Re: [linux-usb-devel] RNDIS gadget driver

Wed, 28 Apr 2004 12:13:33 -0700 

On Tue, 2004-04-27 at 18:22, David Meggy wrote:
> On Tue, 2004-04-27 at 18:07, David Brownell wrote:
> > What does /proc/rndis/0 (or whatever) have to say?  At a guess,
> > I'd say that it'll NOT be in the RNDIS_DATA_INITIALIZED state,
> > it'll be in RNDIS_INITIALIZED instead.
> 
> yep, that's correct
> 
> ~ # cat /proc/rndis/000 
> Config Nr. 0
> used      : y
> state     : RNDIS_INITIALIZED
> medium    : 0x00000000
> speed     : 0
> cable     : disconnected
> vendor ID : 0x00000000
> vendor    : Linux 2.4.25-vrs2/n9604_udc

Ok, I found a problem with rndis.c.  In the function gen_ndis_set_resp,
the value cp[28] is being used.  The is the same as r->buf[28], where r
is an argument of the function.  The only placed that this function is
called is from the function rndis_set_response.  This function calls
rndis_add_response with length argument of 16.  This function calls
kmalloc to reserve space for r and 16 bytes for r->buf.  Which is much
less than 28 bytes.

I tried commenting out the reference to cp[28] (which seems to be always
NULL for me), so the if statement would always be true.  The results
only lead to more problems

~ # cat /proc/rndis/000 
Config Nr. 0
used      : y
state     : RNDIS_DATA_INITIALIZED
medium    : 0x00000000
speed     : 0
cable     : disconnected
vendor ID : 0x00000000
vendor    : Linux 2.4.25-vrs2/n9604_udc
~ # ifconfig usb0 192.168.2.2
Unable to handle kernel NULL pointer dereference at virtual address 0000002a
Unable to handle kernel NULL pointer dereference at virtual address 00000040
Unable to handle kernel NULL pointer dereference at virtual address 00000040
Unable to handle kernel NULL pointer dereference at virtual address 00000040
Unable to handle kernel NULL pointer dereference at virtual address 00000040

which repeats a lot more

-- 
~~~~~~~~~~~~~~~~~~~~~~~~
     David Meggy
     Engineering

Technical Solutions Inc.
Unit #1 7157 Honeyman St
Delta BC Canada, V4G 1E2
     www.techsol.ca

eMail: [EMAIL PROTECTED]
Tel: 604 946 TECH (8324)
Fax: 604 946 6445
~~~~~~~~~~~~~~~~~~~~~~~~



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

Reply via email to