[PATCH 18/20] rt2x00: Fix oops caused by error path in rt2x00lib_start

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Ivo van Doorn <ivdoorn@gmail.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: users@rt2x00.serialmonkey.com, linux-wireless@vger.kernel.org,
	Helmut Schaa <helmut.schaa@googlemail.com>
Subject: [PATCH 18/20] rt2x00: Fix oops caused by error path in rt2x00lib_start
Date: Sat, 2 Oct 2010 11:34:05 +0200	[thread overview]
Message-ID: <201010021134.06174.IvDoorn@gmail.com> (raw)
In-Reply-To: <201010021133.43033.IvDoorn@gmail.com>

From: Helmut Schaa <helmut.schaa@googlemail.com>

When rt2x00lib_enable_radio fails to enable the radio, rt2x00lib_start
will call rt2x00queue_uninitialize to uninitialize the queues. Since,
the queues are not initialized here but already in rt2x00lib_initialize
we shouldn't uninitialize the queues here. Otherwise, a consecutive call
to rt2x00lib_start will oops (see below) because it assumes the queues
are already initialized.

BUG: unable to handle kernel NULL pointer dereference at 00000010
IP: [<f8d2d901>] :rt2800pci:rt2800pci_clear_entry+0x1/0x40
*pde = 00000000
Oops: 0000 [#1] SMP
Modules linked in: ... rt2800pci ...

Pid: 5995, comm: hostapd Not tainted (2.6.27.8 #1)
EIP: 0060:[<f8d2d901>] EFLAGS: 00210246 CPU: 3
EIP is at rt2800pci_clear_entry+0x1/0x40 [rt2800pci]
EAX: 00000000 EBX: f698863c ECX: 00200296 EDX: f8d2dee0
ESI: f6988600 EDI: f5b6f000 EBP: 00000000 ESP: f6d75e4c
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process hostapd (pid: 5995, ti=f6d74000 task=f6ce2300 task.ti=f6d74000)
Stack: f698863c fa00eaec 00000000 f5b6f000 00000000 f7b67000 f5b6e280 fa00c629
      f5b6f000 00000000 fa00ca3d f7b67480 00000001 fa177d4c 01b6e890 f7b67000
      00000000 f7b67000 00000001 00001003 00001002 c066c366 f7b67000 c0668ad0
Call Trace:
 [<fa00eaec>] rt2x00queue_init_queues+0x5c/0x90 [rt2x00lib]
 [<fa00c629>] rt2x00lib_enable_radio+0x29/0xa0 [rt2x00lib]
 [<fa00ca3d>] rt2x00lib_start+0x5d/0xd0 [rt2x00lib]
 [<fa177d4c>] ieee80211_do_open+0x21c/0x510 [mac80211]
 [<c066c366>] dev_open+0x56/0xb0
 [<c0668ad0>] dev_set_rx_mode+0x20/0x40
 [<c066a67f>] dev_change_flags+0x7f/0x190
 [<c06b1495>] devinet_ioctl+0x515/0x690
 [<c0668d24>] __dev_get_by_name+0x74/0x90
 [<c065d3f0>] sock_ioctl+0xd0/0x240
 [<c065d320>] sock_ioctl+0x0/0x240
 [<c018179b>] vfs_ioctl+0x2b/0x90
 [<c0181a5b>] do_vfs_ioctl+0x25b/0x2a0
 [<c0181af6>] sys_ioctl+0x56/0x70
 [<c0103262>] syscall_call+0x7/0xb
 [<c0700000>] add_card+0xad0/0xba0
 =======================
Code: 83 78 08 0e 74 14 8b 02 8b 48 04 85 c9 0f 99 c0 0f b6 c0 c3 8d b6
      00 00 00 00 8b 02 8b 40 04 85 c0 0f 99 c0 0f b6 c0 c3 66 90 53 <8b>
      48 10 8b 58 08 8b 40 04 83 78 08 0e 74 15 8b 11 83 c2 04 8b
EIP: [<f8d2d901>] rt2800pci_clear_entry+0x1/0x40 [rt2800pci] SS:ESP 0068:f6d75e4c
---[ end trace cff9a5c094bb8837 ]---

