From patchwork Wed Jul 13 12:12:06 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: yogeshp X-Patchwork-Id: 971652 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p6DCKDxg009646 for ; Wed, 13 Jul 2011 12:20:13 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751528Ab1GMMUL (ORCPT ); Wed, 13 Jul 2011 08:20:11 -0400 Received: from dakia2.marvell.com ([65.219.4.35]:49398 "EHLO dakia2.marvell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751604Ab1GMMUK (ORCPT ); Wed, 13 Jul 2011 08:20:10 -0400 X-ASG-Debug-ID: 1310559609-082dd06f0001-9xRsGE Received: from maili.marvell.com (maili.marvell.com [10.68.76.51]) by dakia2.marvell.com with ESMTP id 3DyE7TDwbnyAREDm; Wed, 13 Jul 2011 05:20:09 -0700 (PDT) X-Barracuda-Envelope-From: yogeshp@marvell.com Received: from hertz.marvell.com (unknown [10.31.131.144]) by maili.marvell.com (Postfix) with ESMTP id 7D1C58A002; Wed, 13 Jul 2011 05:20:08 -0700 (PDT) Date: Wed, 13 Jul 2011 17:42:06 +0530 From: Yogesh Ashok Powar To: "John W. Linville" Cc: linux-wireless , Lennert Buytenhek X-ASG-Orig-Subj: [PATCH] mwl8k: Fixing sta dereference when ieee80211_tx_info->control.sta is NULL Subject: [PATCH] mwl8k: Fixing sta dereference when ieee80211_tx_info->control.sta is NULL Message-ID: <20110713121159.GA8135@hertz.marvell.com> X-ASG-Orig-Subj: [PATCH] mwl8k: Fixing sta dereference when ieee80211_tx_info->control.sta is NULL MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-Barracuda-Connect: maili.marvell.com[10.68.76.51] X-Barracuda-Start-Time: 1310559609 X-Barracuda-URL: http://10.68.76.222:80/cgi-mod/mark.cgi X-Barracuda-Spam-Score: -1002.00 X-Barracuda-Spam-Status: No, SCORE=-1002.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Wed, 13 Jul 2011 12:20:13 +0000 (UTC) Following oops was seen on SMP machine >BUG: unable to handle kernel NULL pointer dereference at 00000012 >IP: [] mwl8k_tx+0x20e/0x561 [mwl8k] >*pde = 00000000 >Oops: 0000 [#1] SMP >Modules linked in: mwl8k mac80211 cfg80211 [last unloaded: cfg80211] As ieee80211_tx_info->control.sta may be NULL during ->tx call, avoiding sta dereference in such scenario with the following patch. Signed-off-by: Yogesh Ashok Powar --- drivers/net/wireless/mwl8k.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/mwl8k.c b/drivers/net/wireless/mwl8k.c index aeac3cc..a09b945 100644 --- a/drivers/net/wireless/mwl8k.c +++ b/drivers/net/wireless/mwl8k.c @@ -1891,9 +1891,9 @@ mwl8k_txq_xmit(struct ieee80211_hw *hw, int index, struct sk_buff *skb) txpriority = index; - if (ieee80211_is_data_qos(wh->frame_control) && - skb->protocol != cpu_to_be16(ETH_P_PAE) && - sta->ht_cap.ht_supported && priv->ap_fw) { + if (priv->ap_fw && sta && sta->ht_cap.ht_supported + && skb->protocol != cpu_to_be16(ETH_P_PAE) + && ieee80211_is_data_qos(wh->frame_control)) { tid = qos & 0xf; mwl8k_tx_count_packet(sta, tid); spin_lock(&priv->stream_lock);