* Re: [PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present()
[not found] ` <43124814.8010704@pobox.com>
@ 2005-08-29 0:53 ` Jouni Malinen
[not found] ` <87slwq0xwa.fsf@litku.valo.iki.fi>
0 siblings, 1 reply; 2+ messages in thread
From: Jouni Malinen @ 2005-08-29 0:53 UTC (permalink / raw)
To: Jeff Garzik; +Cc: Kalle Valo, netdev, hostap
On Sun, Aug 28, 2005 at 07:26:12PM -0400, Jeff Garzik wrote:
> applied, but let us know when the root cause is found...
local->hw_priv was initialized only after the interrupt handler was
registered. This could trigger a NULL pointer dereference in
prism2_pccard_card_present() that assumed that local->hw_priv is always
set (and it should have been). Fix this by setting local->hw_priv before
registering the interrupt handler.
Signed-off-by: Jouni Malinen <jkmaline@cc.hut.fi>
Index: netdev-2.6/drivers/net/wireless/hostap/hostap_cs.c
===================================================================
--- netdev-2.6.orig/drivers/net/wireless/hostap/hostap_cs.c
+++ netdev-2.6/drivers/net/wireless/hostap/hostap_cs.c
@@ -772,6 +772,13 @@ static int prism2_config(dev_link_t *lin
goto failed;
link->priv = dev;
+ iface = netdev_priv(dev);
+ local = iface->local;
+ local->hw_priv = hw_priv;
+ hw_priv->link = link;
+ strcpy(hw_priv->node.dev_name, dev->name);
+ link->dev = &hw_priv->node;
+
/*
* Allocate an interrupt line. Note that this does not assign a
* handler to the interrupt, unless the 'Handler' member of the
@@ -817,13 +824,6 @@ static int prism2_config(dev_link_t *lin
link->state |= DEV_CONFIG;
link->state &= ~DEV_CONFIG_PENDING;
- iface = netdev_priv(dev);
- local = iface->local;
- local->hw_priv = hw_priv;
- hw_priv->link = link;
- strcpy(hw_priv->node.dev_name, dev->name);
- link->dev = &hw_priv->node;
-
local->shutdown = 0;
sandisk_enable_wireless(dev);
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present()
[not found] ` <87slwq0xwa.fsf@litku.valo.iki.fi>
@ 2005-09-01 2:10 ` Jouni Malinen
0 siblings, 0 replies; 2+ messages in thread
From: Jouni Malinen @ 2005-09-01 2:10 UTC (permalink / raw)
To: Kalle Valo; +Cc: hostap, netdev, Jeff Garzik
On Wed, Aug 31, 2005 at 09:22:29PM +0300, Kalle Valo wrote:
> Jouni Malinen <jkmaline@cc.hut.fi> writes:
> > local->hw_priv was initialized only after the interrupt handler was
> > registered. This could trigger a NULL pointer dereference in
> > prism2_pccard_card_present() that assumed that local->hw_priv is always
> > set (and it should have been). Fix this by setting local->hw_priv before
> > registering the interrupt handler.
>
> I was trying to test Jouni's patch but now I can't reproduce the oops
> with latest ieee80211-wifi branch and my NULL pointer check removed.
> Earlier I could reproduce it every time. Strange.
Triggering this race conditions requires that you are sharing the same
interrupt line with another device which is generating interrupts at the
same time as Host AP driver is initializing the card. I don't know
whether interrupt assignment could have changed in the latest version,
but I would guess more like cause would be a difference in, e.g., how
other devices are being used at the time Host AP driver was being
initialized.
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-09-01 2:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <871x4dx2ry.fsf@litku.valo.iki.fi>
[not found] ` <43124814.8010704@pobox.com>
2005-08-29 0:53 ` [PATCH] hostap: Fix null pointer dereference in prism2_pccard_card_present() Jouni Malinen
[not found] ` <87slwq0xwa.fsf@litku.valo.iki.fi>
2005-09-01 2:10 ` Jouni Malinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).