In https://bugzilla.kernel.org/show_bug.cgi?id=43044, driver rtl8192ce is
getting an oops due to a NULL pointer dereference due to NULL being returned by
ieee80211_get_tx_rate. For reference, the code in question is
static inline struct ieee80211_rate *
ieee80211_get_tx_rate(const struct ieee80211_hw *hw,
const struct ieee80211_tx_info *c)
{
if (WARN_ON(c->control.rates[0].idx < 0))
return NULL;
return &hw->wiphy->bands[c->band]->bitrates[c->control.rates[0].idx];
}
Any thoughts regarding what might be causing this? I don't have the full log,
but I assume that the WARN_ON must have been in the logs.
I can easily protect rtlwifi, but I would like to know the cause.
Thanks,
Larry
On Thu, Apr 5, 2012 at 5:37 AM, Larry Finger <[email protected]> wrote:
> In https://bugzilla.kernel.org/show_bug.cgi?id=43044, driver rtl8192ce is
> getting an oops due to a NULL pointer dereference due to NULL being returned
> by ieee80211_get_tx_rate. For reference, the code in question is
>
> static inline struct ieee80211_rate *
> ieee80211_get_tx_rate(const struct ieee80211_hw *hw,
> ? ? ? ? ? ? ? ? ? ? ?const struct ieee80211_tx_info *c)
> {
> ? ? ? ?if (WARN_ON(c->control.rates[0].idx < 0))
> ? ? ? ? ? ? ? ?return NULL;
> ? ? ? ?return &hw->wiphy->bands[c->band]->bitrates[c->control.rates[0].idx];
For MCS rates c->control.rates[0].idx contains the MCS rate itself. So, calling
ieee80211_get_tx_rate for an MCS rate might actually cause this ...
Helmut