iwlwifi: fix possible read attempt on ucode that is not available
Reinette Chatre [Mon, 21 Jan 2008 18:08:31 +0000 (10:08 -0800)]
This fixes a NULL pointer dereference that can occur when the
ucode is not loaded at the time __iwl_up is called.

The problem was reported at http://kerneloops.org/raw.php?rawid=2765&msgid=

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

drivers/net/wireless/iwlwifi/iwl3945-base.c
drivers/net/wireless/iwlwifi/iwl4965-base.c

index 1a6b0e0..0b3ec7e 100644 (file)
@@ -6342,6 +6342,11 @@ static int __iwl_up(struct iwl_priv *priv)
                return 0;
        }
 
+       if (!priv->ucode_data_backup.v_addr || !priv->ucode_data.v_addr) {
+               IWL_ERROR("ucode not available for device bringup\n");
+               return -EIO;
+       }
+
        iwl_write32(priv, CSR_INT, 0xFFFFFFFF);
 
        rc = iwl_hw_nic_init(priv);
index 6cd57c2..15a45f4 100644 (file)
@@ -6698,6 +6698,11 @@ static int __iwl_up(struct iwl_priv *priv)
                return 0;
        }
 
+       if (!priv->ucode_data_backup.v_addr || !priv->ucode_data.v_addr) {
+               IWL_ERROR("ucode not available for device bringup\n");
+               return -EIO;
+       }
+
        iwl_write32(priv, CSR_INT, 0xFFFFFFFF);
 
        rc = iwl_hw_nic_init(priv);