On Wed, Aug 10, 2011 at 3:32 PM, Stanislaw Gruszka <sgruszka@xxxxxxxxxx> wrote: > Patch should fix this oops: > > BUG: unable to handle kernel NULL pointer dereference at 000000a0 > IP: [<f81b30c9>] rt2800usb_get_txwi+0x19/0x70 [rt2800usb] > *pdpt = 0000000000000000 *pde = f000ff53f000ff53 > Oops: 0000 [#1] SMP > Pid: 198, comm: kworker/u:3 Tainted: G W 3.0.0-wl+ #9 LENOVO 6369CTO/6369CTO > EIP: 0060:[<f81b30c9>] EFLAGS: 00010283 CPU: 1 > EIP is at rt2800usb_get_txwi+0x19/0x70 [rt2800usb] > EAX: 00000000 EBX: f465e140 ECX: f4494960 EDX: ef24c5f8 > ESI: 810f21f5 EDI: f1da9960 EBP: f4581e80 ESP: f4581e70 > DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 > Process kworker/u:3 (pid: 198, ti=f4580000 task=f4494960 task.ti=f4580000) > Call Trace: > [<f804790f>] rt2800_txdone_entry+0x2f/0xf0 [rt2800lib] > [<c045110d>] ? warn_slowpath_common+0x7d/0xa0 > [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb] > [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb] > [<f81b3a13>] rt2800usb_work_txdone+0x263/0x360 [rt2800usb] > [<c046a8d6>] process_one_work+0x186/0x440 > [<c046a85a>] ? process_one_work+0x10a/0x440 > [<f81b37b0>] ? rt2800usb_probe_hw+0x120/0x120 [rt2800usb] > [<c046c283>] worker_thread+0x133/0x310 > [<c04885db>] ? trace_hardirqs_on+0xb/0x10 > [<c046c150>] ? manage_workers+0x1e0/0x1e0 > [<c047054c>] kthread+0x7c/0x90 > [<c04704d0>] ? __init_kthread_worker+0x60/0x60 > [<c0826b42>] kernel_thread_helper+0x6/0x1 > > Oops might happen because we check rt2x00queue_empty(queue) twice, > but this condition can change and we can process entry in > rt2800_txdone_entry(), which was already processed by > rt2800usb_txdone_entry_check() -> rt2x00lib_txdone_noinfo() and > has nullify entry->skb . > > Reported-by: Justin Piszcz <jpiszcz@xxxxxxxxxxxxxxx> > Cc: stable@xxxxxxxxxx > Signed-off-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx> Acked-by: Ivo van Doorn <IvDoorn@xxxxxxxxx> > --- > drivers/net/wireless/rt2x00/rt2800usb.c | 7 +++---- > 1 files changed, 3 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c > index d137812..cd54721 100644 > --- a/drivers/net/wireless/rt2x00/rt2800usb.c > +++ b/drivers/net/wireless/rt2x00/rt2800usb.c > @@ -538,12 +538,11 @@ static void rt2800usb_txdone(struct rt2x00_dev *rt2x00dev) > entry = rt2x00queue_get_entry(queue, Q_INDEX_DONE); > if (rt2800usb_txdone_entry_check(entry, reg)) > break; > + entry = NULL; > } > > - if (!entry || rt2x00queue_empty(queue)) > - break; > - > - rt2800_txdone_entry(entry, reg); > + if (entry) > + rt2800_txdone_entry(entry, reg); > } > } > > -- > 1.7.1 > > -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
