lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081003180930.GD3368@tuxdriver.com>
Date:	Fri, 3 Oct 2008 14:09:31 -0400
From:	"John W. Linville" <linville@...driver.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Steven Noonan <steven@...inklabs.net>,
	linux-kernel@...r.kernel.org, ath9k-devel@...ts.ath9k.org,
	lrodriguez@...eros.com, linux-wireless@...r.kernel.org
Subject: Re: ath9k: panic on tip/master

On Fri, Oct 03, 2008 at 11:35:23AM -0400, John W. Linville wrote:
> On Fri, Oct 03, 2008 at 12:02:11PM +0200, Ingo Molnar wrote:
> > 
> > * Steven Noonan <steven@...inklabs.net> wrote:
> > 
> > > Hey folks,
> > > 
> > > Just got a panic on tip. According to the stack trace, ath9k is what 
> > > decided to bomb.
> > > 
> > > http://www.uplinklabs.net/~tycho/linux/ath9k_panic_tip_10.3.2008.jpg
> > > 
> > > Note: Although it says 'sudo modprobe radeon' on the bash prompt above 
> > > the panic, I never got to hit 'enter' on that command before the panic 
> > > occurred.
> > 
> > it appears to me that ath9k's eth_rx_input() takes a spinlock that is 
> > not initialized (or already destroyed by the allocator).
>  
> Seems reasonable...
> 
> > this would be consistent with an IRQ storm hitting some race in the 
> > ath9k driver init sequence. For example if request_irq() is done before 
> > all structures that the IRQ handler relies on are properly initialized.
> > 
> > i.e. this has the signature of a genuine ath9k bug.
> 
> Agreed, although I don't see anything specifically relating to
> request_irq or the like.
> 
> I think the spin_lock call may actually be in ath_ampdu_input (called
> from ath_rx_input), which perhaps is getting called simultaneous
> with ath_rx_node_init still running?  With no locks in between them,
> it seems like this could be the culprit?
> 
> Sorry to not be more immediately helpful, but I'm going to have to
> run in a few minutes.  Perhaps this insight is helpful for someone
> more familiar with the internals of this driver?

This is probably a dead-end...I don't think the ath_node_find
in ath__rx_indicate will be able to find the ath_node used
in ath_ampdu_input unless ath_rx_node_init had already complete.
Back to square one...

John
-- 
John W. Linville		Linux should be at the core
linville@...driver.com			of your literate lifestyle.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