提交 b397492a 编写于 作者: C Christian Lamparter 提交者: John W. Linville

carl9170: fix virtual interface setup crash

This patch fixes a faulty bound check which caused a
crash when too many virtual interface were brought up.

BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<f8125f67>] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170]
*pde = 00000000
Oops: 0002 [#1] PREEMPT
Modules linked in: carl9170 [...]
Pid: 4720, comm: wpa_supplicant Not tainted 2.6.37-rc2-wl+
EIP: 0060:[<f8125f67>] EFLAGS: 00210206 CPU: 0
EIP is at carl9170_op_add_interface+0x1d7/0x2c0 [carl9170]
EAX: 00000000 ...
Process wpa_supplicant
Stack:
 f4f88f34 fffffff4 ..
Call Trace:
 [<f8f4e666>] ? ieee80211_do_open+0x406/0x5c0 [mac80211]
 [...]
Code: <89> 42 04 ...
EIP: [<f8125f67>] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170]
CR2: 0000000000000004
Signed-off-by: NChristian Lamparter <chunkeey@googlemail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
上级 1d8638d4
......@@ -647,7 +647,7 @@ static int carl9170_op_add_interface(struct ieee80211_hw *hw,
}
unlock:
if (err && (vif_id != -1)) {
if (err && (vif_id >= 0)) {
vif_priv->active = false;
bitmap_release_region(&ar->vif_bitmap, vif_id, 0);
ar->vifs--;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册