[PATCH] softmac: Fix for work struct changes

[PATCH] softmac: Fix for work struct changes

[Larry Finger]

From: Ulrich Kunitz <kune-hUSrv6EASfkEnNRfnnE9gw@public.gmane.org>

The signature of work functions changed recently from a context
pointer to the work structure pointer. This caused a problem in
the ieee80211softmac code, because the ieee80211softmac_assox_work
function has  been called directly with a parameter explicitly
casted to (void*). This compiled correctly but resulted in a
softlock, because mutex_lock was called with the wrong memory
address. The patch fixes the problem. Another issue was a wrong
call of the schedule_work function. Softmac works again and this
fixes the problem I mentioned earlier in the zd1211rw rx tasklet
patch. The patch is against Linus' tree (commit af1713e0).

Signed-off-by: Ulrich Kunitz <kune-hUSrv6EASfkEnNRfnnE9gw@public.gmane.org>
Acked-by: Michael Buesch <mb-fseUSCV1ubazQB+pC5nmwQ@public.gmane.org>
Signed-off-by: Larry Finger <Larry.Finger-tQ5ms3gMjBLk1uMJSBkQmQ@public.gmane.org>
---

John,

This patch should be pushed upstream to 2.6.20. At the moment, the work
struct changes have not yet propagated to wireless-2.6. When they do,
it will be needed there as well.

Larry

 net/ieee80211/softmac/ieee80211softmac_assoc.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
index eec1a1d..a824852 100644
--- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
+++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
@@ -167,7 +167,7 @@ static void
 ieee80211softmac_assoc_notify_scan(struct net_device *dev, int event_type, void *context)
 {
 	struct ieee80211softmac_device *mac = ieee80211_priv(dev);
-	ieee80211softmac_assoc_work((void*)mac);
+	ieee80211softmac_assoc_work(&mac->associnfo.work.work);
 }
 
 static void
@@ -177,7 +177,7 @@ ieee80211softmac_assoc_notify_auth(struc
 
 	switch (event_type) {
 	case IEEE80211SOFTMAC_EVENT_AUTHENTICATED:
-		ieee80211softmac_assoc_work((void*)mac);
+		ieee80211softmac_assoc_work(&mac->associnfo.work.work);
 		break;
 	case IEEE80211SOFTMAC_EVENT_AUTH_FAILED:
 	case IEEE80211SOFTMAC_EVENT_AUTH_TIMEOUT:
@@ -438,7 +438,7 @@ ieee80211softmac_try_reassoc(struct ieee
 
 	spin_lock_irqsave(&mac->lock, flags);
 	mac->associnfo.associating = 1;
-	schedule_work(&mac->associnfo.work);
+	schedule_delayed_work(&mac->associnfo.work, 0);
 	spin_unlock_irqrestore(&mac->lock, flags);
 }

fix for 2.9.20-rc2 null pointer dereference in SoftMAC? was Re: [PATCH] softmac: Fix for work struct changes

[bert hubert]

On Sun, Dec 10, 2006 at 03:37:27PM -0600, Larry Finger wrote:
> casted to (void*). This compiled correctly but resulted in a
> softlock, because mutex_lock was called with the wrong memory
> address. The patch fixes the problem. Another issue was a wrong

(quickly, between christmas dinner preparations)
Does this explain the following, which happens reliably in stock 2.6.20-rc2 (in-kernel zd1211rw):

Dec 24 22:07:25 localhost kernel: [  120.238914] SoftMAC: Open Authentication completed with 00:0e:a6:16:28:a9
Dec 24 22:07:25 localhost kernel: [  120.239005] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000006
Dec 24 22:07:25 localhost kernel: [  120.239132]  printing eip:
Dec 24 22:07:25 localhost kernel: [  120.239191] c04cf8c5
Dec 24 22:07:25 localhost kernel: [  120.239249] *pde = 00000000
Dec 24 22:07:25 localhost kernel: [  120.239308] Oops: 0002 [#1]
Dec 24 22:07:25 localhost kernel: [  120.239367] Modules linked in: capability commoncap cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table cpufreq_conservative zd1211rw ieee80211softmac usbhid ieee80211 ieee80211_crypt psmouse
Dec 24 22:07:25 localhost kernel: [  120.239850] CPU:    0
Dec 24 22:07:25 localhost kernel: [  120.239851] EIP:    0060:[__mutex_lock_slowpath+30/89]    Not tainted VLI
Dec 24 22:07:25 localhost kernel: [  120.239853] EFLAGS: 00010286   (2.6.20-rc2 #7)
Dec 24 22:07:25 localhost kernel: [  120.240043] EIP is at __mutex_lock_slowpath+0x1e/0x59
Dec 24 22:07:25 localhost kernel: [  120.240106] eax: f5b449e0   ebx: f5b449dc   ecx: 00000006   edx: 00000004
Dec 24 22:07:25 localhost kernel: [  120.240173] esi: c19005a0   edi: f5b44a40   ebp: f8862ce8   esp: c1909ec0
Dec 24 22:07:25 localhost kernel: [  120.240241] ds: 007b   es: 007b   ss: 0068
Dec 24 22:07:25 localhost kernel: [  120.240305] Process events/0 (pid: 4, ti=c1908000 task=c19005a0 task.ti=c1908000)
Dec 24 22:07:25 localhost kernel: [  120.240372] Stack: f5b449e0 00000006 00000020 f5b449a0 f5b44a40 c04cf7d8 f8862943 f72b8500
Dec 24 22:07:25 localhost kernel: [  120.240676]        00000286 f5b44314 f5b449dc f5b44a40 00000001 00000000 f5e6c9c0 f5e6c9c0
Dec 24 22:07:25 localhost kernel: [  120.240981]        00000000 f5b44a40 f8862ce8 f8862d50 00000004 00100100 00200200 00000004
Dec 24 22:07:25 localhost kernel: [  120.241284] Call Trace:
Dec 24 22:07:25 localhost kernel: [  120.241399]  [mutex_lock+9/10] mutex_lock+0x9/0xa
Dec 24 22:07:25 localhost kernel: [  120.241485]  [<f8862943>] ieee80211softmac_assoc_work+0x1b/0x3c0 [ieee80211softmac]
Dec 24 22:07:25 localhost kernel: [  120.241614]  [<f8862ce8>] ieee80211softmac_assoc_notify_auth+0x0/0x1e [ieee80211softmac]
Dec 24 22:07:25 localhost kernel: [  120.241741]  [<f8862d50>] ieee80211softmac_notify_callback+0x40/0x48 [ieee80211softmac]
Dec 24 22:07:25 localhost kernel: [  120.241866]  [<f8862d10>] ieee80211softmac_notify_callback+0x0/0x48 [ieee80211softmac]
Dec 24 22:07:25 localhost kernel: [  120.241992]  [<f8862ce8>] ieee80211softmac_assoc_notify_auth+0x0/0x1e [ieee80211softmac]
Dec 24 22:07:25 localhost kernel: [  120.242118]  [<f8862d10>] ieee80211softmac_notify_callback+0x0/0x48 [ieee80211softmac]
Dec 24 22:07:25 localhost kernel: [  120.242243]  [run_workqueue+139/311] run_workqueue+0x8b/0x137
Dec 24 22:07:25 localhost kernel: [  120.242336]  [worker_thread+0/302] worker_thread+0x0/0x12e
Dec 24 22:07:25 localhost kernel: [  120.242422]  [worker_thread+261/302] worker_thread+0x105/0x12e
Dec 24 22:07:25 localhost kernel: [  120.242509]  [default_wake_function+0/12] default_wake_function+0x0/0xc
Dec 24 22:07:25 localhost kernel: [  120.242596]  [kthread+155/191] kthread+0x9b/0xbf
Dec 24 22:07:25 localhost kernel: [  120.242682]  [kthread+0/191] kthread+0x0/0xbf
Dec 24 22:07:25 localhost kernel: [  120.242767]  [kernel_thread_helper+7/16] kernel_thread_helper+0x7/0x10
Dec 24 22:07:25 localhost kernel: [  120.242856]  =======================
Dec 24 22:07:25 localhost kernel: [  120.242915] Code: 00 00 00 31 d2 89 d0 83 c4 0c 5b 5e c3 56 53 83 ec 0c 89 c3 65 8b 35 08 00 00 00 8d 40 04 8b 48 04 89
60 04 89 04 24 89 4c 24 04 <89> 21 89 74 24 08 83 c8 ff 87 03 48 74 0d c7 06 02 00 00 00 e8
Dec 24 22:07:25 localhost kernel: [  120.244531] EIP: [__mutex_lock_slowpath+30/89] __mutex_lock_slowpath+0x1e/0x59 SS:ESP 0068:c1909ec0

This happens after starting wpa_supplicant on a zd1211rw device.


-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

Re: fix for 2.9.20-rc2 null pointer dereference in SoftMAC? was Re: [PATCH] softmac: Fix for work struct changes

[Larry Finger]

