Re: Wireless-testing's b43 panics in b43_generate_txhdr on packettransmit
From: Johannes Berg
Date: Mon Jun 02 2008 - 08:34:09 EST
On Sat, 2008-05-31 at 19:54 +0200, Michael Buesch wrote:
> On Saturday 31 May 2008 18:50:36 Pavel Roskin wrote:
> > On Sat, 2008-05-31 at 18:41 +0200, Michael Buesch wrote:
> > > On Saturday 31 May 2008 18:34:29 Stefanik GÃbor wrote:
> > > > "BUG: unable to handle kernel NULL pointer dereference at 00000004
> > > > IP: [<f8dd3a99>] :b43:b43_generate_txhdr+0x6a9/0x790
> > >
> > > So can you put a few printks into the function to see where it dereferences
> > > a NULL pointer? (or use gdb to lookup the offset).
> >
> > u8 key_idx = info->control.hw_key->hw_key_idx;
> >
> > info->control.hw_key is NULL.
>
> Is a NULL pointer supposed to tell "do not encrypt", or is this a mac80211 bug?
It looks like a mac80211 bug, but I can't see how we get there.
If you look at mac80211's tx.c, you'll see, in
ieee80211_tx_h_select_key:
if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT;
Hence, I haven't got a clue how you can possibly get into the situation
we have here, even with packet injection. Unless it's a different
version of mac80211 or something.
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part