subject:"\[PATCH\] rtl8187\: Fix NULL pointer dereference in priv\->conf

Re: [PATCH] rtl8187: Fix NULL pointer dereference in priv->conf_mutex

2018-02-28 Thread Hin-Tak Leung



On Thu, 15/2/18, Sudhir Sreedharan  wrote:

...
 
> Cc: sta...@vger.kernel.org
> Signed-off-by: Sudhir Sreedharan 

Acked-by: Hin-Tak Leung

[PATCH] rtl8187: Fix NULL pointer dereference in priv->conf_mutex

2018-02-14 Thread Sudhir Sreedharan

This can be reproduced by bind/unbind the driver multiple times
in AM3517 board.

Analysis revealed that rtl8187_start() was invoked before probe
finishes(ie. before the mutex is initialized).

 INFO: trying to register non-static key.
 the code is fine but needs lockdep annotation.
 turning off the locking correctness validator.
 CPU: 0 PID: 821 Comm: wpa_supplicant Not tainted 4.9.80-dirty #250
 Hardware name: Generic AM3517 (Flattened Device Tree)
 [] (unwind_backtrace) from [] (show_stack+0x10/0x14)
 [] (show_stack) from [] (register_lock_class+0x4f4/0x55c)
 [] (register_lock_class) from [] 
(__lock_acquire+0x74/0x1938)
 [] (__lock_acquire) from [] (lock_acquire+0xfc/0x23c)
 [] (lock_acquire) from [] (mutex_lock_nested+0x50/0x3b0)
 [] (mutex_lock_nested) from [] (rtl8187_start+0x2c/0xd54)
 [] (rtl8187_start) from [] (drv_start+0xa8/0x320)
 [] (drv_start) from [] (ieee80211_do_open+0x2bc/0x8e4)
 [] (ieee80211_do_open) from [] (__dev_open+0xb8/0x120)
 [] (__dev_open) from [] (__dev_change_flags+0x88/0x14c)
 [] (__dev_change_flags) from [] 
(dev_change_flags+0x18/0x48)
 [] (dev_change_flags) from [] (devinet_ioctl+0x738/0x840)
 [] (devinet_ioctl) from [] (sock_ioctl+0x164/0x2f4)
 [] (sock_ioctl) from [] (do_vfs_ioctl+0x8c/0x9d0)
 [] (do_vfs_ioctl) from [] (SyS_ioctl+0x6c/0x7c)
 [] (SyS_ioctl) from [] (ret_fast_syscall+0x0/0x1c)
 Unable to handle kernel NULL pointer dereference at virtual address 
 pgd = cd1ec000
 [] *pgd=8d1de831, *pte=, *ppte=
 Internal error: Oops: 817 [#1] PREEMPT ARM
 Modules linked in:
 CPU: 0 PID: 821 Comm: wpa_supplicant Not tainted 4.9.80-dirty #250
 Hardware name: Generic AM3517 (Flattened Device Tree)
 task: ce73eec0 task.stack: cd1ea000
 PC is at mutex_lock_nested+0xe8/0x3b0
 LR is at mutex_lock_nested+0xd0/0x3b0

Cc: sta...@vger.kernel.org
Signed-off-by: Sudhir Sreedharan 
---
 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c 
b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
index 121b94f..9a1d15b 100644
--- a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
@@ -1450,6 +1450,7 @@ static int rtl8187_probe(struct usb_interface *intf,
goto err_free_dev;
}
mutex_init(&priv->io_mutex);
+   mutex_init(&priv->conf_mutex);
 
SET_IEEE80211_DEV(dev, &intf->dev);
usb_set_intfdata(intf, dev);
@@ -1625,7 +1626,6 @@ static int rtl8187_probe(struct usb_interface *intf,
printk(KERN_ERR "rtl8187: Cannot register device\n");
goto err_free_dmabuf;
}
-   mutex_init(&priv->conf_mutex);
skb_queue_head_init(&priv->b_tx_status.queue);
 
wiphy_info(dev->wiphy, "hwaddr %pM, %s V%d + %s, rfkill mask %d\n",
-- 
2.6.4

Re: [PATCH] rtl8187: Fix NULL pointer dereference in priv->conf_mutex

[PATCH] rtl8187: Fix NULL pointer dereference in priv->conf_mutex

2 matches

Site Navigation

Mail list logo

Footer information