* [PATCH] rtlwifi: rtl_pci: Fix kernel panic
@ 2015-12-21 23:05 Larry Finger
2015-12-30 15:36 ` Kalle Valo
0 siblings, 1 reply; 2+ messages in thread
From: Larry Finger @ 2015-12-21 23:05 UTC (permalink / raw)
To: kvalo; +Cc: devel, linux-wireless, Larry Finger, Stable
In commit 38506ecefab9 (rtlwifi: rtl_pci: Start modification for new
drivers), a bug was introduced that causes a NULL pointer dereference.
As this bug only affects the infrequently used RTL8192EE and only under
low-memory conditions, it has taken a long time for the bug to show up.
The bug was reported on the linix-wireless mailing list and also at
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/ as
bug #1527603 (kernel crashes due to rtl8192ee driver on ubuntu 15.10).
Fixes: 38506ecefab9
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/pci.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index f46c9d7..7f471bf 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -801,7 +801,9 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
hw_queue);
if (rx_remained_cnt == 0)
return;
-
+ buffer_desc = &rtlpci->rx_ring[rxring_idx].buffer_desc[
+ rtlpci->rx_ring[rxring_idx].idx];
+ pdesc = (struct rtl_rx_desc *)skb->data;
} else { /* rx descriptor */
pdesc = &rtlpci->rx_ring[rxring_idx].desc[
rtlpci->rx_ring[rxring_idx].idx];
@@ -824,13 +826,6 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
new_skb = dev_alloc_skb(rtlpci->rxbuffersize);
if (unlikely(!new_skb))
goto no_new;
- if (rtlpriv->use_new_trx_flow) {
- buffer_desc =
- &rtlpci->rx_ring[rxring_idx].buffer_desc
- [rtlpci->rx_ring[rxring_idx].idx];
- /*means rx wifi info*/
- pdesc = (struct rtl_rx_desc *)skb->data;
- }
memset(&rx_status , 0 , sizeof(rx_status));
rtlpriv->cfg->ops->query_rx_desc(hw, &stats,
&rx_status, (u8 *)pdesc, skb);
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: rtlwifi: rtl_pci: Fix kernel panic
2015-12-21 23:05 [PATCH] rtlwifi: rtl_pci: Fix kernel panic Larry Finger
@ 2015-12-30 15:36 ` Kalle Valo
0 siblings, 0 replies; 2+ messages in thread
From: Kalle Valo @ 2015-12-30 15:36 UTC (permalink / raw)
To: Larry Finger; +Cc: devel, linux-wireless, Larry Finger, Stable
> In commit 38506ecefab9 (rtlwifi: rtl_pci: Start modification for new
> drivers), a bug was introduced that causes a NULL pointer dereference.
> As this bug only affects the infrequently used RTL8192EE and only under
> low-memory conditions, it has taken a long time for the bug to show up.
>
> The bug was reported on the linux-wireless mailing list and also at
> https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/ as
> bug #1527603 (kernel crashes due to rtl8192ee driver on ubuntu 15.10).
>
> Fixes: 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for new drivers")
> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
> Cc: Stable <stable@vger.kernel.org>
Thanks, applied to wireless-drivers-next.git.
Kalle Valo
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-30 15:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-21 23:05 [PATCH] rtlwifi: rtl_pci: Fix kernel panic Larry Finger
2015-12-30 15:36 ` Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).