From patchwork Mon Feb 11 20:20:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tedheadster X-Patchwork-Id: 1040134 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Z4JvsBe4"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43yxx8386Tz9s7h for ; Tue, 12 Feb 2019 07:20:28 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728446AbfBKUU0 (ORCPT ); Mon, 11 Feb 2019 15:20:26 -0500 Received: from mail-qk1-f194.google.com ([209.85.222.194]:34377 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727530AbfBKUUZ (ORCPT ); Mon, 11 Feb 2019 15:20:25 -0500 Received: by mail-qk1-f194.google.com with SMTP id a15so7309490qkc.1 for ; Mon, 11 Feb 2019 12:20:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=3yjsfZg+lhIORd24TMQ+z4bgOYpJx4DkJnK2CFHcASg=; b=Z4JvsBe4NQd9LR76dYuY7l10hSXxoKvhvZ8Pa+v39RQiNuSTr8r8u/E8sYU522X7ri v3UK2HUIba/PHOJXT5w7JTHxl06IctNF/I5HQeAal7C1E9gDb3Y9j5n5KuknfMG8q6Qk aUZQN43MqIhhOJF8bVnluP/V+2dtnJukYF+pN8yMDNzU9X2cnrZs1LuB9ul3Ycz57X8l l23l7+IiaQbhHRozSFyIhut74beDtRxjvbbOBP6I65XiajUAsM7LZh0FA0luoYa6gMlo iH/GCs07cIs2Met0bAEbvWgPut3LSN2LlWy+xWklu0HaJsf+2576XA9WMW2x+UqDOI7l LwKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=3yjsfZg+lhIORd24TMQ+z4bgOYpJx4DkJnK2CFHcASg=; b=k0lj2yCttgRPojc1NuJ3ieqPzb2ukb/uiM0YzG01QNp/NJ2sDsJVnZbibDthsxcKIp VtfnLKGSS5kQ5ZJh/WI9UcBTWI9kWSJH3ih3ozvZUHQxtfya5LClXGVUnWThJkRon/Zo obUjI8HhFQlHxcEshRZt8FLE3fqTAagBQu/tOZyLgoZqN2XEtTKqfbuCfvrdGwtg0xpF +SWNeXbw4l5qv0f779EbfpJcE+NCxl/GPVQ9u7eRBJxxJm2OJpg5brgYDx5R5GswvEZj pIkYqfoHaX4D5wHoBJKVoME4T3fPCLHvmKxOYSfe51BueHlFxk+fslTD05UWhgH0BpMy yVYg== X-Gm-Message-State: AHQUAubOTQS/LarlhRzSMih0OGZ+n0hdm60wiLIW2T0v4HvUG/rNzyqv BWwPcbu0X833up2GYrlmfw== X-Google-Smtp-Source: AHgI3IajUAk0mRJ46uQG2qxjn7OSS76vmal8ARSWDMT5L0JWBC/ItsYKfJ+S0S+vyv4ungVkGHwEfQ== X-Received: by 2002:a37:4fd5:: with SMTP id d204mr38967qkb.90.1549916424498; Mon, 11 Feb 2019 12:20:24 -0800 (PST) Received: from mwhitehe.remote.csb (pool-98-116-99-216.nycmny.fios.verizon.net. [98.116.99.216]) by smtp.gmail.com with ESMTPSA id b66sm14468531qkf.64.2019.02.11.12.20.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 12:20:23 -0800 (PST) From: Matthew Whitehead To: whiteheadm@acm.org, netdev@vger.kernel.org, davem@davemloft.net Cc: Matthew Whitehead Subject: [PATCH] Revert: "p54: Use skb_peek_tail() instead of direct head pointer accesses" Date: Mon, 11 Feb 2019 15:20:15 -0500 Message-Id: <1549916415-30420-1-git-send-email-tedheadster@gmail.com> X-Mailer: git-send-email 1.8.3.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Commit e3554197fc8fbb9656f62c18f9c9edd396394e16 causes a null pointer error. kernel: p54pci 0000:07:00.0: enabling device (0000 -> 0002) kernel: ieee80211 phy1: p54 detected a LM86 firmware kernel: p54: rx_mtu reduced from 3240 to 2376 kernel: ieee80211 phy1: FW rev 2.13.1.0 - Softmac protocol 5.5 kernel: ieee80211 phy1: cryptographic accelerator WEP:YES, TKIP:YES, CCMP:YES kernel: BUG: unable to handle kernel NULL pointer dereference at 00000000 kernel: *pde = 00000000 kernel: Oops: 0000 [#1] PREEMPT SMP kernel: CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 4.19.0.bisect-14.