From 658cc524305c9759019c4430ded231f631472482 Mon Sep 17 00:00:00 2001 From: Abraham Arce Date: Tue, 16 Mar 2010 12:24:54 +0000 Subject: [PATCH] KS8851: Avoid NULL pointer in set rx mode Kernel NULL pointer dereference when setting mode for IFF_MULTICAST. Tested on SDP OMAP4430 board. ks8851 spi1.0: message enable is 0 ks8851 spi1.0: revision 0, MAC f2:f4:2f:56:37:de, IRQ 194 Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP last sysfs file: Modules linked in: CPU: 0 Not tainted (2.6.34-rc1-01039-g38d7ed1-dirty #3) PC is at ks8851_set_rx_mode+0x88/0x124 LR is at bitrev32+0x24/0x2c Backtrace: [] ? (ks8851_set_rx_mode+0x0/0x124) [] (__dev_set_rx_mode+0x0/0x90) [] (dev_mc_add+0x0/0x78) [] (igmp_group_added+0x0/0x64) [] (ip_mc_inc_group+0x0/0x150) [] (ip_mc_up+0x0/0x64) [] (inetdev_event+0x0/0x3d4) [] (notifier_call_chain+0x0/0x78) [] (__raw_notifier_call_chain+0x0/0x24) [] (raw_notifier_call_chain+0x0/0x28) [] (call_netdevice_notifiers+0x0/0x24) [] (__dev_notify_flags+0x0/0x68) [] (dev_change_flags+0x0/0x4c) [] (ip_auto_config+0x0/0xf1c) [] (do_one_initcall+0x0/0x1bc) [] (kernel_init+0x0/0x234) Code: e15130bc e1833012 e14130bc e5943000 (e5934000) ---[ end trace ed0fb00a94142792 ]--- Kernel panic - not syncing: Fatal exception in interrupt Signed-off-by: Abraham Arce Signed-off-by: David S. Miller --- drivers/net/ks8851.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/ks8851.c b/drivers/net/ks8851.c index 0573e0bb4444..13cc1ca261d9 100644 --- a/drivers/net/ks8851.c +++ b/drivers/net/ks8851.c @@ -976,7 +976,6 @@ static void ks8851_set_rx_mode(struct net_device *dev) crc >>= (32 - 6); /* get top six bits */ rxctrl.mchash[crc >> 4] |= (1 << (crc & 0xf)); - mcptr = mcptr->next; } rxctrl.rxcr1 = RXCR1_RXME | RXCR1_RXPAFMA; -- 2.20.1