lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CALAqxLV4zqq1RTkeAi3DV_bxOMt9YKOcqUDWj7XNqH=YCxwYaw@mail.gmail.com>
Date:	Wed, 27 Jul 2016 20:46:58 -0700
From:	John Stultz <john.stultz@...aro.org>
To:	Maxim Altshul <maxim.altshul@...com>,
	Kalle Valo <kvalo@...eaurora.org>
Cc:	lkml <linux-kernel@...r.kernel.org>
Subject: [REGRESSION] wlcore wlcore_op_get_expected_throughput null ptr dereference

So after rebasing my HiKey tree ontop of Linus' HEAD today, I started
having trouble with the wlcore wifi.

The first issue was that the firmware I was using was deemed too old,
but after updating to .69, I then started hitting null pointer crashes
when wifi was initialized.


[    7.326224] wlcore: wl18xx HW: 183x or 180x, PG 2.2 (ROM 0x11)
[    7.336328] wlcore: loaded
...
[   26.254559] wlcore: PHY firmware version: Rev 8.2.0.0.236
[   26.308764] wlcore: firmware booted (Rev 8.9.0.0.69)
...
[   60.297307] wlan0: send auth to 04:a1:51:da:5b:a7 (try 1/3)
[   60.316271] wlan0: authenticated
[   60.320853] wl18xx_driver wl18xx.2.auto wlan0: disabling HT as
WMM/QoS is not supported by the AP
[   60.329858] wl18xx_driver wl18xx.2.auto wlan0: disabling VHT as
WMM/QoS is not supported by the AP
[   60.342624] wlan0: associate with 04:a1:51:da:5b:a7 (try 1/3)
[   60.352475] wlan0: RX AssocResp from 04:a1:51:da:5b:a7
(capab=0x1411 status=0 aid=1)
[   60.417880] wlan0: associated
[   60.444554] wlcore: Association completed.
[   60.507987] Unable to handle kernel NULL pointer dereference at
virtual address 00000aea
[   60.516180] pgd = ffffffc07365b000
[   60.519645] [00000aea] *pgd=0000000000000000, *pud=0000000000000000
[   60.526027] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[   60.531616] CPU: 0 PID: 2306 Comm: wpa_supplicant Not tainted
4.7.0-05982-g3bd0464 #550
[   60.539623] Hardware name: HiKey Development Board (DT)
[   60.544853] task: ffffffc0788fa580 ti: ffffffc058be4000 task.ti:
ffffffc058be4000
[   60.552357] PC is at wlcore_op_get_expected_throughput+0xc/0x1c
[   60.558287] LR is at sta_set_sinfo+0x608/0x7d0
[   60.562735] pc : [<ffffff80085dd404>] lr : [<ffffff80089424bc>]
pstate: 80000145
[   60.570132] sp : ffffffc058be7640
[   60.573448] x29: ffffffc058be7640 x28: ffffffc058be4000
[   60.578776] x27: ffffffc0481211f8 x26: 0000000000000008
[   60.584103] x25: 00000000ffff161d x24: ffffffc0481217f8
[   60.589430] x23: 0000000000000000 x22: ffffffc0792d86e0
[   60.594756] x21: ffffffc0784e6880 x20: ffffffc048121000
[   60.600083] x19: ffffffc058be7720 x18: 00000000ffffffff
[   60.605409] x17: 0000000000000000 x16: ffffff80081bdcd8
[   60.610735] x15: 00000000004fbc5c x14: 0000000000000241
[   60.616061] x13: aaaaaaaaaaaaaaab x12: ffffff8008f79000
[   60.621388] x11: ffffffc058be73c8 x10: 0000000000000860
[   60.626714] x9 : ffffffc058be4000 x8 : 0000000040000000
[   60.632039] x7 : 0000000000210d00 x6 : ffffffc048121448
[   60.637366] x5 : ffffffc058be7a70 x4 : 000000000000001e
[   60.642692] x3 : 000000000000000a x2 : 0000000000000000
[   60.648017] x1 : 0000000000000000 x0 : 0000000000000000
[   60.653342]
[   60.654836] Process wpa_supplicant (pid: 2306, stack limit =
0xffffffc058be4020)
[   60.662236] Stack: (0xffffffc058be7640 to 0xffffffc058be8000)
...
[   61.278789] Call trace:
[   61.281232] Exception stack(0xffffffc058be7470 to 0xffffffc058be75a0)
[   61.287669] 7460:
ffffffc058be7720 0000008000000000
[   61.295497] 7480: ffffffc058be7640 ffffff80085dd404
ffffff80081081f8 ffffffc058be74f0
[   61.303325] 74a0: ffffffc058be74e0 ffffff80081081f8
ffffffc058be74d0 ffffff800899cd68
[   61.311152] 74c0: ffffffc058be74d0 ffffff800810758c
ffffffc058be74e0 ffffff800899cf10
[   61.318980] 74e0: ffffffc058be74f0 ffffff800810823c
ffffffc058be7570 ffffff80081083c0
[   61.326806] 7500: 0000000000000140 ffffffc07856d400
0000000000000000 0000000000000000
[   61.334633] 7520: 0000000000000000 000000000000000a
000000000000001e ffffffc058be7a70
[   61.342461] 7540: ffffffc048121448 0000000000210d00
0000000040000000 ffffffc058be4000
[   61.350289] 7560: 0000000000000860 ffffffc058be73c8
ffffff8008f79000 aaaaaaaaaaaaaaab
[   61.358117] 7580: 0000000000000241 00000000004fbc5c
ffffff80081bdcd8 0000000000000000
[   61.365946] [<ffffff80085dd404>] wlcore_op_get_expected_throughput+0xc/0x1c
[   61.372908] [<ffffff8008955470>] ieee80211_get_station+0x4c/0x6c
[   61.378915] [<ffffff800892722c>] nl80211_get_station+0x68/0x144
[   61.384835] [<ffffff800879e35c>] genl_family_rcv_msg+0x1ec/0x340
[   61.390838] [<ffffff800879e540>] genl_rcv_msg+0x90/0xd8
[   61.396059] [<ffffff800879dc68>] netlink_rcv_skb+0xec/0x100
[   61.401627] [<ffffff800879e15c>] genl_rcv+0x34/0x48
[   61.406501] [<ffffff800879c4a8>] netlink_unicast+0x164/0x258
[   61.412156] [<ffffff800879cd0c>] netlink_sendmsg+0x310/0x374
[   61.417812] [<ffffff800874f6d4>] sock_sendmsg+0x44/0x50
[   61.423033] [<ffffff800874f9e8>] ___sys_sendmsg+0x24c/0x25c
[   61.428601] [<ffffff8008750e2c>] __sys_sendmsg+0x44/0x88
[   61.433907] [<ffffff8008750e80>] SyS_sendmsg+0x10/0x20
[   61.439043] [<ffffff8008082ef0>] el0_svc_naked+0x24/0x28
[   61.444352] Code: d65f03c0 39438001 f9407800 8b011c00 (396ba801)
[   61.450537] ---[ end trace d464b2870b6d1378 ]---


Digging in it seems like commit 5f6d4ca3c196814bef0cbbb195acd9ecc178588b
("wlcore: Add support for get_expected_throughput opcode") is to
blame, and reverting that seems to resolve the issue.

thanks
-john

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