From: Seth Forshee <seth.forshee@canonical.com>
To: Arend van Spriel <arend@broadcom.com>
Cc: "John W. Linville" <linville@tuxdriver.com>,
Linux Wireless List <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH] brcmsmac: fix NULL pointer crash in brcms_c_regd_init()
Date: Mon, 25 Jun 2012 11:53:45 -0500 [thread overview]
Message-ID: <20120625165345.GB4495@thinkpad-t410> (raw)
In-Reply-To: <1340286553-12053-1-git-send-email-arend@broadcom.com>
Hi Arend,
Sorry for my slow response. I was on vacation last week.
On Thu, Jun 21, 2012 at 03:49:13PM +0200, Arend van Spriel wrote:
> In the function brcms_c_regd_init() the channels are validated
> against the device capabilities. This is done for both 2.4G and
> 5G band, but there are devices that are 2.4G only, ie. BCM4313.
> For that device this leads to a NULL dereference. This patch adds
> a check in brcms_c_regd_init() to fix this.
>
> Issue introduced in wireless-next tree by following commit:
> cf03c5d brcm80211: smac: inform mac80211 of the X2 regulatory domain
>
> Cc: Seth Forshee <seth.forshee@canonical.com>
> Signed-off-by: Arend van Spriel <arend@broadcom.com>
> ---
> Noticed that one of smoketest machines actually was not sending results
> ever since I staged regulatory fixes for it. This particular system has
> a 2.4G card fitted so the root cause was quickly found.
>
> Gr. AvS
> ---
> drivers/net/wireless/brcm80211/brcmsmac/channel.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/net/wireless/brcm80211/brcmsmac/channel.c b/drivers/net/wireless/brcm80211/brcmsmac/channel.c
> index d3c7260..2d365d3 100644
> --- a/drivers/net/wireless/brcm80211/brcmsmac/channel.c
> +++ b/drivers/net/wireless/brcm80211/brcmsmac/channel.c
> @@ -768,6 +768,11 @@ void brcms_c_regd_init(struct brcms_c_info *wlc)
> band = wlc->bandstate[BAND_2G_INDEX];
> else
> band = wlc->bandstate[BAND_5G_INDEX];
> +
> + /* skip if band not initialized */
> + if (band->pi == NULL)
> + continue;
> +
Yeah, I definitely messed that up.
This looks fine, but it strikes me that it might simplify things a bit
to change the loop to iterate over over wlc->pub->_nbands instead. The
difference is pretty minor though, and since John has already applied
this patch there's probably no reason to change it.
Thanks,
Seth
next prev parent reply other threads:[~2012-06-25 16:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-21 13:49 [PATCH] brcmsmac: fix NULL pointer crash in brcms_c_regd_init() Arend van Spriel
2012-06-25 16:53 ` Seth Forshee [this message]
2012-06-26 9:46 ` Arend van Spriel
2012-06-26 19:38 ` Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120625165345.GB4495@thinkpad-t410 \
--to=seth.forshee@canonical.com \
--cc=arend@broadcom.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox