[Madwifi-devel] BSD Branch --- problem with ath_rate/onoe/onoe.c
Status: Beta
Brought to you by:
otaku
Menu
▾
▴
[Madwifi-devel] BSD Branch --- problem with ath_rate/onoe/onoe.c
|
From: John C. <jc...@me...> - 2005-04-27 16:10:06
|
I had a consistent kernel panic in the rate update routine found in the following file: ath_rate/onoe/onoe.c The first few lines of the panic are: CPU: 0 EIP: 0060:[<d001623f>] Tainted: P VLI EFLAGS: 00010206 (2.6.11.6) EIP is at ath_rate_update+0xbf/0x210 [ath_rate_onoe] eax: d005f1b4 ebx: ceaeadfc ecx: ceaeac00 edx: cee38000 esi: 00000008 edi: d005e5a0 ebp: c0443ed0 esp: c0443ec4 ds: 007b es: 007b ss: 0068 Process swapper (pid: 0, threadinfo=c0442000 task=c03b0b20) Stack: ceaeadfc 00000008 cee38000 c0443ef8 d00166ae cee38000 ceaeac00 00000008 00000001 ceaead15 ceaeac00 00000445 cee38000 c0443f20 d006a26e cee38000 ceaeac00 cee38000 d00165e0 cee38d8c cee38640 cced5340 d0016820 On looking at the code in 'onoe.c', I found that on of the arrays used to find index values is initialized with '0xff'. At some point in time later, during rate adjustments, an element in that array is picked up and is 0xff. However, this index is used in an array which is only 32 elements long, and the 0xff value causes an illegal pointer to be calculated. It just so happend that in my kernel environment the 'illegal address' was on a page which the kernel faulted on, causing the panic. The following is a diff of my 'fix' and the original cvs code: diff -r onoe/onoe.c /projects/kernel/madwifi-bsd-cvs-20050425/ath_rate/onoe/onoe.c 217a218,220 > > /* XXXX */ if ( on->on_tx_rix0 >= 32 ) goto done; > 219d221 < |