summaryrefslogtreecommitdiff
path: root/Sponsors
blob: 2d21600f9a499479a7a0d7e186c5fc4eee9319b4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

netsniff-ng is partly sponsored by:
///////////////////////////////////

Red Hat
 * W: http://www.redhat.com/

Deutsche Flugsicherung GmbH
 * W: https://secais.dfs.de/

ETH Zurich:
 * W: http://csg.ethz.ch/

Max Planck Institute for Human Cognitive and Brain Sciences
 * W: http://www.cbs.mpg.de/
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-13 20:24:36 +0000
e='0' selected='selected'>unified
authorMichal Kazior <michal.kazior@tieto.com>2016-11-14 14:25:23 +0100
committerKalle Valo <kvalo@qca.qualcomm.com>2016-11-23 15:55:38 +0200
commit18ae68fff392e445af3c2d8be9bef8a16e1c72a7 (patch)
tree2c26f43f1d35ed8c8f7bb521e8a229ce0d252b39
parentf6f64cfb966d95a5d1e68d6bd3b74b2938ee18cd (diff)
ath10k: fix null deref on wmi-tlv when trying spectral scan
WMI ops wrappers did not properly check for null function pointers for spectral scan. This caused null dereference crash with WMI-TLV based firmware which doesn't implement spectral scan. The crash could be triggered with: ip link set dev wlan0 up echo background > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl The crash looked like this: [ 168.031989] BUG: unable to handle kernel NULL pointer dereference at (null) [ 168.037406] IP: [< (null)>] (null) [ 168.040395] PGD cdd4067 PUD fa0f067 PMD 0 [ 168.043303] Oops: 0010 [#1] SMP [ 168.045377] Modules linked in: ath10k_pci(O) ath10k_core(O) ath mac80211 cfg80211 [last unloaded: cfg80211] [ 168.051560] CPU: 1 PID: 1380 Comm: bash Tainted: G W O 4.8.0 #78 [ 168.054336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 168.059183] task: ffff88000c460c00 task.stack: ffff88000d4bc000 [ 168.061736] RIP: 0010:[<0000000000000000>] [< (null)>] (null) ... [ 168.100620] Call Trace: [ 168.101910] [<ffffffffa03b9566>] ? ath10k_spectral_scan_config+0x96/0x200 [ath10k_core] [ 168.104871] [<ffffffff811386e2>] ? filemap_fault+0xb2/0x4a0 [ 168.106696] [<ffffffffa03b97e6>] write_file_spec_scan_ctl+0x116/0x280 [ath10k_core] [ 168.109618] [<ffffffff812da3a1>] full_proxy_write+0x51/0x80 [ 168.111443] [<ffffffff811957b8>] __vfs_write+0x28/0x120 [ 168.113090] [<ffffffff812f1a2d>] ? security_file_permission+0x3d/0xc0 [ 168.114932] [<ffffffff8109b912>] ? percpu_down_read+0x12/0x60 [ 168.116680] [<ffffffff811965f8>] vfs_write+0xb8/0x1a0 [ 168.118293] [<ffffffff81197966>] SyS_write+0x46/0xa0 [ 168.119912] [<ffffffff818f2972>] entry_SYSCALL_64_fastpath+0x1a/0xa4 [ 168.121737] Code: Bad RIP value. [ 168.123318] RIP [< (null)>] (null) Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Diffstat