Bug#302171: ipw2200-source: Oops in ipw_led_band_on when inserting module

Dimitry Andric Wed, 30 Mar 2005 04:39:19 -0800

Package: ipw2200-source
Version: 1.0.2-1
Severity: important
Tags: patch



-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages ipw2200-source depends on:
ii  debhelper                     4.2.32     helper programs for debian/rules
ii  module-assistant              0.8.2      tool to make module package creati

-- no debconf information
Subject: ipw2200-source: Oops in ipw_led_band_on on inserting module
Package: ipw2200-source
Version: 1.0.2-1
Severity: important
Tags: patch

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages ipw2200-source depends on:
ii  debhelper                     4.2.32     helper programs for debian/rules
ii  module-assistant              0.8.2      tool to make module package creati

-- no debconf information

After building a deb package from ipw2200-source 1.0.2-1, and
inserting the ipw2200 module, I get the following Oops:

ieee80211_crypt: registered algorithm 'NULL'
ipw2200: Intel(R) PRO/Wireless 2200/2915 Network Driver, 1.0.2
ipw2200: Copyright(c) 2003-2004 Intel Corporation
ACPI: PCI interrupt 0000:02:03.0[A] -> GSI 5 (level, low) -> IRQ 5
ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
Unable to handle kernel NULL pointer dereference at virtual address 00000060
 printing eip:
e0bf3106
*pde = 00000000
Oops: 0000 [#1]
PREEMPT 
Modules linked in: ipw2200 ieee80211 ieee80211_crypt rfcomm l2cap ipv6 pcmcia 
thermal fan button processor ac battery af_packet parport_pc parport pcspkr rtc 
yenta_socket pcmcia_core snd_intel8x0m joydev usbhid hci_usb bluetooth uhci_hcd 
pci_hotplug intel_agp agpgart tg3 firmware_class snd_intel8x0 snd_ac97_codec 
snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc 
ehci_hcd usbcore mousedev evdev tsdev capability commoncap psmouse ide_cd cdrom 
reiserfs ide_disk ide_generic piix ide_core unix fbcon font bitblit vesafb 
cfbcopyarea cfbimgblt cfbfillrect
CPU:    0
EIP:    0060:[pg0+545530118/1069863936]    Not tainted VLI
EFLAGS: 00010096   (2.6.10-1-686) 
EIP is at ipw_led_band_on+0x66/0x250 [ipw2200]
eax: 00000000   ebx: da138464   ecx: 00000040   edx: ffffffbf
esi: da138464   edi: 08003600   ebp: d69da000   esp: d69dbde8
ds: 007b   es: 007b   ss: 0068
Process modprobe (pid: 6629, threadinfo=d69da000 task=df384ac0)
Stack: da138464 00300004 00000000 00000000 00000000 00000000 00000000 00000246 
       00000000 da138464 00000000 d69da000 e0bfe237 da138464 da138c44 00000006 
       d69dbe44 c01164b7 da138464 00000001 da138464 da138000 e0bfe458 da138464 
Call Trace:
 [pg0+545575479/1069863936] ipw_up+0x187/0x1d0 [ipw2200]
 [__wake_up_locked+39/48] __wake_up_locked+0x27/0x30
 [pg0+545576024/1069863936] ipw_net_init+0xd8/0x100 [ipw2200]
 [__down_failed_trylock+7/12] __down_failed_trylock+0x7/0xc
 [register_netdevice+91/800] register_netdevice+0x5b/0x320
 [register_netdev+87/144] register_netdev+0x57/0x90
 [pg0+545577375/1069863936] ipw_pci_probe+0x51f/0x6e0 [ipw2200]
 [pci_device_probe_static+82/112] pci_device_probe_static+0x52/0x70
 [__pci_device_probe+60/80] __pci_device_probe+0x3c/0x50
 [pci_device_probe+44/80] pci_device_probe+0x2c/0x50
 [driver_probe_device+47/128] driver_probe_device+0x2f/0x80
 [driver_attach+92/160] driver_attach+0x5c/0xa0
 [bus_add_driver+157/208] bus_add_driver+0x9d/0xd0
 [driver_register+47/64] driver_register+0x2f/0x40
 [pci_register_driver+100/144] pci_register_driver+0x64/0x90
 [pg0+541999147/1069863936] ipw_init+0x2b/0x7e [ipw2200]
 [sys_init_module+355/528] sys_init_module+0x163/0x210
 [syscall_call+7/11] syscall_call+0x7/0xb
Code: 30 c3 9c 8f 44 24 1c fa bd 00 e0 ff ff 21 e5 ff 45 14 89 1c 24 b8 04 00 
30 00 89 44 24 04 e8 82 74 ff ff 89 c7 8b 83 f8 05 00 00 <0f> b6 40 60 3c 01 0f 
84 96 01 00 00 3c 04 0f 84 43 01 00 00 8b 
 <6>note: modprobe[6629] exited with preempt_count 1
scheduling while atomic: modprobe/0x00000001/6629
 [schedule+1330/1344] schedule+0x532/0x540
 [unmap_page_range+83/128] unmap_page_range+0x53/0x80
 [unmap_vmas+438/464] unmap_vmas+0x1b6/0x1d0
 [exit_mmap+125/352] exit_mmap+0x7d/0x160
 [mmput+55/160] mmput+0x37/0xa0
 [do_exit+367/1152] do_exit+0x16f/0x480
 [die+395/400] die+0x18b/0x190
 [printk+23/32] printk+0x17/0x20
 [do_page_fault+580/1502] do_page_fault+0x244/0x5de
 [do_page_fault+0/1502] do_page_fault+0x0/0x5de
 [error_code+43/48] error_code+0x2b/0x30
 [pg0+545530118/1069863936] ipw_led_band_on+0x66/0x250 [ipw2200]
 [pg0+545575479/1069863936] ipw_up+0x187/0x1d0 [ipw2200]
 [__wake_up_locked+39/48] __wake_up_locked+0x27/0x30
 [pg0+545576024/1069863936] ipw_net_init+0xd8/0x100 [ipw2200]
 [__down_failed_trylock+7/12] __down_failed_trylock+0x7/0xc
 [register_netdevice+91/800] register_netdevice+0x5b/0x320
 [register_netdev+87/144] register_netdev+0x57/0x90
 [pg0+545577375/1069863936] ipw_pci_probe+0x51f/0x6e0 [ipw2200]
 [pci_device_probe_static+82/112] pci_device_probe_static+0x52/0x70
 [__pci_device_probe+60/80] __pci_device_probe+0x3c/0x50
 [pci_device_probe+44/80] pci_device_probe+0x2c/0x50
 [driver_probe_device+47/128] driver_probe_device+0x2f/0x80
 [driver_attach+92/160] driver_attach+0x5c/0xa0
 [bus_add_driver+157/208] bus_add_driver+0x9d/0xd0
 [driver_register+47/64] driver_register+0x2f/0x40
 [pci_register_driver+100/144] pci_register_driver+0x64/0x90
 [pg0+541999147/1069863936] ipw_init+0x2b/0x7e [ipw2200]
 [sys_init_module+355/528] sys_init_module+0x163/0x210
 [syscall_call+7/11] syscall_call+0x7/0xb

