Search Linux Wireless

Re: [RFC] mac80211: fix software decryption with b43legacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have added the lists to this message.

I got b43legacy up and running with the software decryption modifications. It started OK with WPA-PSK TKIP encryption, but soon thereafter, I got this message:

eth1: No ProbeResp from current AP 00:1a:70:46:ba:b1 - assume out of range

I don't know why this happened. I didn't move away from the AP, or do anything that should have caused loss of a probe response; however, immediately after that, I got this GPF:

general protection fault: 0000 [1] SMP
CPU 0
Modules linked in: nfs af_packet snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device vboxdrv
cpufreq_conservative cpufreq_ondemand cpufreq_userspace cpufreq_powersave powernow_k8 freq_table
thermal processor button battery ac nls_utf8 ntfs loop dm_mod nfsd exportfs lockd nfs_acl
auth_rpcgss sunrpc snd_hda_intel rc80211_simple snd_pcm snd_timer ohci_hcd snd ohci1394 ehci_hcd
ieee1394 soundcore b43legacy sdhci usbcore mmc_core mac80211 cfg80211 ide_cd cdrom forcedeth
snd_page_alloc i2c_nforce2 ssb ext3 mbcache jbd sg edd fan sata_nv libata amd74xx sd_mod scsi_mod
ide_disk ide_core
Pid: 2087, comm: b43legacy Not tainted 2.6.23-rc3-Ldev-gf5a42059-dirty #13
RIP: 0010:[<ffffffff803fe191>]  [<ffffffff803fe191>] __mutex_unlock_slowpath+0x6b/0x13a
RSP: 0018:ffff810056bd9b30  EFLAGS: 00010016
RAX: 0000000000007b64 RBX: ffff81005825e978 RCX: 0000000000000003
RDX: ffff810037f3d080 RSI: 0000000000000008 RDI: 6b6b6b6b6b6b6ba3
RBP: ffff810056bd9b50 R08: 0000000000000000 R09: ffff81005825e978
R10: ffff810056bd9b80 R11: ffff810037f3d080 R12: 6b6b6b6b6b6b6ba3
R13: 0000000000000246 R14: 6b6b6b6b6b6b6bab R15: ffff8100580564c0
FS:  00002b4afda060b0(0000) GS:ffffffff80539000(0000) knlGS:00000000f479eb90
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00000000f4e88bd0 CR3: 0000000057aa2000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process b43legacy (pid: 2087, threadinfo ffff810056bd8000, task ffff810037f3d080)
Stack:  ffff81005825e978 ffff81005825c2f0 ffff8100580564c0 ffff81005825c2f0
 ffff810056bd9b60 ffffffff803fe269 ffff810056bd9b80 ffffffff8814d704
 ffff81005825c2f0 ffff810058056640 ffff810056bd9bb0 ffffffff8813cd4f
Call Trace:
 [<ffffffff803fe269>] mutex_unlock+0x9/0xb
 [<ffffffff8814d704>] :mac80211:ieee80211_key_free+0x33/0x37
 [<ffffffff8813cd4f>] :mac80211:sta_info_free+0x92/0xae
 [<ffffffff881427dc>] :mac80211:ieee80211_associated+0x100/0x1ec
 [<ffffffff88143646>] :mac80211:ieee80211_sta_work+0x0/0x182e

The rest of the call trace is available if needed. The crash occurred when ieee80211_key_free was
trying to unlock the mutex key_idx. I added printk's to dump the pointer to sdata at the point where that mutex is initialized and where the key is freed. The mutex that errs was inited.

Note: For this run, I did not have a set_key callback routine defined. I also tried it with a callback routine that immediately returns -ENOSPC. It didn't make any difference.

Please let me know what further debug info you need.

Larry


-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux