Commit b397492a authored by Christian Lamparter's avatar Christian Lamparter Committed by John W. Linville

carl9170: fix virtual interface setup crash

This patch fixes a faulty bound check which caused a
crash when too many virtual interface were brought up.

BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<f8125f67>] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170]
*pde = 00000000
Oops: 0002 [#1] PREEMPT
Modules linked in: carl9170 [...]
Pid: 4720, comm: wpa_supplicant Not tainted 2.6.37-rc2-wl+
EIP: 0060:[<f8125f67>] EFLAGS: 00210206 CPU: 0
EIP is at carl9170_op_add_interface+0x1d7/0x2c0 [carl9170]
EAX: 00000000 ...
Process wpa_supplicant
Stack:
 f4f88f34 fffffff4 ..
Call Trace:
 [<f8f4e666>] ? ieee80211_do_open+0x406/0x5c0 [mac80211]
 [...]
Code: <89> 42 04 ...
EIP: [<f8125f67>] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170]
CR2: 0000000000000004
Signed-off-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 1d8638d4
...@@ -647,7 +647,7 @@ static int carl9170_op_add_interface(struct ieee80211_hw *hw, ...@@ -647,7 +647,7 @@ static int carl9170_op_add_interface(struct ieee80211_hw *hw,
} }
unlock: unlock:
if (err && (vif_id != -1)) { if (err && (vif_id >= 0)) {
vif_priv->active = false; vif_priv->active = false;
bitmap_release_region(&ar->vif_bitmap, vif_id, 0); bitmap_release_region(&ar->vif_bitmap, vif_id, 0);
ar->vifs--; ar->vifs--;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment