recipes/pandora-system/wl1251-modules/0004-wl1251-fix-potential-crash.patch

   1 From 4ce94ca87dfe4d0702cba031092443e3bb31686a Mon Sep 17 00:00:00 2001
   2 From: Grazvydas Ignotas <notasas@gmail.com>
   3 Date: Tue, 9 Mar 2010 22:34:10 +0200
   4 Subject: [PATCH 4/5] wl1251: fix potential crash
   5
   6 In case debugfs does not init for some reason (or is disabled
   7 on older kernels) driver does not allocate stats.fw_stats
   8 structure, but tries to clear it later and trips on a NULL
   9 pointer:
  10
  11 Unable to handle kernel NULL pointer dereference at virtual address
  12 00000000
  13 PC is at __memzero+0x24/0x80
  14 Backtrace:
  15 [<bf0ddb88>] (wl1251_debugfs_reset+0x0/0x30 [wl1251])
  16 [<bf0d6a2c>] (wl1251_op_stop+0x0/0x12c [wl1251])
  17 [<bf0bc228>] (ieee80211_stop_device+0x0/0x74 [mac80211])
  18 [<bf0b0d10>] (ieee80211_stop+0x0/0x4ac [mac80211])
  19 [<c02deeac>] (dev_close+0x0/0xb4)
  20 [<c02deac0>] (dev_change_flags+0x0/0x184)
  21 [<c031f478>] (devinet_ioctl+0x0/0x704)
  22 [<c0320720>] (inet_ioctl+0x0/0x100)
  23
  24 Add a NULL pointer check to fix this.
  25
  26 Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
  27 ---
  28  drivers/net/wireless/wl12xx/wl1251_debugfs.c |    3 ++-
  29  1 files changed, 2 insertions(+), 1 deletions(-)
  30
  31 diff --git a/drivers/net/wireless/wl12xx/wl1251_debugfs.c b/drivers/net/wireless/wl12xx/wl1251_debugfs.c
  32 index 0ccba57..05e4d68 100644
  33 --- a/drivers/net/wireless/wl12xx/wl1251_debugfs.c
  34 +++ b/drivers/net/wireless/wl12xx/wl1251_debugfs.c
  35 @@ -466,7 +466,8 @@ out:
  36
  37  void wl1251_debugfs_reset(struct wl1251 *wl)
  38  {
  39 -       memset(wl->stats.fw_stats, 0, sizeof(*wl->stats.fw_stats));
  40 +       if (wl->stats.fw_stats != NULL)
  41 +               memset(wl->stats.fw_stats, 0, sizeof(*wl->stats.fw_stats));
  42         wl->stats.retry_count = 0;
  43         wl->stats.excessive_retries = 0;
  44  }
  45 --
  46 1.6.3.3
  47