On Mon, Jul 15, 2013 at 11:48:33AM +0200, Felix Fietkau wrote:
> On 2013-07-15 11:35 AM, Krzysztof Mazur wrote:
> > On Mon, Jul 15, 2013 at 11:27:30AM +0200, Krzysztof Mazur wrote:
> >> On Mon, Jul 15, 2013 at 11:06:27AM +0200, Felix Fietkau wrote:
> >> > Please post the actual message output. Saying "it looks like something
> >> > wrong with the rate control mechanism" doesn't give me anything useful
> >> > to work with.
> >> >
> >>
> >> Sorry, I added you to Cc after I removed the original Oops.
> >>
> >
> > On my system the NULL pointer dereference occurs at 0x806389b0,
> > and the minstrel_get_rate() looks like:
> >
> > 80638990 <minstrel_get_rate>:
> > 80638990: 83 ec 1c sub $0x1c,%esp
> > 80638993: 89 7c 24 14 mov %edi,0x14(%esp)
> > 80638997: 8b 7c 24 20 mov 0x20(%esp),%edi
> > 8063899b: 89 5c 24 0c mov %ebx,0xc(%esp)
> > 8063899f: 89 cb mov %ecx,%ebx
> > 806389a1: 89 6c 24 18 mov %ebp,0x18(%esp)
> > 806389a5: 89 c5 mov %eax,%ebp
> > 806389a7: 89 d0 mov %edx,%eax
> > 806389a9: 89 74 24 10 mov %esi,0x10(%esp)
> > 806389ad: 8b 77 0c mov 0xc(%edi),%esi
> > * 806389b0: 0f b6 49 38 movzbl 0x38(%ecx),%ecx *
> > 806389b4: 8d 56 20 lea 0x20(%esi),%edx
> > 806389b7: 89 54 24 04 mov %edx,0x4(%esp)
> > 806389bb: 89 da mov %ebx,%edx
> > 806389bd: 88 4c 24 0b mov %cl,0xb(%esp)
> > 806389c1: 89 f9 mov %edi,%ecx
> > 806389c3: e8 38 2f fe ff call 8061b900 <rate_control_send_low>
> My x86 assembly is a a bit rusty (I usually work with ARM and MIPS), so
> I'm having trouble figuring out the exact line of code here. Please use
> gdb to track it down.
>
The priv_sta is NULL and it's later dereferenced in:
bool prev_sample = mi->prev_sample;
static void
minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
void *priv_sta, struct ieee80211_tx_rate_control *txrc)
{
struct sk_buff *skb = txrc->skb;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct minstrel_sta_info *mi = priv_sta;
struct minstrel_priv *mp = priv;
struct ieee80211_tx_rate *rate = &info->control.rates[0];
struct minstrel_rate *msr, *mr;
unsigned int ndx;
bool mrr_capable;
bool prev_sample = mi->prev_sample;
int delta;
int sampling_ratio;
With:
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index ac7ef54..be17d52 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -290,9 +290,15 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
struct minstrel_rate *msr, *mr;
unsigned int ndx;
bool mrr_capable;
- bool prev_sample = mi->prev_sample;
+ bool prev_sample;
int delta;
int sampling_ratio;
+
+ if (!mi) {
+ printk("Oops, mi is NULL\n");
+ return;
+ }
+ prev_sample = mi->prev_sample;
/* management/no-ack frames do not use rate control */
if (rate_control_send_low(sta, priv_sta, txrc))
the system no longer crashes and just prints a message.
Krzysiek
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
