From: Kalle Valo <kvalo@codeaurora.org>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: linux-wireless@vger.kernel.org, Dmitry Osipenko <digetx@gmail.com>
Subject: Re: [PATCH] rtlwifi: rtl8192c-common: Fix "BUG: KASAN:
Date: Tue, 07 Feb 2017 10:11:07 +0200 [thread overview]
Message-ID: <877f525skk.fsf@codeaurora.org> (raw)
In-Reply-To: <20170205162422.26963-1-Larry.Finger@lwfinger.net> (Larry Finger's message of "Sun, 5 Feb 2017 10:24:22 -0600")
Larry Finger <Larry.Finger@lwfinger.net> writes:
> Kernels built with CONFIG_KASAN=y report the following BUG for rtl8192cu
> and rtl8192c-common:
>
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in rtl92c_dm_bt_coexist+0x858/0x1e40
> [rtl8192c_common] at addr ffff8801c90edb08
> Read of size 1 by task kworker/0:1/38
> page:ffffea0007243800 count:1 mapcount:0 mapping: (null)
> index:0x0 compound_mapcount: 0
> flags: 0x8000000000004000(head)
> page dumped because: kasan: bad access detected
> CPU: 0 PID: 38 Comm: kworker/0:1 Not tainted 4.9.7-gentoo #3
> Hardware name: Gigabyte Technology Co., Ltd. To be filled by
> O.E.M./Z77-DS3H, BIOS F11a 11/13/2013
> Workqueue: rtl92c_usb rtl_watchdog_wq_callback [rtlwifi]
> 0000000000000000 ffffffff829eea33 ffff8801d7f0fa30 ffff8801c90edb08
> ffffffff824c0f09 ffff8801d4abee80 0000000000000004 0000000000000297
> ffffffffc070b57c ffff8801c7aa7c48 ffff880100000004 ffffffff000003e8
> Call Trace:
> [<ffffffff829eea33>] ? dump_stack+0x5c/0x79
> [<ffffffff824c0f09>] ? kasan_report_error+0x4b9/0x4e0
> [<ffffffffc070b57c>] ? _usb_read_sync+0x15c/0x280 [rtl_usb]
> [<ffffffff824c0f75>] ? __asan_report_load1_noabort+0x45/0x50
> [<ffffffffc06d7a88>] ? rtl92c_dm_bt_coexist+0x858/0x1e40 [rtl8192c_common]
> [<ffffffffc06d7a88>] ? rtl92c_dm_bt_coexist+0x858/0x1e40 [rtl8192c_common]
> [<ffffffffc06d0cbe>] ? rtl92c_dm_rf_saving+0x96e/0x1330 [rtl8192c_common]
> ...
>
> The problem is due to rtl8192ce and rtl8192cu sharing routines, and having
> different layouts of struct rtl_pci_priv, which is used by rtl8192ce, and
> struct rtl_usb_priv, which is used by rtl8192cu. The problem was resolved
> by placing the struct bt_coexist_info at the head of each of those private
> areas.
>
> Reported-and-tested-by: Dmitry Osipenko <digetx@gmail.com>
> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
> Cc: Stable <stable@vger.kernel.org> # 4.0+
> Cc: Dmitry Osipenko <digetx@gmail.com>
Patchwork incorrectly parsed this mail, my guess is because of the long
'========' line:
https://patchwork.kernel.org/patch/9556171/
So I applied this manually to wireless-drivers-next:
6773386f977c rtlwifi: rtl8192c-common: Fix "BUG: KASAN:
Thanks.
--
Kalle Valo
prev parent reply other threads:[~2017-02-07 8:11 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-05 16:24 [PATCH] rtlwifi: rtl8192c-common: Fix "BUG: KASAN: Larry Finger
2017-02-07 8:11 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877f525skk.fsf@codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=Larry.Finger@lwfinger.net \
--cc=digetx@gmail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.