Reported-by: Joshua Smith <jesmith@kaon.com>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
---
 drivers/net/wireless/rt2x00/rt2x00dev.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c
index b03e6e4..6f442b0 100644
--- a/drivers/net/wireless/rt2x00/rt2x00dev.c
+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
@@ -933,10 +933,8 @@ int rt2x00lib_start(struct rt2x00_dev *rt2x00dev)
 
 	/* Enable the radio */
 	retval = rt2x00lib_enable_radio(rt2x00dev);
-	if (retval) {
-		rt2x00queue_uninitialize(rt2x00dev);
+	if (retval)
 		return retval;
-	}
 
 	set_bit(DEVICE_STATE_STARTED, &rt2x00dev->flags);
 
-- 
1.7.2.3

next prev parent reply	other threads:[~2010-10-02  9:35 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-02  9:26 [PATCH 01/20] rt2x00: Don't overwrite beacon buffers in pairwise key setup Ivo van Doorn
2010-10-02  9:27 ` [PATCH 02/20] rt2x00: Split out parts of the rt2800_txdone function for easier reuse Ivo van Doorn
2010-10-02  9:27   ` [PATCH 03/20] rt2x00: rework tx status handling in rt2800pci Ivo van Doorn
2010-10-02  9:28     ` [PATCH 04/20] rt2x00: Fix SM PS check Ivo van Doorn
2010-10-02  9:28       ` [PATCH 05/20] rt2x00: Implement HT protection for rt2800 Ivo van Doorn
2010-10-02  9:29         ` [PATCH 06/20] rt2x00: Don't initialize MM40 HT protection to RTS/CTS on PCI devices Ivo van Doorn
2010-10-02  9:29           ` [PATCH 07/20] rt2x00: Fix race between dma mapping and clearing rx entries in rt2800pci Ivo van Doorn
2010-10-02  9:29             ` [PATCH 08/20] rt2x00: Allow tx duplication for legacy rates in HT40 mode Ivo van Doorn
2010-10-02  9:30               ` [PATCH 09/20] rt2x00: Add rt73usb device ID Ivo van Doorn
2010-10-02  9:30                 ` [PATCH 10/20] rt2x00: Add register definition for busy time on secondary channel Ivo van Doorn
2010-10-02  9:31                   ` [PATCH 11/20] rt2x00: add field definitions for the TBTT_SYNC_CFG register Ivo van Doorn
2010-10-02  9:31                     ` [PATCH 12/20] rt2x00: Don't enable broad- and multicast buffering on USB devices Ivo van Doorn
2010-10-02  9:31                       ` [PATCH 13/20] mac80211: distinct between max rates and the number of rates the hw can report Ivo van Doorn
2010-10-02  9:32                         ` [PATCH 14/20] rt2x00: correctly set max_report_rates in rt61pci and rt2800 Ivo van Doorn
2010-10-02  9:32                           ` [PATCH 15/20] rt2x00: Improve TX status entry validation Ivo van Doorn
2010-10-02  9:33                             ` [PATCH 16/20] rt2x00: Enable rx aggregation in rt2800 Ivo van Doorn
2010-10-02  9:33                               ` [PATCH 17/20] rt2x00: Update comment about the AMPDU flag in the TXWI Ivo van Doorn
2010-10-02  9:34                                 ` Ivo van Doorn [this message]
2010-10-02  9:34                                   ` [PATCH 19/20] rt2x00: Improve cooperation between rt2800pci and minstrel Ivo van Doorn
2010-10-02  9:34                                     ` [PATCH 20/20] rt2x00: Work around hw aggregation oddity in rt2800 Ivo van Doorn
2010-10-02  9:46                             ` [PATCH 15/20] rt2x00: Improve TX status entry validation Walter Goldens
2010-10-02 11:06                               ` Ivo Van Doorn

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b03e6e4 dfblob:6f442b0 )
 OR (
bs:"[PATCH 18/20] rt2x00: Fix oops caused by error path in rt2x00lib_start" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201010021134.06174.IvDoorn@gmail.com \
    --to=ivdoorn@gmail.com \
    --cc=helmut.schaa@googlemail.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    --cc=users@rt2x00.serialmonkey.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).