From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 14 May 2015 08:34:48 +0000 (+0300)
Subject: ath9k_htc: memory corruption calling set_bit()
X-Git-Tag: omap-for-v4.2/fixes-rc1^2~134^2~139^2~30
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=191f1aeeb93bb58e56f4d1868294ae22f3f67d4e;p=pandora-kernel.git

ath9k_htc: memory corruption calling set_bit()

In d8a2c51cdcae ('ath9k_htc: Use atomic operations for op_flags') we
changed things like this:

-	if (priv->op_flags & OP_TSF_RESET) {
+	if (test_bit(OP_TSF_RESET, &priv->op_flags)) {

The problem is that test_bit() takes a bit number and not a mask.  It
means that when we do:

	set_bit(OP_TSF_RESET, &priv->op_flags);

Then it sets the (1 << 6) bit instead of the 6 bit so we are setting a
bit which is past the end of the unsigned long.

Fixes: d8a2c51cdcae ('ath9k_htc: Use atomic operations for op_flags')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---

Reading git-diff-tree failed