linux/drivers
Bob Copeland b6855772f4 ath5k: initialize ah->ah_current_channel
ath5k assumes ah_current_channel is always a valid pointer in
several places, but a newly created interface may not have a
channel.  To avoid null pointer dereferences, set it up to point
to the first available channel until later reconfigured.

This fixes the following oops:
$ rmmod ath5k
$ insmod ath5k
$ iw phy0 set distance 11000

BUG: unable to handle kernel NULL pointer dereference at 00000006
IP: [<d0a1ff24>] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k]
*pde = 00000000
Oops: 0000 [#1]
last sysfs file: /sys/devices/pci0000:00/0000:00:0e.0/ieee80211/phy0/index
Modules linked in: usbhid option usb_storage usbserial usblp evdev lm90
scx200_acb i2c_algo_bit i2c_dev i2c_core via_rhine ohci_hcd ne2k_pci
8390 leds_alix2 xt_IMQ imq nf_nat_tftp nf_conntrack_tftp nf_nat_irc nf_cc

Pid: 1597, comm: iw Not tainted (2.6.32.14 #8)
EIP: 0060:[<d0a1ff24>] EFLAGS: 00010296 CPU: 0
EIP is at ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k]
EAX: 000000c2 EBX: 00000000 ECX: ffffffff EDX: c12d2080
ESI: 00000019 EDI: cf8c0000 EBP: d0a30edc ESP: cfa09bf4
  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process iw (pid: 1597, ti=cfa09000 task=cf88a000 task.ti=cfa09000)
Stack:
  d0a34f35 d0a353f8 d0a30edc 000000fe cf8c0000 00000000 1900063d cfa8c9e0
<0> cfa8c9e8 cfa8c0c0 cfa8c000 d0a27f0c 199d84b4 cfa8c200 00000010 d09bfdc7
<0> 00000000 00000000 ffffffff d08e0d28 cf9263c0 00000001 cfa09cc4 00000000
Call Trace:
  [<d0a27f0c>] ? ath5k_hw_attach+0xc8c/0x3c10 [ath5k]
  [<d09bfdc7>] ? __ieee80211_request_smps+0x1347/0x1580 [mac80211]
  [<d08e0d28>] ? nl80211_send_scan_start+0x7b8/0x4520 [cfg80211]
  [<c10f5db9>] ? nla_parse+0x59/0xc0
  [<c11ca8d9>] ? genl_rcv_msg+0x169/0x1a0
  [<c11ca770>] ? genl_rcv_msg+0x0/0x1a0
  [<c11c7e68>] ? netlink_rcv_skb+0x38/0x90
  [<c11c9649>] ? genl_rcv+0x19/0x30
  [<c11c7c03>] ? netlink_unicast+0x1b3/0x220
  [<c11c893e>] ? netlink_sendmsg+0x26e/0x290
  [<c11a409e>] ? sock_sendmsg+0xbe/0xf0
  [<c1032780>] ? autoremove_wake_function+0x0/0x50
  [<c104d846>] ? __alloc_pages_nodemask+0x106/0x530
  [<c1074933>] ? do_lookup+0x53/0x1b0
  [<c10766f9>] ? __link_path_walk+0x9b9/0x9e0
  [<c11acab0>] ? verify_iovec+0x50/0x90
  [<c11a42b1>] ? sys_sendmsg+0x1e1/0x270
  [<c1048e50>] ? find_get_page+0x10/0x50
  [<c104a96f>] ? filemap_fault+0x5f/0x370
  [<c1059159>] ? __do_fault+0x319/0x370
  [<c11a55b4>] ? sys_socketcall+0x244/0x290
  [<c101962c>] ? do_page_fault+0x1ec/0x270
  [<c1019440>] ? do_page_fault+0x0/0x270
  [<c1002ae5>] ? syscall_call+0x7/0xb
Code: 00 b8 fe 00 00 00 b9 f8 53 a3 d0 89 5c 24 14 89 7c 24 10 89 44 24
0c 89 6c 24 08 89 4c 24 04 c7 04 24 35 4f a3 d0 e8 7c 30 60 f0 <0f> b7
43 06 ba 06 00 00 00 a8 10 75 0e 83 e0 20 83 f8 01 19 d2
EIP: [<d0a1ff24>] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k] SS:ESP
0068:cfa09bf4
CR2: 0000000000000006
---[ end trace 54f73d6b10ceb87b ]---

