* [PATCH] mac80211: fix NULL pointer dereference when ftrace is enabled
@ 2010-01-26 7:58 Zhu Yi
2010-01-26 8:09 ` Johannes Berg
0 siblings, 1 reply; 2+ messages in thread
From: Zhu Yi @ 2010-01-26 7:58 UTC (permalink / raw)
To: linville; +Cc: linux-wireless, Zhu Yi, Johannes Berg, stable
I got below kernel oops when I try to bring down the network interface if
ftrace is enabled. The root cause is drv_ampdu_action() is passed with a
NULL ssn pointer in the BA session tear down case. We need to check and
avoid dereferencing it in trace entry assignment.
BUG: unable to handle kernel NULL pointer dereference
Modules linked in: at (null)
IP: [<f98fe02a>] ftrace_raw_event_drv_ampdu_action+0x10a/0x160 [mac80211]
*pde = 00000000
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[...]
Call Trace:
[<f98fdf20>] ? ftrace_raw_event_drv_ampdu_action+0x0/0x160 [mac80211]
[<f98dac4c>] ? __ieee80211_stop_rx_ba_session+0xfc/0x220 [mac80211]
[<f98d97fb>] ? ieee80211_sta_tear_down_BA_sessions+0x3b/0x50 [mac80211]
[<f98dc6f6>] ? ieee80211_set_disassoc+0xe6/0x230 [mac80211]
[<f98dc6ac>] ? ieee80211_set_disassoc+0x9c/0x230 [mac80211]
[<f98dcbb8>] ? ieee80211_mgd_deauth+0x158/0x170 [mac80211]
[<f98e4bdb>] ? ieee80211_deauth+0x1b/0x20 [mac80211]
[<f8987f49>] ? __cfg80211_mlme_deauth+0xe9/0x120 [cfg80211]
[<f898b870>] ? __cfg80211_disconnect+0x170/0x1d0 [cfg80211]
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: stable@kernel.org
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
---
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index fefa6e6..502424b 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -708,7 +708,7 @@ TRACE_EVENT(drv_ampdu_action,
__entry->ret = ret;
__entry->action = action;
__entry->tid = tid;
- __entry->ssn = *ssn;
+ __entry->ssn = ssn ? *ssn : 0;
),
TP_printk(
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mac80211: fix NULL pointer dereference when ftrace is enabled
2010-01-26 7:58 [PATCH] mac80211: fix NULL pointer dereference when ftrace is enabled Zhu Yi
@ 2010-01-26 8:09 ` Johannes Berg
0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2010-01-26 8:09 UTC (permalink / raw)
To: Zhu Yi; +Cc: linville, linux-wireless, stable
[-- Attachment #1: Type: text/plain, Size: 466 bytes --]
On Tue, 2010-01-26 at 15:58 +0800, Zhu Yi wrote:
> I got below kernel oops when I try to bring down the network interface if
> ftrace is enabled. The root cause is drv_ampdu_action() is passed with a
> NULL ssn pointer in the BA session tear down case. We need to check and
> avoid dereferencing it in trace entry assignment.
> __entry->tid = tid;
> - __entry->ssn = *ssn;
> + __entry->ssn = ssn ? *ssn : 0;
> ),
Good catch, thanks.
johannes
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-01-26 8:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-26 7:58 [PATCH] mac80211: fix NULL pointer dereference when ftrace is enabled Zhu Yi
2010-01-26 8:09 ` Johannes Berg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.