Re: kernel panic with time-stamping in phy devices (monitor mode)

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Eric Dumazet <eric.dumazet@gmail.com>
To: Andrew Watts <akwatts@ymail.com>
Cc: netdev@vger.kernel.org
Subject: Re: kernel panic with time-stamping in phy devices (monitor mode)
Date: Thu, 02 Dec 2010 17:38:04 +0100	[thread overview]
Message-ID: <1291307884.2871.69.camel@edumazet-laptop> (raw)
In-Reply-To: <252997.92320.qm@web111013.mail.gq1.yahoo.com>

Le jeudi 02 décembre 2010 à 08:05 -0800, Andrew Watts a écrit :
> Hi.
> 
> The 'time stamping in phy devices' code introduced in 2.6.36
> (c1f19b51d1d87f3e3bb7e6648f43f7d57ed2da6b et al.) triggers
> kernel panics when wireless devices are placed in monitor mode
> (tested with b43 and ath5k devices on a 32-bit system).
> 
> To reproduce, set CONFIG_NETWORK_PHY_TIMESTAMPING=y and put a
> wireless device into monitor mode:
> 
>  # ifconfig wlan0 down
>  # iwconfig wlan0 mode monitor 
>  # ifconfig wlan0 up
> 
> ~ Andy
> 
> ==============
> 
>  [<c14455ad>] ? __alloc_skb+0x53/0xf8
>  [<f92fdd57>] ? b43_dma_rx+0x18a/0x342 [b43]
>  [<f92e8475>] ? b43_do_interrupt_thread+0x420/0x92e [b43]
>  [<c1027731>] ? __dequeue_entity+0x31/0x35
>  [<c1027a44>] ? set_next_entity+0xad/0xbb
>  [<f92e899b>] ? b43_interrupt_thread_handler+0x18/0x2b [b43]
>  [<c107c378>] ? irq_thread+0xb6/0x19e
>  [<c15625a0>] ? schedule+0x254/0x566
>  [<c107c2c2>] ? irq_thread+0x0/0x19e
>  [<c10448b1>] ? kthread+0x67/0x69
>  [<c104484a>] ? kthread+0x0/0x69
>  [<c100323e>] ? kernel_thread_helper+0x6/0x18
> Code: 4c 24 14 8b 88 a8 00 00 00 89 4c 24 10 89 54 24 0c 8b
> 40 50 89 44 24 08 8b 45 04 89 44 24 04 c7 04 24 30 74 7a c1
> e8 b5 d2 11 00 <0f> 0b eb fe 55 89 e5 56 53 83 ec 24 8b 88
> a0 00 00 00 8b 58 54
> EIP: [<c1444ea0>] skb_push+0x7d/0x81 SS:ESP 0068:cee01d78
> ---[ end trace af1c99818e62b195 ]---
> Kernel panic - not syncing: Fatal exception in interrupt
> Pid: 6674, comm: irq/18-b43 Tainted: G     D     2.6.36.1
> Call Trace:
>  [<c156217d>] ? printk+0x28/0x2a
>  [<c156205c>] panic+0x57/0x150
>  [<c1564adf>] oops_begin+0x0/0x40
>  [<c1004e36>] die+0x49/0x5d
>  [<c1564304>] do_trap+0x84/0xad
>  [<c10037e5>] ? do_invalid_op+0x0/0x93
>  [<c100386b>] do_invalid_op+0x86/0x93
>  [<c1444ea0>] ? skb_push+0x7d/0x81
>  [<c15640b9>] error_code+0x65/0x6c
>  [<c1444ea0>] ? skb_push+0x7d/0x81
>  [<c145f721>] ? skb_defer_rx_timestamp+0x12/0x5a
>  [<c145f721>] skb_defer_rx_timestamp+0x12/0x5a
>  [<c144d23c>] netif_receive_skb+0x1f/0x47
>  [<c153a6e8>] ieee80211_rx+0x661/0x8e1
>  [<f85daca2>] ? ssb_pci_read32+0x19/0x31 [ssb]
>  [<f92e54cf>] ? b43_tsf_read+0x2a/0x47 [b43]
>  [<f92f8d42>] b43_rx+0x24c/0x5eb [b43]
>  [<c14455ad>] ? __alloc_skb+0x53/0xf8
>  [<f92fdd57>] b43_dma_rx+0x18a/0x342 [b43]
>  [<f92e8475>] b43_do_interrupt_thread+0x420/0x92e [b43]
>  [<c1027731>] ? __dequeue_entity+0x31/0x35
>  [<c1027a44>] ? set_next_entity+0xad/0xbb
>  [<f92e899b>] b43_interrupt_thread_handler+0x18/0x2b [b43]
>  [<c107c378>] irq_thread+0xb6/0x19e
>  [<c15625a0>] ? schedule+0x254/0x566
>  [<c107c2c2>] ? irq_thread+0x0/0x19e
>  [<c10448b1>] kthread+0x67/0x69
>  [<c104484a>] ? kthread+0x0/0x69
>  [<c100323e>] kernel_thread_helper+0x6/0x18
> 
> 

Thanks for the report

Please try following patch.

diff --git a/net/core/timestamping.c b/net/core/timestamping.c
index dac7ed6..a710ab0 100644
--- a/net/core/timestamping.c
+++ b/net/core/timestamping.c
@@ -96,7 +96,10 @@ bool skb_defer_rx_timestamp(struct sk_buff *skb)
 	struct phy_device *phydev;
 	unsigned int type;
 
-	skb_push(skb, ETH_HLEN);
+	if (skb->data - ETH_HLEN < skb->head)
+		return false;
+
+	__skb_push(skb, ETH_HLEN);
 
 	type = classify(skb);

next prev parent reply	other threads:[~2010-12-02 16:45 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-02 16:05 kernel panic with time-stamping in phy devices (monitor mode) Andrew Watts
2010-12-02 16:38 ` Eric Dumazet [this message]
2010-12-02 18:21   ` Andrew Watts
2010-12-04  7:57   ` Richard Cochran
2010-12-04  8:17     ` Eric Dumazet
2010-12-04 20:46       ` Andrew Watts
2010-12-05 12:24         ` Eric Dumazet
2010-12-06  0:01           ` Changli Gao
2010-12-06  4:50             ` Eric Dumazet
2010-12-11  0:18               ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dac7ed6 dfblob:a710ab0 )
 OR (
bs:"Re: kernel panic with time-stamping in phy devices (monitor mode)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1291307884.2871.69.camel@edumazet-laptop \
    --to=eric.dumazet@gmail.com \
    --cc=akwatts@ymail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox