Mailinglist Archive: opensuse-bugs (4724 mails)

< Previous Next >
[Bug 592886] frequent null deref in iwl_mac_reset_tsf forcing reboots
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 1 Apr 2010 19:03:26 +0000
  • Message-id: <20100401190326.187A1CC7CE@xxxxxxxxxxxxxxxxxxxxxx>
http://bugzilla.novell.com/show_bug.cgi?id=592886

http://bugzilla.novell.com/show_bug.cgi?id=592886#c1


Jeff Mahoney <jeffm@xxxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 - None |P3 - Medium
CC| |jeffm@xxxxxxxxxx
AssignedTo|kernel-maintainers@xxxxxxxx |jslaby@xxxxxxxxxx
|ovo.novell.com |

--- Comment #1 from Jeff Mahoney <jeffm@xxxxxxxxxx> 2010-04-01 19:03:24 UTC ---
(gdb) list *iwl_mac_reset_tsf+0xa7
0x35c7 is in iwl_mac_reset_tsf (drivers/net/wireless/iwlwifi/iwl-core.c:2849).
2844 dev_kfree_skb(priv->ibss_beacon);
2845
2846 priv->ibss_beacon = NULL;
2847
2848 priv->beacon_int = priv->vif->bss_conf.beacon_int;
2849 priv->timestamp = 0;
2850 if ((priv->iw_mode == NL80211_IFTYPE_STATION))
2851 priv->beacon_int = 0;
2852
2853 spin_unlock_irqrestore(&priv->lock, flags);


The gdb identification is wrong and it's actually the line before it.

BUG: unable to handle kernel NULL pointer dereference at 00000012

(gdb) print &((struct ieee80211_vif *)0)->bss_conf.beacon_int
$1 = (u16 *) 0x12

In iwl_irq_tasklet, if there was a firmware hw error we issue the message and
then call iwl_irq_handle_error. That queues work on the priv->restart wq, which
is iwl_bg_restart. In the case of a firmware error, it shuts down the interface
including priv->vif = NULL.

So it looks like there's a race between the hardware resetting and the mac80211
layer scheduling its own workqueues.

Assigning to wifi expert.

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
List Navigation
References