* [p54]: oops in p54_rx
@ 2008-12-08 7:49 Manuel Lauss
2008-12-08 13:08 ` Christian Lamparter
0 siblings, 1 reply; 9+ messages in thread
From: Manuel Lauss @ 2008-12-08 7:49 UTC (permalink / raw)
To: linux-wireless
Hello,
The following oops occurs when udev loads p54pci driver (device is an early
SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
2.13.1.0.arm). This is transcribed from a rather bad photo (please see
http://mlau.at/pix/p54oops.jpg ):
BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
PGD 12e433067 PUD 12e46f067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
CPU 0
Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
...
(gdb) list *p54_rx+0xc6
0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
497
498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
499 rx_status.noise = priv->noise;
500 /* XX correct? */
501 rx_status.qual = (100 * hdr->rssi) / 127;
502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
503 hdr->rate : (hdr->rate - 4)) & 0xf;
504 rx_status.freq = freq;
505 rx_status.band = dev->conf.channel->band;
506 rx_status.antenna = hdr->antenna;
...
0x0000000000001b59 <p54_rx+185>: add %ecx,%edx
0x0000000000001b5b <p54_rx+187>: sar $0x6,%edx
0x0000000000001b5e <p54_rx+190>: mov %edx,0x38(%rsp)
0x0000000000001b62 <p54_rx+194>: mov 0x20(%r13),%rdx
0x0000000000001b66 <p54_rx+198>: mov (%rdx),%eax
0x0000000000001b68 <p54_rx+200>: test %eax,%eax
0x0000000000001b6a <p54_rx+202>: je 0x1c70 <p54_rx+464>
0x0000000000001b70 <p54_rx+208>: movzbl 0x7(%rbp),%eax
0x0000000000001b74 <p54_rx+212>: sub $0x4,%eax
0x0000000000001b77 <p54_rx+215>: and $0xf,%eax
0x0000000000001b7a <p54_rx+218>: mov %eax,0x40(%rsp)
...
Loading the module manually gets a bit further:
p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
p54pci 0000:05:01.0: firmware: requesting isl3886
p54: LM86 firmware
p54: FW rev 2.13.1.0 - Softmac protocol 5.5
phy2: device does not respond!
p54pci 0000:05:01.0: PCI INT A disabled
p54pci: probe of 0000:05:01.0 failed with error -16
Thanks,
Manuel Lauss
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 7:49 [p54]: oops in p54_rx Manuel Lauss
@ 2008-12-08 13:08 ` Christian Lamparter
2008-12-08 13:26 ` Manuel Lauss
0 siblings, 1 reply; 9+ messages in thread
From: Christian Lamparter @ 2008-12-08 13:08 UTC (permalink / raw)
To: Manuel Lauss; +Cc: linux-wireless
On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> Hello,
Hello!
> The following oops occurs when udev loads p54pci driver (device is an early
> SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> http://mlau.at/pix/p54oops.jpg ):
>
> BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> PGD 12e433067 PUD 12e46f067 PMD 0
> Oops: 0000 [#1] PREEMPT SMP
> last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> CPU 0
> Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
>
> (gdb) list *p54_rx+0xc6
> 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> 497
> 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> 499 rx_status.noise = priv->noise;
> 500 /* XX correct? */
> 501 rx_status.qual = (100 * hdr->rssi) / 127;
> 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> 503 hdr->rate : (hdr->rate - 4)) & 0xf;
That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
from?
> Loading the module manually gets a bit further:
>
> p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
> p54pci 0000:05:01.0: firmware: requesting isl3886
> p54: LM86 firmware
> p54: FW rev 2.13.1.0 - Softmac protocol 5.5
> phy2: device does not respond!
--- no, this time it just doesn't respond at all => crashed
> p54pci 0000:05:01.0: PCI INT A disabled
> p54pci: probe of 0000:05:01.0 failed with error -16
Did it work with an older firmware? (and then which one?)
Or do you have >= 4GB Ram/iommu etc.?
Regards,
Chr
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 13:08 ` Christian Lamparter
@ 2008-12-08 13:26 ` Manuel Lauss
2008-12-08 14:09 ` Christian Lamparter
0 siblings, 1 reply; 9+ messages in thread
From: Manuel Lauss @ 2008-12-08 13:26 UTC (permalink / raw)
To: Christian Lamparter; +Cc: linux-wireless
Hallo Christian,
On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > Hello,
>
> Hello!
