The Coverity checker spotted the following in drivers/net/wireless/hostap/hostap_cs.c: <-- snip --> ... static int hostap_cs_suspend(struct pcmcia_device *link) { struct net_device *dev = (struct net_device *) link->priv; int dev_open = 0; struct hostap_interface *iface = NULL; if (dev) iface = netdev_priv(dev); PDEBUG(DEBUG_EXTRA, "%s: CS_EVENT_PM_SUSPEND\n", dev_info); if (iface && iface->local) dev_open = iface->local->num_dev_open > 0; if (dev_open) { netif_stop_queue(dev); netif_device_detach(dev); } prism2_suspend(dev); return 0; } static int hostap_cs_resume(struct pcmcia_device *link) { struct net_device *dev = (struct net_device *) link->priv; int dev_open = 0; struct hostap_interface *iface = NULL; if (dev) iface = netdev_priv(dev); PDEBUG(DEBUG_EXTRA, "%s: CS_EVENT_PM_RESUME\n", dev_info); if (iface && iface->local) dev_open = iface->local->num_dev_open > 0; prism2_hw_shutdown(dev, 1); prism2_hw_config(dev, dev_open ? 0 : 1); if (dev_open) { netif_device_attach(dev); netif_start_queue(dev); } return 0; } ... <-- snip --> If the "if (dev)" is false then there's a guaranteed NULL dereference later in the "prism2_suspend(dev)" resp. "prism2_hw_config(dev, dev_open ? 0 : 1)".
Ugh, yes indeed! John, was this fixed somewhere? still same in the mainline...
fixed by commit fcee7a01ad7516eeb8dfdd0a17ef04cd2ee30757