mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-07 19:30:30 +09:00
e7f6f893ac
Fix the following NULL pointer dereference in mt76u_status_worker that
can occur if status thread runs before allocating tx queues
[ 31.395373] BUG: kernel NULL pointer dereference, address: 000000000000002c
[ 31.395769] #PF: supervisor read access in kernel mode
[ 31.395985] #PF: error_code(0x0000) - not-present page
[ 31.396178] PGD 0 P4D 0
[ 31.396277] Oops: 0000 [#1] SMP
[ 31.396430] CPU: 3 PID: 337 Comm: mt76-usb-status Not tainted 5.10.0-rc1-kvm+ #49
[ 31.396703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-3.fc33 04/01/2014
[ 31.397048] RIP: 0010:mt76u_status_worker+0x2b/0x190
[ 31.397931] RSP: 0018:ffffc9000076fe98 EFLAGS: 00010282
[ 31.398118] RAX: 0000000000000001 RBX: ffff888111203fe8 RCX: 0000000000000000
[ 31.398400] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff888111203fe8
[ 31.398668] RBP: ffff888111201d00 R08: 000000000000038c R09: 000000000000009b
[ 31.398952] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 31.399235] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810c987300
[ 31.399494] FS: 0000000000000000(0000) GS:ffff88817bd80000(0000) knlGS:0000000000000000
[ 31.399767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.399991] CR2: 000000000000002c CR3: 0000000103525000 CR4: 00000000000006a0
[ 31.400236] Call Trace:
[ 31.400348] ? schedule+0x3e/0xa0
[ 31.400514] __mt76_worker_fn+0x71/0xa0
[ 31.400634] ? mt76_get_min_avg_rssi+0x110/0x110
[ 31.400827] kthread+0x118/0x130
[ 31.400984] ? __kthread_bind_mask+0x60/0x60
[ 31.401212] ret_from_fork+0x1f/0x30
[ 31.401353] Modules linked in:
[ 31.401480] CR2: 000000000000002c
[ 31.401627] ---[ end trace 8bf174505cc34851 ]---
[ 31.401798] RIP: 0010:mt76u_status_worker+0x2b/0x190
[ 31.402636] RSP: 0018:ffffc9000076fe98 EFLAGS: 00010282
[ 31.402829] RAX: 0000000000000001 RBX: ffff888111203fe8 RCX: 0000000000000000
[ 31.403118] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff888111203fe8
[ 31.403424] RBP: ffff888111201d00 R08: 000000000000038c R09: 000000000000009b
[ 31.403689] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 31.403933] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810c987300
[ 31.404209] FS: 0000000000000000(0000) GS:ffff88817bd80000(0000) knlGS:0000000000000000
[ 31.404482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.404726] CR2: 000000000000002c CR3: 0000000103525000 CR4: 00000000000006a0
[ 31.405294] mt76x0u: probe of 1-1:1.0 failed with error -110
[ 31.406007] usb 1-1: USB disconnect, device number 2
[ 31.840756] usb 1-1: new high-speed USB device number 3 using xhci_hcd
[ 32.461295] usb 1-1: reset high-speed USB device number 3 using xhci_hcd
[ 32.659932] mt76x0u 1-1:1.0: ASIC revision: 76100002 MAC revision: 76502000
[ 33.197032] mt76x0u 1-1:1.0: EEPROM ver:02 fae:01
Fixes: 9daf27e628 ("mt76: mt76u: use dedicated thread for status work")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/cd44dc407cf3e5f27688105d4a75fb1c68e62b06.1607419147.git.lorenzo@kernel.org
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.