>
> > The following oops occurs when udev loads p54pci driver (device is an early
> > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > http://mlau.at/pix/p54oops.jpg ):
> >
> > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > PGD 12e433067 PUD 12e46f067 PMD 0
> > Oops: 0000 [#1] PREEMPT SMP
> > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > CPU 0
> > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> >
> > (gdb) list *p54_rx+0xc6
> > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > 497
> > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > 499 rx_status.noise = priv->noise;
> > 500 /* XX correct? */
> > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> from?
Booted firmware in need of attention? ;-) The other device on irq 17 is
a jmicron pata controller with no disks attached.
One more datapoint: this oops only seems to occur if udev loads p54 _and_
firmware is present. Without firmware the driver (obviously) does nothing
an later I can happily modprobe/rmmod it when firmware is in place without
incident (with the timeout error below).
> > Loading the module manually gets a bit further:
> >
> > p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
> > p54pci 0000:05:01.0: firmware: requesting isl3886
> > p54: LM86 firmware
> > p54: FW rev 2.13.1.0 - Softmac protocol 5.5
> > phy2: device does not respond!
> --- no, this time it just doesn't respond at all => crashed
> > p54pci 0000:05:01.0: PCI INT A disabled
> > p54pci: probe of 0000:05:01.0 failed with error -16
>
> Did it work with an older firmware? (and then which one?)
> Or do you have >= 4GB Ram/iommu etc.?
Only tried the suggested 2.13.1.0 firmware from the p54 wiki. Reloading
p54pci with the lmac_2.7.0.0 firmware hard-hangs the machine (no net, no
sysrq-b). Machine is Intel P35-based with 4GB ram.
Thank you,
Manuel Lauss
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 13:26 ` Manuel Lauss
@ 2008-12-08 14:09 ` Christian Lamparter
2008-12-08 14:48 ` Christian Lamparter
0 siblings, 1 reply; 9+ messages in thread
From: Christian Lamparter @ 2008-12-08 14:09 UTC (permalink / raw)
To: Manuel Lauss; +Cc: linux-wireless
On Monday 08 December 2008 14:26:03 Manuel Lauss wrote:
> Hallo Christian,
>
> On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> > On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > > Hello,
> >
> > Hello!
> >
> > > The following oops occurs when udev loads p54pci driver (device is an early
> > > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > > http://mlau.at/pix/p54oops.jpg ):
> > >
> > > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > PGD 12e433067 PUD 12e46f067 PMD 0
> > > Oops: 0000 [#1] PREEMPT SMP
> > > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > > CPU 0
> > > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> > >
> > > (gdb) list *p54_rx+0xc6
> > > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > > 497
> > > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > > 499 rx_status.noise = priv->noise;
> > > 500 /* XX correct? */
> > > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> > That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> > But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> > from?
>
> Booted firmware in need of attention? ;-) The other device on irq 17 is
> a jmicron pata controller with no disks attached.
the device has a ring-buffer with a counting index => so the firmware must have
incremented/corrupted the index.
> One more datapoint: this oops only seems to occur if udev loads p54 _and_
> firmware is present. Without firmware the driver (obviously) does nothing
> an later I can happily modprobe/rmmod it when firmware is in place without
> incident (with the timeout error below).
>
Well, that's tricky... I've no idea why it's sending "data" frames in the first place.
But what I can do is to stop the driver from oopsing...
I guess a check to see if the device mode is set to something else than
"NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
maybe we I should add a hex_dump as well.
let me make a patch for 2.6.28-rc7..
> > > Loading the module manually gets a bit further:
> > >
> > > p54pci 0000:05:01.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
> > > p54pci 0000:05:01.0: firmware: requesting isl3886
> > > p54: LM86 firmware
> > > p54: FW rev 2.13.1.0 - Softmac protocol 5.5
> > > phy2: device does not respond!
> > --- no, this time it just doesn't respond at all => crashed
> > > p54pci 0000:05:01.0: PCI INT A disabled
> > > p54pci: probe of 0000:05:01.0 failed with error -16
> >
> > Did it work with an older firmware? (and then which one?)
> > Or do you have >= 4GB Ram/iommu etc.?
>
> Only tried the suggested 2.13.1.0 firmware from the p54 wiki. Reloading
> p54pci with the lmac_2.7.0.0 firmware hard-hangs the machine (no net, no
> sysrq-b). Machine is Intel P35-based with 4GB ram.
Well, could you try with just 2Gb in your machine?
(Don't know, maybe booting with mem=2G is enough?!)
I never tested p54pci with more than 3gb.
Well, the SMC's windows driver ships with an even older one:
http://daemonizer.de/prism54/prism54-fw/fw-softmac/2.5.3.0.arm
you can try that as well, it might "load" this time.
Regards,
Chr
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 14:48 ` Christian Lamparter
@ 2008-12-08 14:47 ` Manuel Lauss
2008-12-08 15:24 ` Christian Lamparter
0 siblings, 1 reply; 9+ messages in thread
From: Manuel Lauss @ 2008-12-08 14:47 UTC (permalink / raw)
To: Christian Lamparter; +Cc: linux-wireless
On Mon, Dec 08, 2008 at 03:48:32PM +0100, Christian Lamparter wrote:
> On Monday 08 December 2008 15:09:43 Christian Lamparter wrote:
> > On Monday 08 December 2008 14:26:03 Manuel Lauss wrote:
> > > Hallo Christian,
> > >
> > > On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> > > > On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > > > > Hello,
> > > >
> > > > Hello!
> > > >
> > > > > The following oops occurs when udev loads p54pci driver (device is an early
> > > > > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > > > > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > > > > http://mlau.at/pix/p54oops.jpg ):
> > > > >
> > > > > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > > > > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > > PGD 12e433067 PUD 12e46f067 PMD 0
> > > > > Oops: 0000 [#1] PREEMPT SMP
> > > > > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > > > > CPU 0
> > > > > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > > > > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > > > > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > > > > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > > > > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > > > > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > > > > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > > > > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> > > > >
> > > > > (gdb) list *p54_rx+0xc6
> > > > > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > > > > 497
> > > > > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > > > > 499 rx_status.noise = priv->noise;
> > > > > 500 /* XX correct? */
> > > > > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > > > > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > > > > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> > > > That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> > > > But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> > > > from?
> > >
> > > Booted firmware in need of attention? ;-) The other device on irq 17 is
> > > a jmicron pata controller with no disks attached.
> > the device has a ring-buffer with a counting index => so the firmware must have
> > incremented/corrupted the index.
> >
> > > One more datapoint: this oops only seems to occur if udev loads p54 _and_
> > > firmware is present. Without firmware the driver (obviously) does nothing
> > > an later I can happily modprobe/rmmod it when firmware is in place without
> > > incident (with the timeout error below).
> > >
> > Well, that's tricky... I've no idea why it's sending "data" frames in the first place.
> >
> > But what I can do is to stop the driver from oopsing...
> >
> > I guess a check to see if the device mode is set to something else than
> > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > maybe we I should add a hex_dump as well.
>
> patch attached... tell me what it does on your dev.
Thank you, but I think the card is faulty... it doesn't work even on winxp
("device cannot be started Code 10"-error). Do you still want me to test
the patch?
Thanks!
Manuel Lauss
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 14:09 ` Christian Lamparter
@ 2008-12-08 14:48 ` Christian Lamparter
2008-12-08 14:47 ` Manuel Lauss
0 siblings, 1 reply; 9+ messages in thread
From: Christian Lamparter @ 2008-12-08 14:48 UTC (permalink / raw)
To: Manuel Lauss; +Cc: linux-wireless
[-- Attachment #1: Type: text/plain, Size: 5001 bytes --]
On Monday 08 December 2008 15:09:43 Christian Lamparter wrote:
> On Monday 08 December 2008 14:26:03 Manuel Lauss wrote:
> > Hallo Christian,
> >
> > On Mon, Dec 08, 2008 at 02:08:36PM +0100, Christian Lamparter wrote:
> > > On Monday 08 December 2008 08:49:04 Manuel Lauss wrote:
> > > > Hello,
> > >
> > > Hello!
> > >
> > > > The following oops occurs when udev loads p54pci driver (device is an early
> > > > SM2802W V2 PCI with the isl3886 "softmac" chip; 2.6.28-rc7, firmware
> > > > 2.13.1.0.arm). This is transcribed from a rather bad photo (please see
> > > > http://mlau.at/pix/p54oops.jpg ):
> > > >
> > > > BUG: Unable to handle kernel NULL pointer dereference at 0000000000000000
> > > > IP: [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > PGD 12e433067 PUD 12e46f067 PMD 0
> > > > Oops: 0000 [#1] PREEMPT SMP
> > > > last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0:0/....
