[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1257151742.3555.165.camel@johannes.local>
Date: Mon, 02 Nov 2009 09:49:02 +0100
From: Johannes Berg <johannes@...solutions.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Jeff Chua <jeff.chua.linux@...il.com>,
"John W. Linville" <linville@...driver.com>,
Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: wpa2 hangs v2.6.32-rc5-402-gb6727b1. Revert
7d930bc33653d5592dc386a76a38f39c2e962344 fixed it.
On Sun, 2009-11-01 at 16:53 -0800, Linus Torvalds wrote:
> That decodes to
>
> cfg80211_conn_work+89:
>
> 3: 89 ef mov %ebp,%edi
> 5: e8 6f be 41 e1 callq 0xffffffffe141be79
> a: 48 8b 43 20 mov 0x20(%rbx),%rax
> e: f6 40 48 01 testb $0x1,0x48(%rax)
> 12: 74 5d je 0x71
> 14: 83 bb 8c 00 00 00 01 cmpl $0x1,0x8c(%rbx)
> 1b: 75 54 jne 0x71
> 1d: 48 ?? 50 08 ??? 0x8(%rax) ???? uncertain instruction ????
> 21:* 8b 02 mov (%rdx),%eax <-- trapping instruction
> 23: 41 89 45 00 mov %eax,0x0(%r13)
> 27: 66 8b 42 04 mov 0x4(%rdx),%ax
> 2b: 66 41 89 45 04 mov %ax,0x4(%r13)
> 30: e8 f5 ea ff ff callq 0xffffffffffffeb2a
>
> trace:
> __cfg80111_scan_done
> worker_thread
>
> which looks like it matches this code:
>
> movq %r14, %rdi # D.43604,
> call mutex_lock #
> movq 32(%rbx), %rax # <variable>.netdev, <variable>.netdev
> testb $1, 72(%rax) #, <variable>.state
> je .L215 #,
> cmpl $1, 140(%rbx) #, <variable>.sme_state
> jne .L215 #,
> movq 144(%rbx), %rax # <variable>.conn, <variable>.conn
> movq %rbx, %rdi # wdev,
> movq 8(%rax), %rax # <variable>.params.bssid, <variable>.params.bssid
> movl (%rax), %edx #* <variable>.params.bssid, tmp74
> movl %edx, 0(%r13) # tmp74, bssid
> movw 4(%rax), %ax #, tmp75
> movw %ax, 4(%r13) # tmp75, bssid
> call cfg80211_conn_do_work #
>
> ie it looks like 'conn->params.bssid' is NULL and we oops when we try to
> load bssid from there. The code is:
>
> memcpy(bssid, wdev->conn->params.bssid, ETH_ALEN);
>
> where ETH_ALEN is 6 bytes, so the memcpy is inlined..
>
> And yes, that "memcpy()" was added in that buggy commit.
Indeed, thank you. I'd analysed this before but not made the connection
with Jeff's report.
> So reverting 7d930bc33653d5592dc386a76a38f39c2e962344 is the correct thing
> to do. Or somebody needs to fix that piece-of-shit code.
Yes ... that params.bssid was != NULL was a bad assumption in that
commit. The right thing to do is to add a check and pass NULL through,
like I did here:
http://thread.gmane.org/gmane.linux.kernel.wireless.general/41695
johannes
Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists