Stanislaw Gruszka d6b0fa557a rt2x00: fix crash in rt2800usb_get_txwi ... commit 674db13444 upstream. Patch should fix this oops: BUG: unable to handle kernel NULL pointer dereference at 000000a0 IP: [<f81b30c9>] rt2800usb_get_txwi+0x19/0x70 [rt2800usb] *pdpt = 0000000000000000 *pde = f000ff53f000ff53 Oops: 0000 [#1] SMP Pid: 198, comm: kworker/u:3 Tainted: G W 3.0.0-wl+ #9 LENOVO 6369CTO/6369CTO EIP: 0060:[<f81b30c9>] EFLAGS: 00010283 CPU: 1 EIP is at rt2800usb_get_txwi+0x19/0x70 [rt2800usb] EAX: 00000000 EBX: f465e140 ECX: f4494960 EDX: ef24c5f8 ESI: 810f21f5 EDI: f1da9960 EBP: f4581e80 ESP: f4581e70 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process kworker/u:3 (pid: 198, ti=f4580000 task=f4494960 task.ti=f4580000) Call Trace: [<f804790f>] rt2800_txdone_entry+0x2f/0xf0 [rt2800lib] [<c045110d>] ? warn_slowpath_common+0x7d/0xa0 [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb] [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb] [<f81b3a13>] rt2800usb_work_txdone+0x263/0x360 [rt2800usb] [<c046a8d6>] process_one_work+0x186/0x440 [<c046a85a>] ? process_one_work+0x10a/0x440 [<f81b37b0>] ? rt2800usb_probe_hw+0x120/0x120 [rt2800usb] [<c046c283>] worker_thread+0x133/0x310 [<c04885db>] ? trace_hardirqs_on+0xb/0x10 [<c046c150>] ? manage_workers+0x1e0/0x1e0 [<c047054c>] kthread+0x7c/0x90 [<c04704d0>] ? __init_kthread_worker+0x60/0x60 [<c0826b42>] kernel_thread_helper+0x6/0x1 Oops might happen because we check rt2x00queue_empty(queue) twice, but this condition can change and we can process entry in rt2800_txdone_entry(), which was already processed by rt2800usb_txdone_entry_check() -> rt2x00lib_txdone_noinfo() and has nullify entry->skb . Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>		2011-10-03 11:39:58 -07:00
..
accessibility
acpi	Merge branches 'd3cold', 'bugzilla-37412' and 'bugzilla-38152' into release	2011-07-14 00:16:38 -04:00
amba	ARM: 6829/1: amba: make hardcoded periphid override hardware	2011-05-26 10:33:34 +01:00
ata	pata_via: disable ATAPI DMA on AVERATEC 3200	2011-10-03 11:39:57 -07:00
atm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2011-05-20 13:43:21 -07:00
auxdisplay
base	mm: Move definition of MIN_MEMORY_BLOCK_SIZE to a header	2011-07-12 11:08:01 +10:00
bcma	drivers/bcma/host_pci.c needs slab.h	2011-05-26 17:12:32 -07:00
block	xen-blkfront: Fix one off warning about name clash	2011-08-29 13:29:11 -07:00
bluetooth	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into for-davem	2011-06-17 12:40:36 -04:00
cdrom	block: fix mismerge of the DISK_EVENT_MEDIA_CHANGE removal	2011-06-02 05:29:19 +09:00
char	net: Compute protocol sequence numbers and fragment IDs using MD5.	2011-08-15 18:31:35 -07:00
clk
clocksource	Revert "clocksource: sh_cmt: Runtime PM support"	2011-05-31 15:26:42 +09:00
connector	Connector: Correctly set the error code in case of success when dispatching receive callbacks	2011-06-07 12:02:00 -07:00
cpufreq	[CPUFREQ] fix cpumask memory leak in acpi-cpufreq on cpu hotplug.	2011-07-10 17:03:04 -04:00
cpuidle	Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6	2011-05-29 11:18:09 -07:00
crypto	crypto: caam - fix operator precedence in shared descriptor allocation	2011-06-30 07:43:27 +08:00
dca
dio
dma	dmaengine: shdma: SH_DMAC_MAX_CHANNELS message fix	2011-06-14 15:03:07 +09:00
edac	i7core_edac: fixed typo in error count calculation	2011-08-29 13:29:06 -07:00
eisa
firewire	firewire: cdev: prevent race between first get_info ioctl and bus reset event queuing	2011-08-04 21:58:34 -07:00
firmware	drivers/firmware/sigma.c needs MODULE_LICENSE	2011-08-04 21:58:38 -07:00
gpio	gpio: wm831x: add a missing break in wm831x_gpio_dbg_show	2011-07-15 14:03:30 -06:00
gpu	drm/radeon: Extended DDC Probing for Toshiba L300D Radeon Mobility X1100 HDMI-A Connector	2011-08-29 13:29:15 -07:00
hid	HID: hid-multitouch: add support for a new Lumio dual-touch panel	2011-06-24 13:41:11 +02:00
hwmon	hwmon: (ibmaem) add missing kfree	2011-08-17 10:55:53 -07:00
hwspinlock
i2c	Merge branch 'for-30-rc5/all-i2c' of git://git.fluff.org/bjdooks/linux	2011-07-07 16:29:29 -07:00
ide	ide-cd: signedness warning fix again	2011-06-11 15:06:48 -07:00
idle
ieee802154
infiniband	IB/srp: Avoid duplicate devices from LUN scan	2011-08-04 21:58:34 -07:00
input	input: pmic8xxx-pwrkey: Do not use mfd_get_data()	2011-07-05 10:38:43 +02:00
isdn	net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared	2011-08-15 18:31:38 -07:00
leds	drivers/leds/leds-pca9532.c: change driver name to be unique	2011-07-08 21:14:44 -07:00
lguest
macintosh	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2011-05-23 09:12:26 -07:00
mca
md	dm: fix idr leak on module removal	2011-08-04 21:58:43 -07:00
media	si4713-i2c: avoid potential buffer overflow on si4713	2011-07-18 09:12:21 -07:00
memstick
message	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2011-05-23 09:12:26 -07:00
mfd	w1: ds1wm: add a reset recovery parameter	2011-07-08 21:14:44 -07:00
misc	geode: reflect mfgpt dependency on mfd	2011-08-04 21:58:38 -07:00
mmc	mmc: sdhci: fix retuning timer wrongly deleted in sdhci_tasklet_finish	2011-08-29 13:29:16 -07:00
mtd	powerpc/85xx: fix NAND_CMD_READID read bytes number	2011-06-22 06:08:48 -05:00
net	rt2x00: fix crash in rt2800usb_get_txwi	2011-10-03 11:39:58 -07:00
nfc
nubus
of	Merge branch 'devicetree/arm-next' of git://git.secretlab.ca/git/linux-2.6 into devel-stable	2011-05-25 00:08:17 +01:00
oprofile	oprofile: Fix locking dependency in sync_start()	2011-05-31 16:33:34 +02:00
parisc
parport	Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6	2011-05-26 13:19:00 -07:00
pci	PCI: ARI is a PCIe v2 feature	2011-08-04 21:58:38 -07:00
pcmcia	pcmcia: pxa2xx/vpac270: free gpios on exist rather than requesting	2011-07-11 14:26:34 +08:00
platform	asus-wmi: return proper value in store_cpufv()	2011-08-15 18:31:35 -07:00
pnp
power	Merge git://git.infradead.org/battery-2.6	2011-05-27 10:12:35 -07:00
pps
ps3
ptp	ptp: Fix some locking bugs in ptp_read()	2011-06-01 19:29:10 -07:00
rapidio	rapidio: fix use of non-compatible registers	2011-10-03 11:39:46 -07:00
regulator	regulator: max8997: Fix setting inappropriate value for ramp_delay variable	2011-07-08 19:14:58 +01:00
rtc	drivers/rtc/rtc-tegra.c: properly initialize spinlock	2011-08-04 21:58:32 -07:00
s390	[S390] qdio: Split SBAL entry flags	2011-06-06 14:14:56 +02:00
sbus
scsi	mpt2sas: Fixed Big Indian Issues on 32 bit PPC	2011-08-15 18:31:39 -07:00
sfi
sh	drivers: sh: resume enabled clocks fix	2011-06-14 15:15:25 +09:00
sn
spi	spi/s3c64xx: Bug fix for SPI with different FIFO level	2011-07-06 15:03:08 +09:00
ssb	ssb: fix init regression of hostmode PCI core	2011-07-07 13:06:08 -04:00
staging	staging: rtl8192u: declare MODULE_FIRMWARE	2011-08-17 10:55:50 -07:00
target	tcm_fc: Fix conversion spec warning	2011-06-24 00:09:16 +00:00
tc
telephony
thermal
tty	TTY: pty, fix pty counting	2011-10-03 11:39:49 -07:00
uio
usb	xhci: Handle zero-length isochronous packets.	2011-10-03 11:39:54 -07:00
uwb
vhost	vhost: support event index	2011-05-30 11:14:15 +09:30
video	savagedb: Fix typo causing regression in savage4 series video chip detection	2011-10-03 11:39:57 -07:00
virtio	virtio: add api for delayed callbacks	2011-05-30 11:14:16 +09:30
vlynq
w1	w1: ds1wm: add a reset recovery parameter	2011-07-08 21:14:44 -07:00
watchdog	watchdog: shwdt: fix usage of mod_timer	2011-08-04 21:58:42 -07:00
xen	Merge branch 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen	2011-06-20 09:01:33 -07:00
zorro
Kconfig	ptp: Added a brand new class driver for ptp clocks.	2011-05-23 13:01:00 -07:00
Makefile	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx	2011-05-28 12:35:15 -07:00