Hey Luca,
On Wed, Jan 30, 2013 at 06:34:48PM +0200, Luciano Coelho wrote:
> [...]
>
> > @@ -1195,14 +1196,36 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
> > enum cfg80211_chan_mode chmode;
> > int num_different_channels = 0;
> > int total = 1;
> > + bool radar_required;
> > int i, j;
> >
> > ASSERT_RTNL();
> > lockdep_assert_held(&rdev->devlist_mtx);
> >
> > + if (WARN_ON(hweight32(radar_detect) > 1))
> > + return -EINVAL;
> > +
> > + switch (iftype) {
> > + case NL80211_IFTYPE_ADHOC:
> > + case NL80211_IFTYPE_AP:
> > + case NL80211_IFTYPE_AP_VLAN:
> > + case NL80211_IFTYPE_MESH_POINT:
> > + case NL80211_IFTYPE_P2P_GO:
> > + radar_required = !!(chan->flags & IEEE80211_CHAN_RADAR);
> > + break;
>
> This code is causing an oops with the wl18xx driver in AP mode. The
> problem is that cfg80211_can_change_interface() calls
> cfg80211_can_use_iftype_chan() with chan == NULL. This code doesn't
> check if chan is NULL, so this dereference causes the oops.
Sorry about that - I believe you've found the same bug I've posted a patch
for a few days ago. Johannes already has this in mac80211-next, but it is
not yet in wireless-testing:
http://article.gmane.org/gmane.linux.kernel.wireless.general/102836/match=simon
http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211-next.git;a=commit;h=683d41ae6755e6ae297ec09603c229795ab9566e
>
> I don't have the time right now to fix this, but I'll look into it
> tomorrow (unless someone comes with a fix before that :P).
Please have a look at the patch posted above (both links for the same patch).
Cheers,
Simon
> [...]
Attachment:
signature.asc
Description: Digital signature
