lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070528014339.GA6136@atjola.homenet>
Date:	Mon, 28 May 2007 03:43:39 +0200
From:	Björn Steinbrink <B.Steinbrink@....de>
To:	Maximilian Engelhardt <maxi@...monizer.de>
Cc:	linux-kernel <linux-kernel@...r.kernel.org>,
	linux-wireless <linux-wireless@...r.kernel.org>, acme@...hat.com,
	davem@...emloft.net
Subject: Re: Oops with prism54 in 2.6.22-rc3

On 2007.05.26 14:42:30 +0200, Maximilian Engelhardt wrote:
> Hello,
> 
> when using the prism54 driver including in the 2.6.22-rc3 kernel I get this 
> Oops when putting the card into monitor mode:
> 
> BUG: unable to handle kernel NULL pointer dereference at virtual address 
> 000001d8
>  printing eip:
> c0500608
> *pde = 00000000
> Oops: 0002 [#1]
> PREEMPT 
> Modules linked in: fuse
> CPU:    0
> EIP:    0060:[<c0500608>]    Not tainted VLI
> EFLAGS: 00010046   (2.6.22-rc3 #2)
> EIP is at netif_rx+0x48/0xc0
> eax: 00000000   ebx: c18fdbc0   ecx: c087991c   edx: c0879910
> esi: 00000246   edi: f7c68010   ebp: f7fe0ba0   esp: c07bbef0
> ds: 007b   es: 007b   fs: 0000  gs: 0000  ss: 0068
> Process swapper (pid: 0, ti=c07ba000 task=c075a280 task.ti=c07ba000)
> Stack: f7ec0000 00000000 c03d2b8f c07bbf24 00000082 f7c68024 f7fe0800 c18fdbc0 
>        00000070 00000046 00000286 00000286 00000008 00000007 0032dcd5 00000000 
>        f7fe0ba0 00000002 f7fe0800 c03d913d 00000000 00000000 f7f4d2c0 00000000 
> Call Trace:
>  [<c03d2b8f>] islpci_eth_receive+0x12f/0x590
>  [<c03d913d>] islpci_interrupt+0x1cd/0x280
>  [<c0144e15>] handle_IRQ_event+0x25/0x50
>  [<c014669c>] handle_fasteoi_irq+0x5c/0xe0
>  [<c010674a>] do_IRQ+0x4a/0x80
>  [<c010498f>] common_interrupt+0x23/0x28
>  [<c0102b3a>] default_idle+0x2a/0x40
>  [<c01023e3>] cpu_idle+0x43/0x80
>  [<c07bcb2a>] start_kernel+0x21a/0x260
>  [<c07bc450>] unknown_bootoption+0x0/0x260
>  =======================
> Code: c7 43 0c 00 00 00 00 c7 43 10 00 00 00 00 9c 5e fa ff 05 bc 9c 87 c0 a1 
> 0c 99 87 c0 3b 05 c0 4a 7b c0 77 30 85 c0 74 43 8b 43 14 <ff> 80 d8 01 00 00 
> a1 08 99 87 c0 ff 05 0c 99 87 c0 c7 03 04 99 
> EIP: [<c0500608>] netif_rx+0x48/0xc0 SS:ESP 0068:c07bbef0
> Kernel panic - not syncing: Fatal exception in interrupt
> 
> After this the system is frozen. Using kernel 2.6.21 everything works fine, I 
> can capture packets in monitor mode and do not get any Oops.

That's probably due to commit 4c13eb6657fe9ef7b4dc8f1a405c902e9e5234e0,
which moved the setting of skb->dev into eth_type_trans, which is never
called when the card is in monitor mode.

Could you try this patch?


Manually set the device of a skb for prism54 cards that are in monitor
mode as we never call eth_type_trans in that case.

Signed-off-by: Björn Steinbrink <B.Steinbrink@....de>
---
diff --git a/drivers/net/wireless/prism54/islpci_eth.c b/drivers/net/wireless/prism54/islpci_eth.c
index dd070cc..f49eb06 100644
--- a/drivers/net/wireless/prism54/islpci_eth.c
+++ b/drivers/net/wireless/prism54/islpci_eth.c
@@ -378,9 +378,10 @@ islpci_eth_receive(islpci_private *priv)
 	display_buffer((char *) skb->data, skb->len);
 #endif
 	/* take care of monitor mode and spy monitoring. */
-	if (unlikely(priv->iw_mode == IW_MODE_MONITOR))
+	if (unlikely(priv->iw_mode == IW_MODE_MONITOR)) {
+		skb->dev = ndev;
 		discard = islpci_monitor_rx(priv, &skb);
-	else {
+	} else {
 		if (unlikely(skb->data[2 * ETH_ALEN] == 0)) {
 			/* The packet has a rx_annex. Read it for spy monitoring, Then
 			 * remove it, while keeping the 2 leading MAC addr.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