korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-28 21:45:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
18ae68fff3
linux/drivers/net/wireless/ath
History
Michal Kazior 18ae68fff3 ath10k: fix null deref on wmi-tlv when trying spectral scan 
WMI ops wrappers did not properly check for null
function pointers for spectral scan. This caused
null dereference crash with WMI-TLV based firmware
which doesn't implement spectral scan.

The crash could be triggered with:

  ip link set dev wlan0 up
  echo background > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl

The crash looked like this:

  [  168.031989] BUG: unable to handle kernel NULL pointer dereference at           (null)
  [  168.037406] IP: [<          (null)>]           (null)
  [  168.040395] PGD cdd4067 PUD fa0f067 PMD 0
  [  168.043303] Oops: 0010 [#1] SMP
  [  168.045377] Modules linked in: ath10k_pci(O) ath10k_core(O) ath mac80211 cfg80211 [last unloaded: cfg80211]
  [  168.051560] CPU: 1 PID: 1380 Comm: bash Tainted: G        W  O    4.8.0 #78
  [  168.054336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
  [  168.059183] task: ffff88000c460c00 task.stack: ffff88000d4bc000
  [  168.061736] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
  ...
  [  168.100620] Call Trace:
  [  168.101910]  [<ffffffffa03b9566>] ? ath10k_spectral_scan_config+0x96/0x200 [ath10k_core]
  [  168.104871]  [<ffffffff811386e2>] ? filemap_fault+0xb2/0x4a0
  [  168.106696]  [<ffffffffa03b97e6>] write_file_spec_scan_ctl+0x116/0x280 [ath10k_core]
  [  168.109618]  [<ffffffff812da3a1>] full_proxy_write+0x51/0x80
  [  168.111443]  [<ffffffff811957b8>] __vfs_write+0x28/0x120
  [  168.113090]  [<ffffffff812f1a2d>] ? security_file_permission+0x3d/0xc0
  [  168.114932]  [<ffffffff8109b912>] ? percpu_down_read+0x12/0x60
  [  168.116680]  [<ffffffff811965f8>] vfs_write+0xb8/0x1a0
  [  168.118293]  [<ffffffff81197966>] SyS_write+0x46/0xa0
  [  168.119912]  [<ffffffff818f2972>] entry_SYSCALL_64_fastpath+0x1a/0xa4
  [  168.121737] Code:  Bad RIP value.
  [  168.123318] RIP  [<          (null)>]           (null)

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2016-11-23 15:55:38 +02:00
..
ar5523 net: wireless: ath: ar5523: ar5523: don't print error when allocating urb fails 2016-08-13 14:53:40 -07:00
ath5k ath5k: fix EEPROM dumping via debugfs 2016-09-03 13:02:24 +03:00
ath6kl wireless: fix bogus maybe-uninitialized warning 2016-11-17 08:46:38 +02:00
ath9k ath9k: Switch to using mac80211 intermediate software queues. 2016-11-15 17:00:04 +02:00
ath10k ath10k: fix null deref on wmi-tlv when trying spectral scan 2016-11-23 15:55:38 +02:00
carl9170 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-10-05 10:11:24 -07:00
wcn36xx wcn36xx: Silence error about unsupported smd event 188 2016-07-08 17:04:40 +03:00
wil6210 net: use core MTU range checking in wireless drivers 2016-10-20 14:51:08 -04:00
ath.h ath9k: add a helper to get the string representation of ath_bus_type 2016-11-15 16:55:37 +02:00
debug.c ath: Make ath_opmode_to_string understand OCB mode 2015-08-10 22:21:15 +03:00
dfs_pattern_detector.c ath: constify local structures 2016-09-14 20:01:39 +03:00
dfs_pattern_detector.h ath: use PRI value given by spec for fixed PRI 2015-09-27 15:50:30 +03:00
dfs_pri_detector.c ath: use PRI value given by spec for fixed PRI 2015-09-27 15:50:30 +03:00
dfs_pri_detector.h
hw.c
Kconfig ath: unify Kconfig with other vendors 2015-11-18 14:28:31 +02:00
key.c
main.c ath9k: add a helper to get the string representation of ath_bus_type 2016-11-15 16:55:37 +02:00
Makefile
reg.h
regd_common.h
regd.c ath: export alpha2 helper 2016-10-04 18:01:48 +03:00
regd.h ath: export alpha2 helper 2016-10-04 18:01:48 +03:00
spectral_common.h
trace.c
trace.h