mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
2784fe915c
Once we moved the core regulatory request to the queue and let the scheduler process it last_request will have been left NULL until the schedular decides to process the first request. When this happens and we are loading a driver with a custom regulatory request like all Atheros drivers we end up with a NULL pointer dereference. We fix this by checking if the request was a custom one. BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [<ffffffffa016de87>] freq_reg_info_regd.clone.2+0x27/0x130 [cfg80211] PGD 71f91067 PUD 712b2067 PMD 0 Oops: 0000 [#1] PREEMPT SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-1/firmware/2-1/loading CPU 0 Modules linked in: ath9k_htc(+) ath9k_common ath9k_hw ath <etc> Pid: 3094, comm: insmod Tainted: G W 2.6.37-rc5-wl #16 INVALID/28427ZQ RIP: 0010:[<ffffffffa016de87>] [<ffffffffa016de87>] freq_reg_info_regd.clone.2+0x27/0x130 [cfg80211] RSP: 0018:ffff88007045db78 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffffffa047d9a0 RCX: ffff88007045dbd0 RDX: 0000000000004e20 RSI: 000000000024cde0 RDI: ffff8800700483e0 RBP: ffff88007045db98 R08: ffffffffa02f5b40 R09: 0000000000000001 R10: 000000000000000e R11: 0000000000000001 R12: 0000000000000000 R13: ffff88007004e3b0 R14: 0000000000000000 R15: ffff880070048340 FS: 00007f635a707700(0000) GS:ffff880077400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000004 CR3: 00000000708a9000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process insmod (pid: 3094, threadinfo ffff88007045c000, task ffff8800713e3ec0) Stack: ffffffffa047d9a0 0000000000000000 ffff88007004e3b0 0000000000000000 ffff88007045dc08 ffffffffa016e147 000000007045dc08 0000000000000002 ffff8800700483e0 ffffffffa02f5b40 ffff88007045dbd8 0000000000000000 Call Trace: [<ffffffffa016e147>] wiphy_apply_custom_regulatory+0x137/0x1d0 [cfg80211] [<ffffffffa047a690>] ? ath9k_reg_notifier+0x0/0x50 [ath9k_htc] [<ffffffffa02f47f7>] ath_regd_init+0x347/0x430 [ath] [<ffffffffa047b1f5>] ath9k_htc_probe_device+0x6c5/0x960 [ath9k_htc] [<ffffffffa0472a2c>] ath9k_htc_hw_init+0xc/0x30 [ath9k_htc] [<ffffffffa04747e6>] ath9k_hif_usb_probe+0x216/0x3b0 [ath9k_htc] [<ffffffffa03bb6bc>] usb_probe_interface+0x10c/0x210 [usbcore] [<ffffffff812aec26>] driver_probe_device+0x96/0x1c0 [<ffffffff812aedf3>] __driver_attach+0xa3/0xb0 [<ffffffff812aed50>] ? __driver_attach+0x0/0xb0 [<ffffffff812adaae>] bus_for_each_dev+0x5e/0x90 [<ffffffff812ae8c9>] driver_attach+0x19/0x20 [<ffffffff812ae438>] bus_add_driver+0x168/0x320 [<ffffffff812af071>] driver_register+0x71/0x140 [<ffffffff811fc4a8>] ? __raw_spin_lock_init+0x38/0x70 [<ffffffffa03ba39c>] usb_register_driver+0xdc/0x190 [usbcore] [<ffffffffa03a2000>] ? ath9k_htc_init+0x0/0x4f [ath9k_htc] [<ffffffffa047499e>] ath9k_hif_usb_init+0x1e/0x20 [ath9k_htc] [<ffffffffa03a202b>] ath9k_htc_init+0x2b/0x4f [ath9k_htc] [<ffffffff8100212f>] do_one_initcall+0x3f/0x180 [<ffffffff8109ef5b>] sys_init_module+0xbb/0x200 [<ffffffff8100bf52>] system_call_fastpath+0x16/0x1b Code: <etc, who cares> RIP [<ffffffffa016de87>] freq_reg_info_regd.clone.2+0x27/0x130 [cfg80211] RSP <ffff88007045db78> CR2: 0000000000000004 ---[ end trace 79e4193601c8b713 ]--- Reported-by: Sujith Manoharan <Sujith.Manoharan@atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> |
||
---|---|---|
.. | ||
9p | ||
bluetooth | ||
caif | ||
irda | ||
iucv | ||
netfilter | ||
netns | ||
phonet | ||
sctp | ||
tc_act | ||
tipc | ||
act_api.h | ||
addrconf.h | ||
af_ieee802154.h | ||
af_rxrpc.h | ||
af_unix.h | ||
ah.h | ||
arp.h | ||
atmclip.h | ||
ax25.h | ||
ax88796.h | ||
cfg80211.h | ||
checksum.h | ||
cipso_ipv4.h | ||
cls_cgroup.h | ||
compat.h | ||
datalink.h | ||
dcbnl.h | ||
dn.h | ||
dn_dev.h | ||
dn_fib.h | ||
dn_neigh.h | ||
dn_nsp.h | ||
dn_route.h | ||
dsa.h | ||
dsfield.h | ||
dst.h | ||
dst_ops.h | ||
esp.h | ||
ethoc.h | ||
fib_rules.h | ||
flow.h | ||
garp.h | ||
gen_stats.h | ||
genetlink.h | ||
gre.h | ||
icmp.h | ||
ieee80211_radiotap.h | ||
ieee802154.h | ||
ieee802154_netdev.h | ||
if_inet6.h | ||
inet6_connection_sock.h | ||
inet6_hashtables.h | ||
inet_common.h | ||
inet_connection_sock.h | ||
inet_ecn.h | ||
inet_frag.h | ||
inet_hashtables.h | ||
inet_sock.h | ||
inet_timewait_sock.h | ||
inetpeer.h | ||
ip.h | ||
ip6_checksum.h | ||
ip6_fib.h | ||
ip6_route.h | ||
ip6_tunnel.h | ||
ip_fib.h | ||
ip_vs.h | ||
ipcomp.h | ||
ipconfig.h | ||
ipip.h | ||
ipv6.h | ||
ipx.h | ||
iw_handler.h | ||
lapb.h | ||
lib80211.h | ||
llc.h | ||
llc_c_ac.h | ||
llc_c_ev.h | ||
llc_c_st.h | ||
llc_conn.h | ||
llc_if.h | ||
llc_pdu.h | ||
llc_s_ac.h | ||
llc_s_ev.h | ||
llc_s_st.h | ||
llc_sap.h | ||
mac80211.h | ||
mip6.h | ||
mld.h | ||
ndisc.h | ||
neighbour.h | ||
net_namespace.h | ||
netdma.h | ||
netevent.h | ||
netlabel.h | ||
netlink.h | ||
netrom.h | ||
nexthop.h | ||
nl802154.h | ||
p8022.h | ||
pkt_cls.h | ||
pkt_sched.h | ||
protocol.h | ||
psnap.h | ||
raw.h | ||
rawv6.h | ||
red.h | ||
regulatory.h | ||
request_sock.h | ||
rose.h | ||
route.h | ||
rtnetlink.h | ||
sch_generic.h | ||
scm.h | ||
slhc_vj.h | ||
snmp.h | ||
sock.h | ||
stp.h | ||
tcp.h | ||
tcp_states.h | ||
timewait_sock.h | ||
transp_v6.h | ||
udp.h | ||
udplite.h | ||
wext.h | ||
wimax.h | ||
wpan-phy.h | ||
x25.h | ||
x25device.h | ||
xfrm.h |