Hi, when I use the b43 driver with my PCMCIA LinkSys WRT54GL adapter (Broadcom 4318), run hostapd on the interface, and then try to add the interface to a bridge, I get the following oops: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: *pde = 00000000 Oops: 0000 [#1] CPU: 0 EIP: 0060:[<c02a2cb2>] Not tainted VLI EFLAGS: 00010292 (2.6.23-rc3-wd #1) EIP is at port_cost+0x11/0xaa eax: c3c40000 ebx: c3c40000 ecx: 00000000 edx: 000000c0 esi: 00000000 edi: c2a3ea80 ebp: c2a31e00 esp: c2a31dc8 ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068 Process brctl (pid: 1498, ti=c2a30000 task=c25734c0 task.ti=c2a30000) Stack: c0119bcf c3680140 c10beea0 c2a31ddc c0148dc4 0000000d c2a31e00 00000296 f000007e c10beea0 000080d0 c2bb7700 c3c40000 c2a3ea80 c2a31e2c c02a2ee3 c251b600 c3680270 00000001 c2bb7700 c3073380 c01117df c3c40000 00000001 Call Trace: [<c010294f>] show_trace_log_lvl+0x1a/0x2f [<c0102a01>] show_stack_log_lvl+0x9d/0xa5 [<c0102d76>] show_registers+0x1a5/0x277 [<c0102f24>] die+0xdc/0x1a5 [<c01082d1>] do_page_fault+0x461/0x530 [<c02db49a>] error_code+0x6a/0x70 [<c02a2ee3>] br_add_if+0x119/0x290 [<c02a35b0>] add_del_if+0x40/0x56 [<c02a3acc>] br_dev_ioctl+0x506/0x537 [<c0219bc8>] dev_ifsioc+0x3c1/0x3dd [<c0219f2b>] dev_ioctl+0x347/0x3d4 [<c02110ec>] sock_ioctl+0x183/0x18f [<c01435d4>] do_ioctl+0x1c/0x4b [<c01437d3>] vfs_ioctl+0x1d0/0x1df [<c0143815>] sys_ioctl+0x33/0x4a [<c0102422>] syscall_call+0x7/0xb ======================= Code: ff 31 c0 eb 05 b8 ea ff ff ff 5b 5d c3 55 89 e5 83 e8 7c e8 35 58 e9 ff 5d c3 55 89 e5 57 56 53 83 ec 2c 89 c3 8b b0 b4 00 00 00 <83> 3e 00 74 53 EIP: [<c02a2cb2>] port_cost+0x11/0xaa SS:ESP 0068:c2a31dc8 If I read this correctly, the EIP in the last line corresponds to net/bridge/br_if.c, line 36: static int port_cost(struct net_device *dev) { if (dev->ethtool_ops->get_settings) { ^^^^ As far as I can figure out, dev->ethtool_ops is NULL and the crash happens while trying to derefernce ...->get_settings. Is dev->ethtool_ops allowed to be NULL? In this case the appended patch might be the correct fix. At least it makes the oops disappear for me. Another possible fix would be to add an ethtool_ops structure to the device created by b43. I hope this helps, Jochen -- http://seehuhn.de/ ---------------------------------------------------------------------- Avoid crashes while determining initial path cost for a bridge. Check whether 'dev->ethtool_ops' is non-NULL before accessing 'dev->ethtool_ops->get_settings'. Signed-off-by: Jochen Voss <voss@xxxxxxxxxx> diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index b40dada..5b396ea 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c @@ -33,7 +33,7 @@ */ static int port_cost(struct net_device *dev) { - if (dev->ethtool_ops->get_settings) { + if (dev->ethtool_ops && dev->ethtool_ops->get_settings) { struct ethtool_cmd ecmd = { ETHTOOL_GSET }; int err = dev->ethtool_ops->get_settings(dev, &ecmd); if (!err) {
Attachment:
signature.asc
Description: Digital signature