> > > > CPU 0
> > > > Modules linked in: usb_storage ohci1394(+) ieee1394 p54pci(+) p54common ahci...
> > > > Pid: 0, comm: swapper Not tainted 2.6.28-rc7-00091-gf6f7b52 #1
> > > > RIP: 0010:[<ffffffffa0016b66>] [<ffffffffa0016b66>] p54_rx+0xc6/0x490 [p54common]
> > > > RSP: 0018:ffffffff80ab3df0 EFLAGS: 00010207
> > > > RAX: 0000000074e9fed0 RBX: ffff08012e4f1940 RCX: 0000000000002e10
> > > > RDX: 0000000000000000 RSI: 00000000000000f1 RDI: ffff80012e4f0000
> > > > RBP: ffff80012e077010 R08: ffff80012e077000 R09: ffff80012e04?000
> > > > R10: 0000000000000001 R11: ffffffff00221320 R12: ffff80012e4f1900
> > > > R13: ffff80012e4f0300 R14: 000000000000732e R15: ffff80012e4f19??
> > > >
> > > > (gdb) list *p54_rx+0xc6
> > > > 0x1b66 is in p54_rx (/usr/src/linux-2.6.git/drivers/net/wireless/p54/p54common.c:502).
> > > > 497
> > > > 498 rx_status.signal = p54_rssi_to_dbm(dev, hdr->rssi);
> > > > 499 rx_status.noise = priv->noise;
> > > > 500 /* XX correct? */
> > > > 501 rx_status.qual = (100 * hdr->rssi) / 127;
> > > > 502 rx_status.rate_idx = (dev->conf.channel->band == IEEE80211_BAND_2GHZ ?
> > > > 503 hdr->rate : (hdr->rate - 4)) & 0xf;
> > > That's right, dev->conf.channel isn't set at the time we're reading the eeprom.
> > > But, then we didn't initialize the radio, dcf and mac/bb yet, so where did the data frames came
> > > from?
> >
> > Booted firmware in need of attention? ;-) The other device on irq 17 is
> > a jmicron pata controller with no disks attached.
> the device has a ring-buffer with a counting index => so the firmware must have
> incremented/corrupted the index.
>
> > One more datapoint: this oops only seems to occur if udev loads p54 _and_
> > firmware is present. Without firmware the driver (obviously) does nothing
> > an later I can happily modprobe/rmmod it when firmware is in place without
> > incident (with the timeout error below).
> >
> Well, that's tricky... I've no idea why it's sending "data" frames in the first place.
>
> But what I can do is to stop the driver from oopsing...
>
> I guess a check to see if the device mode is set to something else than
> "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> maybe we I should add a hex_dump as well.
patch attached... tell me what it does on your dev.
Regards,
Chr
[-- Attachment #2: p54common-free.diff --]
[-- Type: text/x-diff, Size: 794 bytes --]
diff -Nurp linux-2.6.28-rc7/drivers/net/wireless/p54/p54common.c linux-2.6.28-rc8/drivers/net/wireless/p54/p54common.c
--- linux-2.6.28-rc7/drivers/net/wireless/p54/p54common.c 2008-12-08 15:35:51.655503446 +0100
+++ linux-2.6.28-rc8/drivers/net/wireless/p54/p54common.c 2008-12-08 15:30:58.583619238 +0100
@@ -488,6 +488,13 @@ static int p54_rx_data(struct ieee80211_
size_t header_len = sizeof(*hdr);
u32 tsf32;
+ if (priv->mode == NL80211_IFTYPE_UNSPECIFIED) {
+ printk(KERN_ERR "%s: received bogus data\n", wiphy_name(dev->wiphy));
+ print_hex_dump(KERN_ERR, "raw data: ", DUMP_PREFIX_ADDRESS,
+ 16, 1, skb->data, skb->len, 1);
+ return 0;
+ }
+
if (!(hdr->magic & cpu_to_le16(0x0001))) {
if (priv->filter_flags & FIF_FCSFAIL)
rx_status.flag |= RX_FLAG_FAILED_FCS_CRC;
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 14:47 ` Manuel Lauss
@ 2008-12-08 15:24 ` Christian Lamparter
2008-12-08 15:32 ` Manuel Lauss
0 siblings, 1 reply; 9+ messages in thread
From: Christian Lamparter @ 2008-12-08 15:24 UTC (permalink / raw)
To: Manuel Lauss; +Cc: linux-wireless
On Monday 08 December 2008 15:47:27 Manuel Lauss wrote:
[...]
