Date: Thu, 5 Aug 2010 09:52:16 +0300 From: Alex Kozlov <spam@rm-rf.kiev.ua> To: nox@freebsd.org, rpaulo@freebsd.org, freebsd-net@FreeBSD.org, bug-followup@FreeBSD.org, spam@rm-rf.kiev.ua Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R Message-ID: <20100805065216.GA53036@ravenloft.kiev.ua>
next in thread | raw e-mail | index | archive | help
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
> Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted
> a dump and tried to gather some info for someone who knows the code:
>
> The zero divide fault was because (apparently) rate was unitialized,
> as is
>
> ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
>
> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
This can be mitigated by patch [1] or by setting ucastrate option in
ifconfig. Still real issue need to be solved.
--
Adios
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.txt"
Index: sys/dev/usb/wlan/if_rum.c
@@ -1153,9 +1153,11 @@
rate = params->ibp_rate0;
if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
+ device_printf(sc->sc_dev, "invalid rate=%d\n", rate);
m_freem(m0);
return EINVAL;
}
+
flags = 0;
if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
flags |= RT2573_TX_NEED_ACK;
@@ -1217,6 +1219,13 @@
else
rate = ni->ni_txrate;
+ /* XXX ieee80211_ratectl sometimes set ni->ni_txrate to 0 */
+ if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
+ device_printf(sc->sc_dev, "invalid rate=%d\n", rate);
+ m_freem(m0);
+ return EINVAL;
+ }
+
if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
k = ieee80211_crypto_encap(ni, m0);
if (k == NULL) {
--Q68bSM7Ycu6FN28Q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100805065216.GA53036>