mac80211_hwsim.c: fix: BUG: unable to handle kernel NULL pointer dere…

…ference at 0000000000000370 I was looking at this out of interest, but I'm in no way familiar with the code. Looks to me that the error handling code in mac80211_hwsim is awkward. Which leads to it calling ieee80211_unregister_hw even when ieee80211_register_hw failed. The function has a for loop where it generates all simulated radios. when something fails, the error handling will call mac80211_hwsim_free which frees all simulated radios who's pointer isn't zero. However the information stored is insufficient to determine whether or not the call to ieee80211_register_hw succeeded or not for a specific radio. The included patch makes init_mac80211_hwsim clean up the current simulated radio, and then calls into mac80211_hwsim_free to clean up all the radios that did succeed. This however doesn't explain why the rate control registration failed.. build tested this, but had some problems reproducing the original problem. Signed-off-by: Ian Schram <ischram@telenet.be> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
git-mirror · Jul 21, 2008 · 3a33cc1 · 3a33cc1
1 parent 5547cd0
commit 3a33cc1
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
@@ -364,8 +364,7 @@ static void mac80211_hwsim_free(void)
 			struct mac80211_hwsim_data *data;
 			data = hwsim_radios[i]->priv;
 			ieee80211_unregister_hw(hwsim_radios[i]);
-			if (!IS_ERR(data->dev))
-				device_unregister(data->dev);
+			device_unregister(data->dev);
 			ieee80211_free_hw(hwsim_radios[i]);
 		}
 	}
@@ -437,7 +436,7 @@ static int __init init_mac80211_hwsim(void)
 			       "mac80211_hwsim: device_create_drvdata "
 			       "failed (%ld)\n", PTR_ERR(data->dev));
 			err = -ENOMEM;
-			goto failed;
+			goto failed_drvdata;
 		}
 		data->dev->driver = &mac80211_hwsim_driver;
 
@@ -461,7 +460,7 @@ static int __init init_mac80211_hwsim(void)
 		if (err < 0) {
 			printk(KERN_DEBUG "mac80211_hwsim: "
 			       "ieee80211_register_hw failed (%d)\n", err);
-			goto failed;
+			goto failed_hw;
 		}
 
 		printk(KERN_DEBUG "%s: hwaddr %s registered\n",
@@ -479,9 +478,9 @@ static int __init init_mac80211_hwsim(void)
 	rtnl_lock();
 
 	err = dev_alloc_name(hwsim_mon, hwsim_mon->name);
-	if (err < 0) {
+	if (err < 0)
 		goto failed_mon;
-	}
+
 
 	err = register_netdevice(hwsim_mon);
 	if (err < 0)
@@ -494,7 +493,14 @@ static int __init init_mac80211_hwsim(void)
 failed_mon:
 	rtnl_unlock();
 	free_netdev(hwsim_mon);
+	mac80211_hwsim_free();
+	return err;
 
+failed_hw:
+	device_unregister(data->dev);
+failed_drvdata:
+	ieee80211_free_hw(hw);
+	hwsim_radios[i] = 0;
 failed:
 	mac80211_hwsim_free();
 	return err;