#871 kernel: Hardware name: IBM 2378RVU/2378RVU, BIOS 1RETDKWW (3.16 ) 04/19/2005 kernel: Workqueue: events request_firmware_work_func kernel: EIP: p54_tx_pending+0xff/0x128 [p54common] kernel: Code: 8b 4d dc 89 7e 30 89 56 34 0f b6 53 56 01 d7 89 79 04 8b 96 a0 00 00 00 f6 42 01 80 75 0c 80 7a 28 00 75 06 89 bb d4 01 00 00 <8b> 10 89 46 04 89 16 89 30 8b 45 ec 89 72 04 8b 55 e8 ff 43 2c e8 kernel: EAX: 00000000 EBX: ec6a2d60 ECX: ed4de568 EDX: ed4de568 kernel: ESI: ec4e0980 EDI: 00020264 EBP: c0071eb8 ESP: c0071e94 kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010082 kernel: CR0: 80050033 CR2: 00000000 CR3: 2f715000 CR4: 00000690 kernel: Call Trace: kernel: p54_tx+0x1a/0x1d [p54common] kernel: p54_download_eeprom+0xa6/0xfb [p54common] kernel: p54_read_eeprom+0x5c/0x99 [p54common] kernel: p54p_firmware_step2+0x50/0xcd [p54pci] kernel: request_firmware_work_func+0x2a/0x51 kernel: process_one_work+0x16b/0x28e kernel: worker_thread+0x180/0x222 kernel: kthread+0xce/0xd0 kernel: ? cancel_delayed_work+0x5e/0x5e kernel: ? kthread_create_worker_on_cpu+0x1c/0x1c kernel: ret_from_fork+0x19/0x24 kernel: Modules linked in: p54pci p54common crc_ccitt mac80211 ipw2200 libipw lib80211 cfg80211 uhci_hcd pcmcia ehci_pci yenta_socket ehci_hcd rfkill i2c_i801 pcmcia_rsrc e1000 usbcore i2c_core pcmcia_core lpc_ich usb_common mfd_core floppy autofs4 kernel: CR2: 0000000000000000 kernel: ---[ end trace ddc1a265fd4f4bc6 ]--- kernel: EIP: p54_tx_pending+0xff/0x128 [p54common] kernel: Code: 8b 4d dc 89 7e 30 89 56 34 0f b6 53 56 01 d7 89 79 04 8b 96 a0 00 00 00 f6 42 01 80 75 0c 80 7a 28 00 75 06 89 bb d4 01 00 00 <8b> 10 89 46 04 89 16 89 30 8b 45 ec 89 72 04 8b 55 e8 ff 43 2c e8 kernel: EAX: 00000000 EBX: ec6a2d60 ECX: ed4de568 EDX: ed4de568 kernel: ESI: ec4e0980 EDI: 00020264 EBP: c0071eb8 ESP: c16252e8 kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010082 kernel: CR0: 80050033 CR2: 00000000 CR3: 2f715000 CR4: 00000690 kernel: note: kworker/0:0[5] exited with preempt_count 1 Reverting the patch fixes the problem. Signed-off-by: Matthew Whitehead --- drivers/net/wireless/intersil/p54/txrx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/intersil/p54/txrx.c b/drivers/net/wireless/intersil/p54/txrx.c index 79078456..3a4214d 100644 --- a/drivers/net/wireless/intersil/p54/txrx.c +++ b/drivers/net/wireless/intersil/p54/txrx.c @@ -121,8 +121,8 @@ static int p54_assign_address(struct p54_common *priv, struct sk_buff *skb) } if (unlikely(!target_skb)) { if (priv->rx_end - last_addr >= len) { - target_skb = skb_peek_tail(&priv->tx_queue); - if (target_skb) { + target_skb = priv->tx_queue.prev; + if (!skb_queue_empty(&priv->tx_queue)) { info = IEEE80211_SKB_CB(target_skb); range = (void *)info->rate_driver_data; target_addr = range->end_addr;