bert hubert wrote:
> On Sun, Dec 10, 2006 at 03:37:27PM -0600, Larry Finger wrote:
>> casted to (void*). This compiled correctly but resulted in a
>> softlock, because mutex_lock was called with the wrong memory
>> address. The patch fixes the problem. Another issue was a wrong
> 
> (quickly, between christmas dinner preparations)
> Does this explain the following, which happens reliably in stock 2.6.20-rc2 (in-kernel zd1211rw):
> 
> Dec 24 22:07:25 localhost kernel: [  120.238914] SoftMAC: Open Authentication completed with 00:0e:a6:16:28:a9
> Dec 24 22:07:25 localhost kernel: [  120.239005] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000006
> Dec 24 22:07:25 localhost kernel: [  120.239132]  printing eip:
> Dec 24 22:07:25 localhost kernel: [  120.239191] c04cf8c5
> Dec 24 22:07:25 localhost kernel: [  120.239249] *pde = 00000000
> Dec 24 22:07:25 localhost kernel: [  120.239308] Oops: 0002 [#1]
> Dec 24 22:07:25 localhost kernel: [  120.239367] Modules linked in: capability commoncap cpufreq_userspace cpufreq_stats cpufreq_powersave cpufreq_ondemand freq_table cpufreq_conservative zd1211rw ieee80211softmac usbhid ieee80211 ieee80211_crypt psmouse
> Dec 24 22:07:25 localhost kernel: [  120.239850] CPU:    0
> Dec 24 22:07:25 localhost kernel: [  120.239851] EIP:    0060:[__mutex_lock_slowpath+30/89]    Not tainted VLI
> Dec 24 22:07:25 localhost kernel: [  120.239853] EFLAGS: 00010286   (2.6.20-rc2 #7)
> Dec 24 22:07:25 localhost kernel: [  120.240043] EIP is at __mutex_lock_slowpath+0x1e/0x59
> Dec 24 22:07:25 localhost kernel: [  120.240106] eax: f5b449e0   ebx: f5b449dc   ecx: 00000006   edx: 00000004
> Dec 24 22:07:25 localhost kernel: [  120.240173] esi: c19005a0   edi: f5b44a40   ebp: f8862ce8   esp: c1909ec0
> Dec 24 22:07:25 localhost kernel: [  120.240241] ds: 007b   es: 007b   ss: 0068
> Dec 24 22:07:25 localhost kernel: [  120.240305] Process events/0 (pid: 4, ti=c1908000 task=c19005a0 task.ti=c1908000)
> Dec 24 22:07:25 localhost kernel: [  120.240372] Stack: f5b449e0 00000006 00000020 f5b449a0 f5b44a40 c04cf7d8 f8862943 f72b8500
> Dec 24 22:07:25 localhost kernel: [  120.240676]        00000286 f5b44314 f5b449dc f5b44a40 00000001 00000000 f5e6c9c0 f5e6c9c0
> Dec 24 22:07:25 localhost kernel: [  120.240981]        00000000 f5b44a40 f8862ce8 f8862d50 00000004 00100100 00200200 00000004
> Dec 24 22:07:25 localhost kernel: [  120.241284] Call Trace:
> Dec 24 22:07:25 localhost kernel: [  120.241399]  [mutex_lock+9/10] mutex_lock+0x9/0xa
> Dec 24 22:07:25 localhost kernel: [  120.241485]  [<f8862943>] ieee80211softmac_assoc_work+0x1b/0x3c0 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [  120.241614]  [<f8862ce8>] ieee80211softmac_assoc_notify_auth+0x0/0x1e [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [  120.241741]  [<f8862d50>] ieee80211softmac_notify_callback+0x40/0x48 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [  120.241866]  [<f8862d10>] ieee80211softmac_notify_callback+0x0/0x48 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [  120.241992]  [<f8862ce8>] ieee80211softmac_assoc_notify_auth+0x0/0x1e [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [  120.242118]  [<f8862d10>] ieee80211softmac_notify_callback+0x0/0x48 [ieee80211softmac]
> Dec 24 22:07:25 localhost kernel: [  120.242243]  [run_workqueue+139/311] run_workqueue+0x8b/0x137
> Dec 24 22:07:25 localhost kernel: [  120.242336]  [worker_thread+0/302] worker_thread+0x0/0x12e
> Dec 24 22:07:25 localhost kernel: [  120.242422]  [worker_thread+261/302] worker_thread+0x105/0x12e
> Dec 24 22:07:25 localhost kernel: [  120.242509]  [default_wake_function+0/12] default_wake_function+0x0/0xc
> Dec 24 22:07:25 localhost kernel: [  120.242596]  [kthread+155/191] kthread+0x9b/0xbf
> Dec 24 22:07:25 localhost kernel: [  120.242682]  [kthread+0/191] kthread+0x0/0xbf
> Dec 24 22:07:25 localhost kernel: [  120.242767]  [kernel_thread_helper+7/16] kernel_thread_helper+0x7/0x10
> Dec 24 22:07:25 localhost kernel: [  120.242856]  =======================
> Dec 24 22:07:25 localhost kernel: [  120.242915] Code: 00 00 00 31 d2 89 d0 83 c4 0c 5b 5e c3 56 53 83 ec 0c 89 c3 65 8b 35 08 00 00 00 8d 40 04 8b 48 04 89
> 60 04 89 04 24 89 4c 24 04 <89> 21 89 74 24 08 83 c8 ff 87 03 48 74 0d c7 06 02 00 00 00 e8
> Dec 24 22:07:25 localhost kernel: [  120.244531] EIP: [__mutex_lock_slowpath+30/89] __mutex_lock_slowpath+0x1e/0x59 SS:ESP 0068:c1909ec0
> 
> This happens after starting wpa_supplicant on a zd1211rw device.

Yes, this error applies to any interface using softmac, not just bcm43xx.

Larry