> > > But what I can do is to stop the driver from oopsing...
> > >
> > > I guess a check to see if the device mode is set to something else than
> > > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > > maybe we I should add a hex_dump as well.
> >
> > patch attached... tell me what it does on your dev.
>
> Thank you, but I think the card is faulty... it doesn't work even on winxp
> ("device cannot be started Code 10"-error). Do you still want me to test
> the patch?
Did you try the card in the same system with 4Gb and with the original SMC driver?
Well, either way... you could "confirm" that doesn't crash anymore ;-).
Regards,
Chr
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 15:24 ` Christian Lamparter
@ 2008-12-08 15:32 ` Manuel Lauss
2008-12-08 15:50 ` Christian Lamparter
0 siblings, 1 reply; 9+ messages in thread
From: Manuel Lauss @ 2008-12-08 15:32 UTC (permalink / raw)
To: Christian Lamparter; +Cc: linux-wireless
On Mon, Dec 08, 2008 at 04:24:21PM +0100, Christian Lamparter wrote:
> On Monday 08 December 2008 15:47:27 Manuel Lauss wrote:
> [...]
> > > > But what I can do is to stop the driver from oopsing...
> > > >
> > > > I guess a check to see if the device mode is set to something else than
> > > > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > > > maybe we I should add a hex_dump as well.
> > >
> > > patch attached... tell me what it does on your dev.
> >
> > Thank you, but I think the card is faulty... it doesn't work even on winxp
> > ("device cannot be started Code 10"-error). Do you still want me to test
> > the patch?
> Did you try the card in the same system with 4Gb and with the original SMC driver?
> Well, either way... you could "confirm" that doesn't crash anymore ;-).
Tested on another machine with 1gb ram. It doesn't crash anymore. If you're
still interested, the log output is here http://mlau.at/files/p54log
Thanks!
Manuel Lauss
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [p54]: oops in p54_rx
2008-12-08 15:32 ` Manuel Lauss
@ 2008-12-08 15:50 ` Christian Lamparter
0 siblings, 0 replies; 9+ messages in thread
From: Christian Lamparter @ 2008-12-08 15:50 UTC (permalink / raw)
To: Manuel Lauss; +Cc: linux-wireless
On Monday 08 December 2008 16:32:08 Manuel Lauss wrote:
> On Mon, Dec 08, 2008 at 04:24:21PM +0100, Christian Lamparter wrote:
> > On Monday 08 December 2008 15:47:27 Manuel Lauss wrote:
> > [...]
> > > > > But what I can do is to stop the driver from oopsing...
> > > > >
> > > > > I guess a check to see if the device mode is set to something else than
> > > > > "NL80211_IFTYPE_UNSPECIFIED" and in p54_rx(_data) should prevent the oops.
> > > > > maybe we I should add a hex_dump as well.
> > > >
> > > > patch attached... tell me what it does on your dev.
> > >
> > > Thank you, but I think the card is faulty... it doesn't work even on winxp
> > > ("device cannot be started Code 10"-error). Do you still want me to test
> > > the patch?
> > Did you try the card in the same system with 4Gb and with the original SMC driver?
> > Well, either way... you could "confirm" that doesn't crash anymore ;-).
>
> Tested on another machine with 1gb ram. It doesn't crash anymore. If you're
> still interested, the log output is here http://mlau.at/files/p54log
>
interesting, the "logged" data has about the correct size.
But the data is totally screwed up.
So, yes you can kick it into the bin if you want to.
Regards,
Chr
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2008-12-08 15:50 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-08 7:49 [p54]: oops in p54_rx Manuel Lauss
2008-12-08 13:08 ` Christian Lamparter
2008-12-08 13:26 ` Manuel Lauss
2008-12-08 14:09 ` Christian Lamparter
2008-12-08 14:48 ` Christian Lamparter
2008-12-08 14:47 ` Manuel Lauss
2008-12-08 15:24 ` Christian Lamparter
2008-12-08 15:32 ` Manuel Lauss
2008-12-08 15:50 ` Christian Lamparter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).