This is a note to let you know that I've just added the patch titled
ath9k: Fix kernel panic in AR2427
to the 2.6.38-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ath9k-fix-kernel-panic-in-ar2427.patch
and it can be found in the queue-2.6.38 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 61e1b0b00c793ad5a32fe2181c9f77115fed5dc4 Mon Sep 17 00:00:00 2001
From: Mohammed Shafi Shajakhan <[email protected]>
Date: Mon, 21 Mar 2011 18:27:21 +0530
Subject: ath9k: Fix kernel panic in AR2427
From: Mohammed Shafi Shajakhan <[email protected]>
commit 61e1b0b00c793ad5a32fe2181c9f77115fed5dc4 upstream.
Kernel panic occurs just after AR2427 establishes connection with AP.
Unless aggregation is enabled we don't initialize the TID structure.
Thus accesing the elements of the TID structure when aggregation is
disabled, leads to NULL pointer dereferencing.
[ 191.320358] Call Trace:
[ 191.320364] [<fd250ea7>] ? ath9k_tx+0xa7/0x200 [ath9k]
[ 191.320376] [<fd1ec7fc>] ? __ieee80211_tx+0x5c/0x1e0 [mac80211]
[ 191.320386] [<fd1edd2b>] ? ieee80211_tx+0x7b/0x90 [mac80211]
[ 191.320395] [<fd1edddd>] ? ieee80211_xmit+0x9d/0x1d0 [mac80211]
[ 191.320401] [<c014218f>] ? wake_up_state+0xf/0x20
[ 191.320405] [<c015dbc8>] ? signal_wake_up+0x28/0x40
[ 191.320410] [<c012a578>] ? default_spin_lock_flags+0x8/0x10
[ 191.320420] [<fd1ee308>] ? ieee80211_subif_start_xmit+0x2e8/0x7c0
[mac80211]
[ 191.320425] [<c058f905>] ? do_page_fault+0x295/0x3a0
[ 191.320431] [<c04c4a3d>] ? dev_hard_start_xmit+0x1ad/0x210
[ 191.320436] [<c04d96b5>] ? sch_direct_xmit+0x105/0x170
[ 191.320445] [<fd1f161a>] ? get_sta_flags+0x2a/0x40 [mac80211]
[ 191.320449] [<c04c780f>] ? dev_queue_xmit+0x37f/0x4b0
[ 191.320452] [<c04d75b0>] ? eth_header+0x0/0xb0
[ 191.320456] [<c04cc479>] ? neigh_resolve_output+0xe9/0x310
[ 191.320461] [<c053d295>] ? ip6_output_finish+0xa5/0x110
[ 191.320464] [<c053e354>] ? ip6_output2+0x134/0x250
[ 191.320468] [<c053f7dd>] ? ip6_output+0x6d/0x100
[ 191.320471] [<c0559665>] ? mld_sendpack+0x395/0x3e0
[ 191.320475] [<c0557f81>] ? add_grhead+0x31/0xa0
[ 191.320478] [<c055a83c>] ? mld_send_cr+0x1bc/0x2b0
[ 191.320482] [<c01535d9>] ? irq_exit+0x39/0x70
[ 191.320485] [<c055a940>] ? mld_ifc_timer_expire+0x10/0x40
[ 191.320489] [<c015b92e>] ? run_timer_softirq+0x13e/0x2c0
[ 191.320493] [<c0103a30>] ? common_interrupt+0x30/0x40
[ 191.320498] [<c055a930>] ? mld_ifc_timer_expire+0x0/0x40
[ 191.320502] [<c0153358>] ? __do_softirq+0x98/0x1b0
[ 191.320506] [<c01534b5>] ? do_softirq+0x45/0x50
[ 191.320509] [<c0153605>] ? irq_exit+0x65/0x70
[ 191.320513] [<c05917dc>] ? smp_apic_timer_interrupt+0x5c/0x8b
[ 191.320516] [<c0103df1>] ? apic_timer_interrupt+0x31/0x40
[ 191.320521] [<c016007b>] ? k_getrusage+0x12b/0x2f0
[ 191.320525] [<c039e384>] ? acpi_idle_enter_simple+0x117/0x148
[ 191.320529] [<c04a20da>] ? cpuidle_idle_call+0x7a/0x100
[ 191.320532] [<c01021d4>] ? cpu_idle+0x94/0xd0
[ 191.320536] [<c057ab88>] ? rest_init+0x58/0x60
[ 191.320541] [<c07a58ec>] ? start_kernel+0x351/0x357
[ 191.320544] [<c07a53c7>] ? unknown_bootoption+0x0/0x19e
[ 191.320548] [<c07a50aa>] ? i386_start_kernel+0xaa/0xb1
[ 191.320550] Code: 03 66 3d 00 03 0f 84 7c 02 00 00 83 c3 18 0f b6 03
8b 4d e0 89 c3 83 e3 0f 6b c3 48 89 5d d8 8d 04 06 8d 50 0c 89 55 d0 8b
40 20 <8b> 00 3b 01 0f 85 8e 02 00 00 f6 47 20 40 0f 84 29 ff ff ff 8b
[ 191.320634] EIP: [<fd2586d4>] ath_tx_start+0x474/0x770 [ath9k] SS:ESP
0068:c0761a90
[ 191.320642] CR2: 0000000000000000
[ 191.320647] ---[ end trace 9296ef23b9076ece ]---
[ 191.320650] Kernel panic - not syncing: Fatal exception in interrupt
Signed-off-by: Mohammed Shafi Shajakhan <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/wireless/ath/ath9k/xmit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -1699,8 +1699,8 @@ static void ath_tx_start_dma(struct ath_
u8 tidno;
spin_lock_bh(&txctl->txq->axq_lock);
-
- if (ieee80211_is_data_qos(hdr->frame_control) && txctl->an) {
+ if ((sc->sc_flags & SC_OP_TXAGGR) && txctl->an &&
+ ieee80211_is_data_qos(hdr->frame_control)) {
tidno = ieee80211_get_qos_ctl(hdr)[0] &
IEEE80211_QOS_CTL_TID_MASK;
tid = ATH_AN_2_TID(txctl->an, tidno);
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.38/ath9k-fix-kernel-panic-in-ar2427.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
