On Mon, 2009-07-27 at 10:27 +0200, Johannes Berg wrote:
> Thanks Pavel,
>
> > > while (!skb_queue_empty(&local->pending[i])) {
> > > struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
> > > + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
> > > + struct ieee80211_sub_if_data *sdata;
> > > +
> > > + sdata = vif_to_sdata(info->control.vif);
> > > + dev_hold(sdata->dev);
> >
> > I'm getting a panic at this point if I run hostapd on ath9k and a
> > Windows client tries to authenticate with a wrong WPA key.
> >
> > Debugging shows that sdata->dev is NULL.
>
> I suspect 'sdata' is already pointing to something bogus, since it's the
> result of a container_of().
>
> Can you try with the sanity checking patch I'm about to send?
If you mean "verify info->control.vif is not NULL", it makes no
difference for me. No BUG is triggered. info->control.vif is never
NULL in ieee80211_tx_pending(), but sdata->dev is NULL the second time
ieee80211_tx_pending() is called. Just skipping that case doesn't help,
I still get a panic in that function after about 10 calls.
--
Regards,
Pavel Roskin
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
