From: Larry Finger <larry.finger@lwfinger.net>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Broadcom Linux <bcm43xx-dev@lists.berlios.de>,
wireless <linux-wireless@vger.kernel.org>
Subject: Re: [RFC] mac80211: fix software decryption with b43legacy
Date: Sat, 18 Aug 2007 15:13:50 -0500 [thread overview]
Message-ID: <46C752FE.4030706@lwfinger.net> (raw)
In-Reply-To: <1187453173.6090.33.camel@johannes.berg>
I have added the lists to this message.
I got b43legacy up and running with the software decryption modifications. It started OK with
WPA-PSK TKIP encryption, but soon thereafter, I got this message:
eth1: No ProbeResp from current AP 00:1a:70:46:ba:b1 - assume out of range
I don't know why this happened. I didn't move away from the AP, or do anything that should have
caused loss of a probe response; however, immediately after that, I got this GPF:
general protection fault: 0000 [1] SMP
CPU 0
Modules linked in: nfs af_packet snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device vboxdrv
cpufreq_conservative cpufreq_ondemand cpufreq_userspace cpufreq_powersave powernow_k8 freq_table
thermal processor button battery ac nls_utf8 ntfs loop dm_mod nfsd exportfs lockd nfs_acl
auth_rpcgss sunrpc snd_hda_intel rc80211_simple snd_pcm snd_timer ohci_hcd snd ohci1394 ehci_hcd
ieee1394 soundcore b43legacy sdhci usbcore mmc_core mac80211 cfg80211 ide_cd cdrom forcedeth
snd_page_alloc i2c_nforce2 ssb ext3 mbcache jbd sg edd fan sata_nv libata amd74xx sd_mod scsi_mod
ide_disk ide_core
Pid: 2087, comm: b43legacy Not tainted 2.6.23-rc3-Ldev-gf5a42059-dirty #13
RIP: 0010:[<ffffffff803fe191>] [<ffffffff803fe191>] __mutex_unlock_slowpath+0x6b/0x13a
RSP: 0018:ffff810056bd9b30 EFLAGS: 00010016
RAX: 0000000000007b64 RBX: ffff81005825e978 RCX: 0000000000000003
RDX: ffff810037f3d080 RSI: 0000000000000008 RDI: 6b6b6b6b6b6b6ba3
RBP: ffff810056bd9b50 R08: 0000000000000000 R09: ffff81005825e978
R10: ffff810056bd9b80 R11: ffff810037f3d080 R12: 6b6b6b6b6b6b6ba3
R13: 0000000000000246 R14: 6b6b6b6b6b6b6bab R15: ffff8100580564c0
FS: 00002b4afda060b0(0000) GS:ffffffff80539000(0000) knlGS:00000000f479eb90
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00000000f4e88bd0 CR3: 0000000057aa2000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process b43legacy (pid: 2087, threadinfo ffff810056bd8000, task ffff810037f3d080)
Stack: ffff81005825e978 ffff81005825c2f0 ffff8100580564c0 ffff81005825c2f0
ffff810056bd9b60 ffffffff803fe269 ffff810056bd9b80 ffffffff8814d704
ffff81005825c2f0 ffff810058056640 ffff810056bd9bb0 ffffffff8813cd4f
Call Trace:
[<ffffffff803fe269>] mutex_unlock+0x9/0xb
[<ffffffff8814d704>] :mac80211:ieee80211_key_free+0x33/0x37
[<ffffffff8813cd4f>] :mac80211:sta_info_free+0x92/0xae
[<ffffffff881427dc>] :mac80211:ieee80211_associated+0x100/0x1ec
[<ffffffff88143646>] :mac80211:ieee80211_sta_work+0x0/0x182e
The rest of the call trace is available if needed. The crash occurred when ieee80211_key_free was
trying to unlock the mutex key_idx. I added printk's to dump the pointer to sdata at the point where
that mutex is initialized and where the key is freed. The mutex that errs was inited.
Note: For this run, I did not have a set_key callback routine defined. I also tried it with a
callback routine that immediately returns -ENOSPC. It didn't make any difference.
Please let me know what further debug info you need.
Larry
next prev parent reply other threads:[~2007-08-18 20:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-17 10:26 [RFC] mac80211: fix software decryption Johannes Berg
[not found] ` <46C5CC0D.2040609@lwfinger.net>
[not found] ` <1187384230.6090.7.camel@johannes.berg>
[not found] ` <46C612E8.4020604@lwfinger.net>
[not found] ` <1187387215.6090.13.camel@johannes.berg>
[not found] ` <46C64777.1000602@lwfinger.net>
[not found] ` <1187453173.6090.33.camel@johannes.berg>
2007-08-18 20:13 ` Larry Finger [this message]
2007-08-20 11:20 ` [RFC] mac80211: fix software decryption with b43legacy Johannes Berg
2007-08-20 12:09 ` Johannes Berg
2007-08-20 17:36 ` Larry Finger
2007-08-20 22:43 ` Ulrich Kunitz
2007-08-21 0:18 ` Larry Finger
2007-08-21 4:59 ` [RFC] mac80211: fix software decryption Larry Finger
2007-08-21 10:06 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46C752FE.4030706@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=bcm43xx-dev@lists.berlios.de \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).