Return-path: Received: from mail-pz0-f52.google.com ([209.85.210.52]:45291 "EHLO mail-pz0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751890Ab2DEGry convert rfc822-to-8bit (ORCPT ); Thu, 5 Apr 2012 02:47:54 -0400 Received: by dake40 with SMTP id e40so1228843dak.11 for ; Wed, 04 Apr 2012 23:47:54 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <4F7D1382.2080708@lwfinger.net> References: <4F7D1382.2080708@lwfinger.net> Date: Thu, 5 Apr 2012 08:47:54 +0200 Message-ID: (sfid-20120405_084757_628777_7918CCEF) Subject: Re: Question about setup error in mac80211 From: Helmut Schaa To: Larry Finger Cc: Johannes Berg , wireless , John Linville Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-wireless-owner@vger.kernel.org List-ID: On Thu, Apr 5, 2012 at 5:37 AM, Larry Finger wrote: > In https://bugzilla.kernel.org/show_bug.cgi?id=43044, driver rtl8192ce is > getting an oops due to a NULL pointer dereference due to NULL being returned > by ieee80211_get_tx_rate. For reference, the code in question is > > static inline struct ieee80211_rate * > ieee80211_get_tx_rate(const struct ieee80211_hw *hw, > ? ? ? ? ? ? ? ? ? ? ?const struct ieee80211_tx_info *c) > { > ? ? ? ?if (WARN_ON(c->control.rates[0].idx < 0)) > ? ? ? ? ? ? ? ?return NULL; > ? ? ? ?return &hw->wiphy->bands[c->band]->bitrates[c->control.rates[0].idx]; For MCS rates c->control.rates[0].idx contains the MCS rate itself. So, calling ieee80211_get_tx_rate for an MCS rate might actually cause this ... Helmut