linux-hardened

History

Mohammed Shafi Shajakhan 61e1b0b00c ath9k: Fix kernel panic in AR2427 Kernel panic occurs just after AR2427 establishes connection with AP. Unless aggregation is enabled we don't initialize the TID structure. Thus accesing the elements of the TID structure when aggregation is disabled, leads to NULL pointer dereferencing. [ 191.320358] Call Trace: [ 191.320364] [<fd250ea7>] ? ath9k_tx+0xa7/0x200 [ath9k] [ 191.320376] [<fd1ec7fc>] ? __ieee80211_tx+0x5c/0x1e0 [mac80211] [ 191.320386] [<fd1edd2b>] ? ieee80211_tx+0x7b/0x90 [mac80211] [ 191.320395] [<fd1edddd>] ? ieee80211_xmit+0x9d/0x1d0 [mac80211] [ 191.320401] [<c014218f>] ? wake_up_state+0xf/0x20 [ 191.320405] [<c015dbc8>] ? signal_wake_up+0x28/0x40 [ 191.320410] [<c012a578>] ? default_spin_lock_flags+0x8/0x10 [ 191.320420] [<fd1ee308>] ? ieee80211_subif_start_xmit+0x2e8/0x7c0 [mac80211] [ 191.320425] [<c058f905>] ? do_page_fault+0x295/0x3a0 [ 191.320431] [<c04c4a3d>] ? dev_hard_start_xmit+0x1ad/0x210 [ 191.320436] [<c04d96b5>] ? sch_direct_xmit+0x105/0x170 [ 191.320445] [<fd1f161a>] ? get_sta_flags+0x2a/0x40 [mac80211] [ 191.320449] [<c04c780f>] ? dev_queue_xmit+0x37f/0x4b0 [ 191.320452] [<c04d75b0>] ? eth_header+0x0/0xb0 [ 191.320456] [<c04cc479>] ? neigh_resolve_output+0xe9/0x310 [ 191.320461] [<c053d295>] ? ip6_output_finish+0xa5/0x110 [ 191.320464] [<c053e354>] ? ip6_output2+0x134/0x250 [ 191.320468] [<c053f7dd>] ? ip6_output+0x6d/0x100 [ 191.320471] [<c0559665>] ? mld_sendpack+0x395/0x3e0 [ 191.320475] [<c0557f81>] ? add_grhead+0x31/0xa0 [ 191.320478] [<c055a83c>] ? mld_send_cr+0x1bc/0x2b0 [ 191.320482] [<c01535d9>] ? irq_exit+0x39/0x70 [ 191.320485] [<c055a940>] ? mld_ifc_timer_expire+0x10/0x40 [ 191.320489] [<c015b92e>] ? run_timer_softirq+0x13e/0x2c0 [ 191.320493] [<c0103a30>] ? common_interrupt+0x30/0x40 [ 191.320498] [<c055a930>] ? mld_ifc_timer_expire+0x0/0x40 [ 191.320502] [<c0153358>] ? __do_softirq+0x98/0x1b0 [ 191.320506] [<c01534b5>] ? do_softirq+0x45/0x50 [ 191.320509] [<c0153605>] ? irq_exit+0x65/0x70 [ 191.320513] [<c05917dc>] ? smp_apic_timer_interrupt+0x5c/0x8b [ 191.320516] [<c0103df1>] ? apic_timer_interrupt+0x31/0x40 [ 191.320521] [<c016007b>] ? k_getrusage+0x12b/0x2f0 [ 191.320525] [<c039e384>] ? acpi_idle_enter_simple+0x117/0x148 [ 191.320529] [<c04a20da>] ? cpuidle_idle_call+0x7a/0x100 [ 191.320532] [<c01021d4>] ? cpu_idle+0x94/0xd0 [ 191.320536] [<c057ab88>] ? rest_init+0x58/0x60 [ 191.320541] [<c07a58ec>] ? start_kernel+0x351/0x357 [ 191.320544] [<c07a53c7>] ? unknown_bootoption+0x0/0x19e [ 191.320548] [<c07a50aa>] ? i386_start_kernel+0xaa/0xb1 [ 191.320550] Code: 03 66 3d 00 03 0f 84 7c 02 00 00 83 c3 18 0f b6 03 8b 4d e0 89 c3 83 e3 0f 6b c3 48 89 5d d8 8d 04 06 8d 50 0c 89 55 d0 8b 40 20 <8b> 00 3b 01 0f 85 8e 02 00 00 f6 47 20 40 0f 84 29 ff ff ff 8b [ 191.320634] EIP: [<fd2586d4>] ath_tx_start+0x474/0x770 [ath9k] SS:ESP 0068:c0761a90 [ 191.320642] CR2: 0000000000000000 [ 191.320647] ---[ end trace 9296ef23b9076ece ]--- [ 191.320650] Kernel panic - not syncing: Fatal exception in interrupt Cc: stable@kernel.org Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>		2011-03-21 15:19:49 -04:00
..
ar9170	mac80211: make tx() operation return void	2011-02-25 15:32:34 -05:00
ath5k	ath5k: implement ieee80211_ops->{get,set}_ringparam	2011-03-11 15:34:18 -05:00
ath9k	ath9k: Fix kernel panic in AR2427	2011-03-21 15:19:49 -04:00
carl9170	Merge branch 'for-davem' of ssh://master.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6	2011-03-04 12:48:25 -08:00
ath.h	ath9k_htc: Add multiple register read API	2011-01-19 11:36:06 -05:00
debug.c
hw.c
Kconfig
key.c	ath: Fix clearing of secondary key cache entry for TKIP	2011-02-04 16:29:52 -05:00
main.c
Makefile
reg.h
regd.c	ath: Add function to check if 4.9GHz channels are allowed	2011-01-28 15:44:26 -05:00
regd.h	ath: Add function to check if 4.9GHz channels are allowed	2011-01-28 15:44:26 -05:00
regd_common.h