This is due to the following code in ipw2200.c, in the function
ipw_led_band_on:

void ipw_led_band_on(struct ipw_priv *priv)
{
[...]
        if (priv->assoc_network->mode == IEEE_A) {

In this case priv->assoc_network turns out to be NULL, so you get an
Oops as long as you're not associated.  And this is quite likely if
you're just loading the module. :)

I'm not sure if ipw_led_band_on() should be called at all while the
module is still initializing, but it shouldn't die on NULL pointers
either.

I'll attach a simple patch for this, which I also submitted upstream,
here: 

  
https://sourceforge.net/tracker/index.php?func=detail&aid=1169698&group_id=108390&atid=650334

# ipw2200-1.0.2-assoc-oops.patch
#
# Try fixing an Oops in ipw2200.c, when inserting the module.  If no
# network is associated yet, the ipw_led_band_on() function will
# attempt to access a NULL pointer via ipw_priv::assoc_network.
#
# It's questionable if ipw_led_band_on() should be called at all,
# while the module is still initializing, but in any case, this patch
# makes ipw_led_band_on() detect a NULL priv->assoc_network, and
# simply turns the LEDs off in that case.
#
# Dimitry Andric <[EMAIL PROTECTED]>, 2005-03-20 13:38:36

diff -urNd a/ipw2200.c b/ipw2200.c
--- a/ipw2200.c 2005-03-26 20:48:36.000000000 +0100
+++ b/ipw2200.c 2005-04-06 13:36:54.354084544 +0200
@@ -3566,7 +3566,11 @@
        spin_lock_irqsave(&priv->lock, flags);
 
        led = ipw_read_reg32(priv, CX2_EVENT_REG);
-       if (priv->assoc_network->mode == IEEE_A) {
+       if (priv->assoc_network == NULL) {
+               led &= priv->led_ofdm_off;
+               led &= priv->led_association_off;
+               IPW_DEBUG_LED("Mode LED Off\n");
+       } else if (priv->assoc_network->mode == IEEE_A) {
                led |= priv->led_ofdm_on;
                led &= priv->led_association_off;
                IPW_DEBUG_LED("Mode LED On: 802.11a\n");

Bug#302171: ipw2200-source: Oops in ipw_led_band_on when inserting module

Reply via email to