Re: [PATCH 3.1] iwlagn: fix stack corruption

"Alexander Diewald" <alex@xxxxxxxxxx> · Mon, 12 Sep 2011 21:55:54 +0200

Hi Johannes,

I've just tried the fix and it works. I switched off all the debugging options in the iwlwifi driver and the wireless stack and turned off the frame pointers for testing.
Thank you very much. 

Just some final notes:
Thank you Wey, for even forwarding this issue when you were on vacation!
Also, special Thanks to you, Meenakshi, for taking that much time. I also learned a lot regarding kernel debugging (netconsole etc.). I hope I could give some good feedback.
And thanks to all other people involved.

Maybe, see you next time ;),
Alex

On Monday 12 September 2011 21:08:25 Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@xxxxxxxxx>
> 
> Alexander reported a strange crash in iwlagn that
> Meenakshi and Wey couldn't reproduce. I just ran
> into the same issue and tracked it down to stack
> corruption. This fixes it.
> 
> The problem was introduced in
> commit 4b8b99b6e650d0527f3a123744b7459976581d14
> Author: Wey-Yi Guy <wey-yi.w.guy@xxxxxxxxx>
> Date:   Fri Jul 8 14:29:48 2011 -0700
> 
>     iwlagn: radio sensor offset in le16 format
> 
> Cc: Wey-Yi Guy <wey-yi.w.guy@xxxxxxxxx>
> Cc: Meenakshi Venkataraman <meenakshi.venkataraman@xxxxxxxxx>
> Reported-by: Alexander Diewald <alex@xxxxxxxxxx>
> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
> ---
> Wey, please fix your recent commit in our internal tree
> that does the v2 offset calibration -- it has the same
> bug twice.
> 
>  drivers/net/wireless/iwlwifi/iwl-agn-ucode.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> --- a/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c	2011-09-12
> 21:01:34.000000000 +0200 +++
> b/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c	2011-09-12
> 21:01:43.000000000 +0200 @@ -167,7 +167,7 @@ static int
> iwlagn_set_temperature_offset
> 
>  	memset(&cmd, 0, sizeof(cmd));
>  	iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
> -	memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
> +	memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
>  	if (!(cmd.radio_sensor_offset))
>  		cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;
��.n��������+%������w��{.n�����{���zW����ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f