mac80211: fix oops due to missing private data
Luis R. Rodriguez [Fri, 24 Jul 2009 23:57:25 +0000 (19:57 -0400)]
This was caused by patch:

"mac80211: cooperate more with network namespaces"

The version of the patch applied doesn't match Johannes' latest:

http://johannes.sipsolutions.net/patches/kernel/all/LATEST/NNN-mac80211-netns.patch

The skb->cb virtual interface data wasn't being reset for
reuse so ath9k pooped out when trying to dereference the
private rate control info from the skb.

BUG: unable to handle kernel NULL pointer dereference
RIP: 0010:[<ffffffffa0258173>] ath_tx_rc_status+0x33/0x150 [ath9k]
<-- snip etc -->

Reported-by: Davide Pesavento <davidepesa@gmail.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

net/mac80211/tx.c

index edacad1..9e5dff1 100644 (file)
@@ -1170,13 +1170,15 @@ static int __ieee80211_tx(struct ieee80211_local *local,
                }
 
                ret = drv_tx(local, skb);
-               info->control.vif = &sdata->vif;
                if (WARN_ON(ret != NETDEV_TX_OK && skb->len != len)) {
                        dev_kfree_skb(skb);
                        ret = NETDEV_TX_OK;
                }
-               if (ret != NETDEV_TX_OK)
+               if (ret != NETDEV_TX_OK) {
+                       info->control.vif = &sdata->vif;
                        return IEEE80211_TX_AGAIN;
+               }
+
                *skbp = skb = next;
                ieee80211_led_tx(local, 1);
                fragm = true;