Cc: stable@kernel.org
Reported-by: Steve Brown <sbrown@cortland.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-06-18 14:59:10 -04:00
..
accessibility
acpi Merge branch 'acpica' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2010-05-20 09:45:38 -07:00
amba
ata Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev 2010-05-20 09:27:37 -07:00
atm atm: select FW_LOADER in Kconfig for solos-pci 2010-05-17 17:44:36 -07:00
auxdisplay
base Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6 2010-05-20 09:03:55 -07:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
cdrom
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-05-20 10:33:06 -07:00
clocksource Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-05-19 17:10:57 -07:00
connector
cpufreq Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-05-18 08:49:13 -07:00
cpuidle PM QOS update 2010-05-10 23:08:19 +02:00
crypto
dca
dio
dma Merge git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2010-05-19 11:36:03 -07:00
edac
eisa
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
firmware
gpio Merge branch 'topic/asoc' into for-linus 2010-05-20 12:00:43 +02:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
hid USB: rename usb_buffer_alloc() and usb_buffer_free() users 2010-05-20 13:21:38 -07:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-05-11 17:38:04 -07:00
i2c Merge branch 'for-linus/i2c-2635' of git://git.fluff.org/bjdooks/linux 2010-05-20 09:41:17 -07:00
ide pcmcia: dev_node removal (drivers with updated printk call) 2010-05-10 10:23:15 +02:00
idle
ieee1394
ieee802154
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
input Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2010-05-20 21:26:12 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
leds
lguest
macintosh
mca
md md: restore ability of spare drives to spin down. 2010-05-07 21:10:57 +10:00
media Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2010-05-20 21:26:12 -07:00
memstick
message
mfd Merge branch 'topic/asoc' into for-linus 2010-05-20 12:00:43 +02:00
misc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
mmc Merge branch 'devel' of master.kernel.org:/home/rmk/linux-2.6-arm 2010-05-19 11:37:22 -07:00
mtd pcmcia: dev_node removal (write-only drivers) 2010-05-10 10:23:14 +02:00
net ath5k: initialize ah->ah_current_channel 2010-06-18 14:59:10 -04:00
nubus
of
oprofile
parisc
parport pcmcia: dev_node removal (write-only drivers) 2010-05-10 10:23:14 +02:00
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2010-05-20 09:09:46 -07:00
platform
pnp Merge branches 'bugzilla-14337', 'bugzilla-14998', 'bugzilla-15407', 'bugzilla-15903' and 'misc-2.6.34' into release 2010-05-06 22:04:31 -04:00
power
pps
ps3
rapidio
regulator Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
rtc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
serial Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6 2010-05-20 09:09:46 -07:00
sfi
sh sh: simplify WARN usage in SH clock driver 2010-05-13 17:43:11 +09:00
sn
spi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-05-20 09:20:59 -07:00
ssb ssb: fix NULL ptr deref when pcihost_wrapper is used 2010-05-28 13:57:01 -04:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2010-05-20 21:26:12 -07:00
tc
telephony pcmcia: dev_node removal (write-only drivers) 2010-05-10 10:23:14 +02:00
thermal
uio
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2010-05-20 21:26:12 -07:00
uwb
vhost Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-05-16 22:26:58 -07:00
video Merge branch 'viafb-next' of git://git.lwn.net/linux-2.6 2010-05-20 13:34:17 -07:00
virtio
vlynq vlynq: make whole Kconfig-menu dependant on architecture 2010-05-14 16:59:54 +02:00
w1
watchdog USB: rename usb_buffer_alloc() and usb_buffer_free() users 2010-05-20 13:21:38 -07:00
xen stop_machine: reimplement using cpu_stop 2010-05-06 18:49:20 +02:00
zorro m68k: amiga - Zorro host bridge platform device conversion 2010-05-17 21:37:42 +02:00
Kconfig
Makefile virtio: initialize earlier 2010-05-07 14:01:17 -07:00