[Prism54-devel] patch against null pointers in islpci_mgt.c

Bruno Randolf bruno.randolf at 4g-systems.biz
Tue Mar 8 22:14:13 UTC 2005 

hello!

the prism54 driver crashed immediately on my system when i loaded it. 
investigating the error i found an uninitialized pointer and a length of zero 
which were used accessing the DMA buffers. the following patch fixes this - i 
wonder how the driver was able to work without it ;)

diff -Nubr prism54-cvs-latest/ksrc/islpci_mgt.c 
prism54-cvs-latest.br1/ksrc/islpci_mgt.c
--- prism54-cvs-latest/ksrc/islpci_mgt.c        2004-11-08 17:08:27.000000000 
+0100
+++ prism54-cvs-latest.br1/ksrc/islpci_mgt.c    2005-03-08 22:56:37.197524872 
+0100
@@ -135,6 +135,7 @@
                                return -ENOMEM;
                        }
                        buf->size = MGMT_FRAME_SIZE;
+                       buf->mem = buf->skb->data;
                }
                if (buf->pci_addr == 0) {
                        buf->pci_addr = pci_map_single(priv->pdev, buf->mem,
@@ -345,7 +346,7 @@

                /* Ensure the results of device DMA are visible to the CPU. */
                pci_dma_sync_single(priv->pdev, buf->pci_addr,
-                               buf->skb->len, PCI_DMA_FROMDEVICE);
+                               frag_len, PCI_DMA_FROMDEVICE);

                /* Perform endianess conversion for PIMFOR header in-place. */
                header = pimfor_decode_header(buf->mem, frag_len);


now another error remains:

 frame = kmalloc(sizeof (struct islpci_mgmtframe) + size,
    GFP_ATOMIC);

in islpci_mgt.c line 410 always fails, resulting in the following error 
messages:

root at mtx-1:~# ifconfig eth1 up
remove_proc_entry: 00:00.0/loading busy, count=1
remove_proc_entry: firmware/00:00.0 busy, count=1
de_put: deferred delete of loading
de_put: deferred delete of 00:00.0
eth1: Out of memory, cannot handle oid 0x00000010
eth1: timeout waiting for mgmt response
eth1: mgt_commit_list: failure. oid=19000004 err=-145
eth1: Out of memory, cannot handle oid 0x04000012
eth1: timeout waiting for mgmt response
eth1: mgt_commit_list: failure. oid=12000003 err=-145
eth1: interface reset failure
prism54: Your card/socket may be faulty, or IRQ line too busy :(
SIOCSIFFLAGS: Connection timed out

i don't know what to do against that one. any ideas? 

bruno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://prism54.org/pipermail/prism54-devel/attachments/20050308/132c25ff/attachment.pgp

More information about the Prism54-devel mailing list