summaryrefslogtreecommitdiffstats
path: root/block/scsi_ioctl.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2011-11-10 06:55:05 -0800
committerJohn W. Linville <linville@tuxdriver.com>2011-11-11 12:32:52 -0500
commitaed0fd4acd9b1a4fa042ea65f5de697996f6ac7f (patch)
tree120fd648461bbfd8e771e5952d169cecd75a1f71 /block/scsi_ioctl.c
parentb2ccccdca46273c7b321ecf5041c362cd950da20 (diff)
iwlagn: fix NULL ptr deref when reprogramming sta w/o LQ
Reinette reports a crash in iwl_reprogram_ap_sta(). The debugging shows: b1 16 mov $0x16,%cl *f3 a5 rep movsl %ds <-- trapping instruction:(%rsi),%es:(%rdi) which is a memcpy of 22 (0x16) words (movsl). this points to "priv->stations[sta_id].lq" being NULL since that is the memcpy() of that size here. The only way I see for this to happen is if we try to do some RXON reprogramming while connecting to an AP, after tx_sync() but before full setup, but that seems like something that might very well happen. Fix this by checking if the LQ is present and only then reprogramming it. Reported-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'block/scsi_ioctl.c')
0 files changed, 0 insertions, 0 deletions