From b397492a8c1022887a9b2fb925fe92e69ce0ad4d Mon Sep 17 00:00:00 2001 From: Christian Lamparter Date: Sat, 20 Nov 2010 13:15:27 +0100 Subject: [PATCH] carl9170: fix virtual interface setup crash This patch fixes a faulty bound check which caused a crash when too many virtual interface were brought up. BUG: unable to handle kernel NULL pointer dereference at 00000004 IP: [] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170] *pde = 00000000 Oops: 0002 [#1] PREEMPT Modules linked in: carl9170 [...] Pid: 4720, comm: wpa_supplicant Not tainted 2.6.37-rc2-wl+ EIP: 0060:[] EFLAGS: 00210206 CPU: 0 EIP is at carl9170_op_add_interface+0x1d7/0x2c0 [carl9170] EAX: 00000000 ... Process wpa_supplicant Stack: f4f88f34 fffffff4 .. Call Trace: [] ? ieee80211_do_open+0x406/0x5c0 [mac80211] [...] Code: <89> 42 04 ... EIP: [] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170] CR2: 0000000000000004 Signed-off-by: Christian Lamparter Signed-off-by: John W. Linville --- drivers/net/wireless/ath/carl9170/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/carl9170/main.c b/drivers/net/wireless/ath/carl9170/main.c index 980ae70ea424..a314c2c2bfbe 100644 --- a/drivers/net/wireless/ath/carl9170/main.c +++ b/drivers/net/wireless/ath/carl9170/main.c @@ -647,7 +647,7 @@ static int carl9170_op_add_interface(struct ieee80211_hw *hw, } unlock: - if (err && (vif_id != -1)) { + if (err && (vif_id >= 0)) { vif_priv->active = false; bitmap_release_region(&ar->vif_bitmap, vif_id, 0); ar->vifs--; -- GitLab