Search Linux Wireless

oops with recent wireless-dev tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

when I use the b43 driver with my PCMCIA LinkSys WRT54GL adapter
(Broadcom 4318), run hostapd on the interface, and then try to add the
interface to a bridge, I get the following oops:

    BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
     printing eip:
    *pde = 00000000
    Oops: 0000 [#1]
    CPU:    0
    EIP:    0060:[<c02a2cb2>]    Not tainted VLI
    EFLAGS: 00010292   (2.6.23-rc3-wd #1)
    EIP is at port_cost+0x11/0xaa
    eax: c3c40000   ebx: c3c40000   ecx: 00000000   edx: 000000c0
    esi: 00000000   edi: c2a3ea80   ebp: c2a31e00   esp: c2a31dc8
    ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
    Process brctl (pid: 1498, ti=c2a30000 task=c25734c0 task.ti=c2a30000)
    Stack: c0119bcf c3680140 c10beea0 c2a31ddc c0148dc4 0000000d c2a31e00 00000296 
	   f000007e c10beea0 000080d0 c2bb7700 c3c40000 c2a3ea80 c2a31e2c c02a2ee3 
	   c251b600 c3680270 00000001 c2bb7700 c3073380 c01117df c3c40000 00000001 
    Call Trace:
     [<c010294f>] show_trace_log_lvl+0x1a/0x2f
     [<c0102a01>] show_stack_log_lvl+0x9d/0xa5
     [<c0102d76>] show_registers+0x1a5/0x277
     [<c0102f24>] die+0xdc/0x1a5
     [<c01082d1>] do_page_fault+0x461/0x530
     [<c02db49a>] error_code+0x6a/0x70
     [<c02a2ee3>] br_add_if+0x119/0x290
     [<c02a35b0>] add_del_if+0x40/0x56
     [<c02a3acc>] br_dev_ioctl+0x506/0x537
     [<c0219bc8>] dev_ifsioc+0x3c1/0x3dd
     [<c0219f2b>] dev_ioctl+0x347/0x3d4
     [<c02110ec>] sock_ioctl+0x183/0x18f
     [<c01435d4>] do_ioctl+0x1c/0x4b
     [<c01437d3>] vfs_ioctl+0x1d0/0x1df
     [<c0143815>] sys_ioctl+0x33/0x4a
     [<c0102422>] syscall_call+0x7/0xb
     =======================
    Code: ff 31 c0 eb 05 b8 ea ff ff ff 5b 5d c3 55 89 e5 83 e8 7c e8 35 58 e9 ff 5d c3 55 89 e5 57 56 53 83 ec 2c 89 c3 8b b0 b4 00 00 00 <83> 3e 00 74 53 
    EIP: [<c02a2cb2>] port_cost+0x11/0xaa SS:ESP 0068:c2a31dc8

If I read this correctly, the EIP in the last line corresponds to
net/bridge/br_if.c, line 36:

    static int port_cost(struct net_device *dev)
    {
	    if (dev->ethtool_ops->get_settings) {
                               ^^^^

As far as I can figure out, dev->ethtool_ops is NULL and the crash
happens while trying to derefernce ...->get_settings.

Is dev->ethtool_ops allowed to be NULL?  In this case the appended
patch might be the correct fix.  At least it makes the oops disappear
for me.  Another possible fix would be to add an ethtool_ops structure
to the device created by b43.

I hope this helps,
Jochen
-- 
http://seehuhn.de/
----------------------------------------------------------------------
Avoid crashes while determining initial path cost for a bridge.

Check whether 'dev->ethtool_ops' is non-NULL before accessing
'dev->ethtool_ops->get_settings'.

Signed-off-by: Jochen Voss <voss@xxxxxxxxxx>

diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index b40dada..5b396ea 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -33,7 +33,7 @@
  */
 static int port_cost(struct net_device *dev)
 {
-       if (dev->ethtool_ops->get_settings) {
+       if (dev->ethtool_ops && dev->ethtool_ops->get_settings) {
                struct ethtool_cmd ecmd = { ETHTOOL_GSET };
                int err = dev->ethtool_ops->get_settings(dev, &ecmd);
                if (!err) {

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux