From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail177-1.suw61.mandrillapp.com ([198.2.177.1]:39177 "EHLO mail177-1.suw61.mandrillapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751032AbcCASyc (ORCPT ); Tue, 1 Mar 2016 13:54:32 -0500 Received: from pmta06.mandrill.prod.suw01.rsglab.com (127.0.0.1) by mail177-1.suw61.mandrillapp.com id hqnimg22rtkq for ; Tue, 1 Mar 2016 18:54:29 +0000 (envelope-from ) From: Subject: Patch "rtlwifi: rtl_pci: Fix kernel panic" has been added to the 4.4-stable tree To: , , Cc: , Message-Id: <145685846416187@kroah.com> Date: Tue, 01 Mar 2016 18:54:28 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled rtlwifi: rtl_pci: Fix kernel panic to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: rtlwifi-rtl_pci-fix-kernel-panic.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From f99551a2d39dc26ea03dc6761be11ac913eb2d57 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Mon, 21 Dec 2015 17:05:08 -0600 Subject: rtlwifi: rtl_pci: Fix kernel panic From: Larry Finger commit f99551a2d39dc26ea03dc6761be11ac913eb2d57 upstream. In commit 38506ecefab9 (rtlwifi: rtl_pci: Start modification for new drivers), a bug was introduced that causes a NULL pointer dereference. As this bug only affects the infrequently used RTL8192EE and only under low-memory conditions, it has taken a long time for the bug to show up. The bug was reported on the linux-wireless mailing list and also at https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/ as bug #1527603 (kernel crashes due to rtl8192ee driver on ubuntu 15.10). Fixes: 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for new drivers") Signed-off-by: Larry Finger Signed-off-by: Kalle Valo Signed-off-by: Greg Kroah-Hartman --- drivers/net/wireless/realtek/rtlwifi/pci.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) --- a/drivers/net/wireless/realtek/rtlwifi/pci.c +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c @@ -801,7 +801,9 @@ static void _rtl_pci_rx_interrupt(struct hw_queue); if (rx_remained_cnt == 0) return; - + buffer_desc = &rtlpci->rx_ring[rxring_idx].buffer_desc[ + rtlpci->rx_ring[rxring_idx].idx]; + pdesc = (struct rtl_rx_desc *)skb->data; } else { /* rx descriptor */ pdesc = &rtlpci->rx_ring[rxring_idx].desc[ rtlpci->rx_ring[rxring_idx].idx]; @@ -824,13 +826,6 @@ static void _rtl_pci_rx_interrupt(struct new_skb = dev_alloc_skb(rtlpci->rxbuffersize); if (unlikely(!new_skb)) goto no_new; - if (rtlpriv->use_new_trx_flow) { - buffer_desc = - &rtlpci->rx_ring[rxring_idx].buffer_desc - [rtlpci->rx_ring[rxring_idx].idx]; - /*means rx wifi info*/ - pdesc = (struct rtl_rx_desc *)skb->data; - } memset(&rx_status , 0 , sizeof(rx_status)); rtlpriv->cfg->ops->query_rx_desc(hw, &stats, &rx_status, (u8 *)pdesc, skb); Patches currently in stable-queue which might be from Larry.Finger@lwfinger.net are queue-4.4/rtlwifi-rtl8723be-fix-module-parameter-initialization.patch queue-4.4/rtlwifi-rtl8192de-fix-incorrect-module-parameter-descriptions.patch queue-4.4/rtlwifi-rtl8192se-fix-module-parameter-initialization.patch queue-4.4/rtlwifi-rtl8192cu-add-missing-parameter-setup.patch queue-4.4/rtlwifi-rtl8723ae-fix-initialization-of-module-parameters.patch queue-4.4/rtlwifi-rtl_pci-fix-kernel-panic.patch queue-4.4/rtlwifi-rtl8188ee-fix-module-parameter-initialization.patch queue-4.4/rtlwifi-rtl8192ce-fix-handling-of-module-parameters.patch