* [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
@ 2012-06-13 11:15 Mahesh Palivela
2012-06-13 11:28 ` Johannes Berg
0 siblings, 1 reply; 5+ messages in thread
From: Mahesh Palivela @ 2012-06-13 11:15 UTC (permalink / raw)
To: linville; +Cc: linux-wireless, johannes
I saw wireless-testing kernel crash at nl80211 survey_dump function. we can see this crash only when run wpa_supplicant of hostap dev branch. This patch is fix for it.
Signed-off-by: Mahesh Palivela <maheshp@posedge.com>
---
net/wireless/nl80211.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 7ae54b8..3554c53 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4515,6 +4515,8 @@ static int nl80211_dump_survey(struct sk_buff *skb,
while (1) {
struct ieee80211_channel *chan;
+ memset(&survey, 0, sizeof(struct survey_info));
+
res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
&survey);
if (res == -ENOENT)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
2012-06-13 11:15 [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash Mahesh Palivela
@ 2012-06-13 11:28 ` Johannes Berg
2012-06-13 12:30 ` Mahesh Palivela
0 siblings, 1 reply; 5+ messages in thread
From: Johannes Berg @ 2012-06-13 11:28 UTC (permalink / raw)
To: Mahesh Palivela; +Cc: linville, linux-wireless
On Wed, 2012-06-13 at 11:15 +0000, Mahesh Palivela wrote:
> I saw wireless-testing kernel crash at nl80211 survey_dump function. we can see this crash only when run wpa_supplicant of hostap dev branch. This patch is fix for it.
Please break long lines, include information about the crash and why
this fixes it, and don't reference wireless-testing ... it's not
specific in that particular tree
Thanks.
johannes
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
2012-06-13 11:28 ` Johannes Berg
@ 2012-06-13 12:30 ` Mahesh Palivela
2012-06-13 12:36 ` Johannes Berg
0 siblings, 1 reply; 5+ messages in thread
From: Mahesh Palivela @ 2012-06-13 12:30 UTC (permalink / raw)
To: Johannes Berg; +Cc: linville, linux-wireless
________________________________________
From: Johannes Berg [johannes@sipsolutions.net]
Sent: Wednesday, June 13, 2012 4:58 PM
To: Mahesh Palivela
Cc: linville@tuxdriver.com; linux-wireless@vger.kernel.org
Subject: Re: [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
On Wed, 2012-06-13 at 11:15 +0000, Mahesh Palivela wrote:
> I saw wireless-testing kernel crash at nl80211 survey_dump function. we can see this crash only when run wpa_supplicant of hostap dev branch. This patch is fix for it.
Please break long lines, include information about the crash and why
this fixes it, and don't reference wireless-testing ... it's not
specific in that particular tree
Thanks.
johannes
crash info:
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.647231] BUG: unable to handle kernel NULL pointer dereference at 000000d4
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.655675] IP: [<f8fa5883>] nl80211_dump_survey+0x93/0x390 [cfg80211]
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.663504] *pdpt = 000000000ace0001 *pde = 0000000000000000
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.670521] Oops: 0000 [#1] SMP
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.675013] Modules linked in: arc4 pewlmac(O) mac80211 cfg80211 bnep rfcomm bluetooth binfmt_misc snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep i915 snd_pcm drm_kms_helper hid_generic snd_seq_midi snd_rawmidi usbhid drm hid snd_seq_midi_event snd_seq snd_timer snd_seq_device snd coretemp i2c_algo_bit kvm_intel mei ppdev lpc_ich video soundcore snd_page_alloc shpchp kvm microcode parport_pc lp parport e1000e ahci libahci
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.718508]
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.721213] Pid: 3466, comm: wpa_supplicant Tainted: G O 3.5.0-rc1-wl+ #5 /DH61WW
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.732251] EIP: 0060:[<f8fa5883>] EFLAGS: 00010202 CPU: 2
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.738947] EIP is at nl80211_dump_survey+0x93/0x390 [cfg80211]
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.746054] EAX: 000000d0 EBX: f9f7afc0 ECX: cae8bbb8 EDX: 00000000
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.748205] Interrupt is not ours
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.757944] ESI: 00000001 EDI: caf6f9c0 EBP: cae8bc08 ESP: cae8bb9c
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.765348] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.771855] CR0: 8005003b CR2: 000000d4 CR3: 0ad36000 CR4: 000407f0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.779239] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.786603] DR6: ffff0ff0 DR7: 00000400
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.791515] Process wpa_supplicant (pid: 3466, ti=cae8a000 task=cadda5e0 task.ti=cae8a000)
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.800848] Stack:
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.803912] cae8bbb8 cae8bb9c cb9de084 eeda1000 00026d00 caca2ec0 00000000 000000d0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.812692] 00001000 00026d01 caf6f9c0 000000d0 caf6f9c0 cae8bbf0 c1495d30 00000000
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.821451] 00001000 000000a4 f0127c00 00000f40 00000000 cae8bc08 cb9de000 f4ac3000
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.830206] Call Trace:
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.833685] [<c1495d30>] ? __alloc_skb+0x60/0x200
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.839519] [<c14c23aa>] netlink_dump+0x5a/0x1f0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.845227] [<c14c3256>] ? netlink_lookup+0x26/0xc0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.851173] [<c14c33a8>] netlink_dump_start+0xb8/0x150
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.857356] [<f8fa57f0>] ? cfg80211_report_obss_beacon+0x1a0/0x1a0 [cfg80211]
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.865527] [<c14c50fd>] genl_rcv_msg+0xed/0x260
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.871157] [<c1157c10>] ? __pollwait+0xd0/0xd0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.876695] [<c1494bf5>] ? skb_free_head+0x45/0x50
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.882486] [<f8fa57f0>] ? cfg80211_report_obss_beacon+0x1a0/0x1a0 [cfg80211]
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.890618] [<c14c5010>] ? genl_rcv+0x30/0x30
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.895980] [<c14c4a8e>] netlink_rcv_skb+0x8e/0xb0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.901770] [<c14c4ffc>] genl_rcv+0x1c/0x30
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.906958] [<c14c44c4>] netlink_unicast+0x174/0x1f0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.912923] [<c14c4726>] netlink_sendmsg+0x1e6/0x310
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.918895] [<c148d60f>] sock_sendmsg+0xff/0x120
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.924523] [<c1071512>] ? check_preempt_curr+0x72/0x90
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.930772] [<c1071558>] ? ttwu_do_wakeup+0x28/0x130
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.936761] [<c12c77b2>] ? _copy_from_user+0x42/0x60
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.942753] [<c1498e44>] ? verify_iovec+0x44/0xb0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.948487] [<c148e832>] __sys_sendmsg+0x262/0x270
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.954305] [<c106bdc7>] ? __wake_up_common+0x47/0x70
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.960390] [<c106d015>] ? __wake_up+0x45/0x60
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.965867] [<c135cc69>] ? tty_wakeup+0x39/0x70
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.971418] [<c1077f6d>] ? update_curr+0x17d/0x300
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.977219] [<c1037d48>] ? default_spin_lock_flags+0x8/0x10
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.983800] [<c158ca5d>] ? _raw_spin_lock_irqsave+0x2d/0x40
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.990379] [<c101088d>] ? __switch_to+0xcd/0x2a0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2016.996061] [<c1070271>] ? finish_task_switch+0x41/0xc0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.002243] [<c148f9fb>] sys_sendmsg+0x3b/0x60
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.007617] [<c14900a3>] sys_socketcall+0x283/0x2e0
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.013406] [<c159375f>] sysenter_do_call+0x12/0x28
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.019204] Code: ac 8d 55 b0 8b 4d ac 89 14 24 8b 55 f0 ff d3 83 f8 fe 0f 84 85 01 00 00 85 c0 0f 85 f0 02 00 00 8b 45 b0 85 c0 0f 84 72 01 00 00 <0f> b7 50 04 8b 45 ec 05 00 01 00 00 e8 9c 28 ff ff 85 c0 74 a8
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.039726] EIP: [<f8fa5883>] nl80211_dump_survey+0x93/0x390 [cfg80211] SS:ESP 0068:cae8bb9c
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.049008] CR2: 00000000000000d4
Jun 11 12:06:34 LAB-WLAN-STA-01 kernel: [ 2017.103589] ---[ end trace def0e7bb864be539 ]---
Reason for crash:
net/wireless/nl80211.c -> nl80211_dump_survey() survey_info structure is not being initialized. Without this dev->ops->dump_survey() return value is zero. But 'survey' argument passed to this function is untouched and we are trying to access the members of this structure and hitting crash. Hope this helps.
Thanks,
Mahesh
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
2012-06-13 12:30 ` Mahesh Palivela
@ 2012-06-13 12:36 ` Johannes Berg
2012-06-13 14:37 ` Mahesh Palivela
0 siblings, 1 reply; 5+ messages in thread
From: Johannes Berg @ 2012-06-13 12:36 UTC (permalink / raw)
To: Mahesh Palivela; +Cc: linville, linux-wireless
On Wed, 2012-06-13 at 12:30 +0000, Mahesh Palivela wrote:
> net/wireless/nl80211.c -> nl80211_dump_survey() survey_info structure
> is not being initialized. Without this dev->ops->dump_survey() return
> value is zero. But 'survey' argument passed to this function is
> untouched and we are trying to access the members of this structure
> and hitting crash. Hope this helps.
What driver are you using, and why does it return 0 when it didn't
actually return/fill any information?
johannes
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
2012-06-13 12:36 ` Johannes Berg
@ 2012-06-13 14:37 ` Mahesh Palivela
0 siblings, 0 replies; 5+ messages in thread
From: Mahesh Palivela @ 2012-06-13 14:37 UTC (permalink / raw)
To: Johannes Berg; +Cc: linville, linux-wireless
________________________________________
From: Johannes Berg [johannes@sipsolutions.net]
Sent: Wednesday, June 13, 2012 6:06 PM
To: Mahesh Palivela
Cc: linville@tuxdriver.com; linux-wireless@vger.kernel.org
Subject: RE: [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash
On Wed, 2012-06-13 at 12:30 +0000, Mahesh Palivela wrote:
> net/wireless/nl80211.c -> nl80211_dump_survey() survey_info structure
> is not being initialized. Without this dev->ops->dump_survey() return
> value is zero. But 'survey' argument passed to this function is
> untouched and we are trying to access the members of this structure
> and hitting crash. Hope this helps.
What driver are you using, and why does it return 0 when it didn't
actually return/fill any information?
johannes
Its our own chip driver. I just checked without doing anything we are returning zero. I will fix it on our end as well.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-06-13 14:37 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-13 11:15 [PATCH] cfg80211/nl80211: Fix for wireless-testing kernel crash Mahesh Palivela
2012-06-13 11:28 ` Johannes Berg
2012-06-13 12:30 ` Mahesh Palivela
2012-06-13 12:36 ` Johannes Berg
2012-06-13 14:37 ` Mahesh Palivela
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.