net/wireless/rt2x00/rt2x00dev.c
+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
@@ -933,10 +933,8 @@ int rt2x00lib_start(struct rt2x00_dev *rt2x00dev)
 
 	/* Enable the radio */
 	retval = rt2x00lib_enable_radio(rt2x00dev);
-	if (retval) {
-		rt2x00queue_uninitialize(rt2x00dev);
+	if (retval)
 		return retval;
-	}
 
 	set_bit(DEVICE_STATE_STARTED, &rt2x00dev->flags);
 
-- 
1.7.2.3

next prev parent reply	other threads:[~2010-10-02  9:35 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-02  9:26 [PATCH 01/20] rt2x00: Don't overwrite beacon buffers in pairwise key setup Ivo van Doorn
2010-10-02  9:27 ` [PATCH 02/20] rt2x00: Split out parts of the rt2800_txdone function for easier reuse Ivo van Doorn
2010-10-02  9:27   ` [PATCH 03/20] rt2x00: rework tx status handling in rt2800pci Ivo van Doorn
2010-10-02  9:28     ` [PATCH 04/20] rt2x00: Fix SM PS check Ivo van Doorn
2010-10-02  9:28       ` [PATCH 05/20] rt2x00: Implement HT protection for rt2800 Ivo van Doorn
2010-10-02  9:29         ` [PATCH 06/20] rt2x00: Don't initialize MM40 HT protection to RTS/CTS on PCI devices Ivo van Doorn
2010-10-02  9:29           ` [PATCH 07/20] rt2x00: Fix race between dma mapping and clearing rx entries in rt2800pci Ivo van Doorn
2010-10-02  9:29             ` [PATCH 08/20] rt2x00: Allow tx duplication for legacy rates in HT40 mode Ivo van Doorn
2010-10-02  9:30               ` [PATCH 09/20] rt2x00: Add rt73usb device ID Ivo van Doorn
2010-10-02  9:30                 ` [PATCH 10/20] rt2x00: Add register definition for busy time on secondary channel Ivo van Doorn
2010-10-02  9:31                   ` [PATCH 11/20] rt2x00: add field definitions for the TBTT_SYNC_CFG register Ivo van Doorn
2010-10-02  9:31                     ` [PATCH 12/20] rt2x00: Don't enable broad- and multicast buffering on USB devices Ivo van Doorn
2010-10-02  9:31                       ` [PATCH 13/20] mac80211: distinct between max rates and the number of rates the hw can report Ivo van Doorn
2010-10-02  9:32                         ` [PATCH 14/20] rt2x00: correctly set max_report_rates in rt61pci and rt2800 Ivo van Doorn
2010-10-02  9:32                           ` [PATCH 15/20] rt2x00: Improve TX status entry validation Ivo van Doorn
2010-10-02  9:33                             ` [PATCH 16/20] rt2x00: Enable rx aggregation in rt2800 Ivo van Doorn
2010-10-02  9:33                               ` [PATCH 17/20] rt2x00: Update comment about the AMPDU flag in the TXWI Ivo van Doorn
2010-10-02  9:34                                 ` Ivo van Doorn [this message]
2010-10-02  9:34                                   ` [PATCH 19/20] rt2x00: Improve cooperation between rt2800pci and minstrel Ivo van Doorn
2010-10-02  9:34                                     ` [PATCH 20/20] rt2x00: Work around hw aggregation oddity in rt2800 Ivo van Doorn
2010-10-02  9:46                             ` [PATCH 15/20] rt2x00: Improve TX status entry validation Walter Goldens
2010-10-02 11:06                               ` Ivo Van Doorn

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b03e6e4 dfblob:6f442b0 )
 OR (
bs:"[PATCH 18/20] rt2x00: Fix oops caused by error path in rt2x00lib_start" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201010021134.06174.IvDoorn@gmail.com \
    --to=ivdoorn@gmail.com \
    --cc=helmut.schaa@googlemail.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    --cc=users@rt2x00.serialmonkey.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.