diff mbox

kernel panic with time-stamping in phy devices (monitor mode)

Message ID 1291307884.2871.69.camel@edumazet-laptop
State RFC, archived
Delegated to: David Miller
Headers show

Commit Message

Eric Dumazet Dec. 2, 2010, 4:38 p.m. UTC 
Le jeudi 02 décembre 2010 à 08:05 -0800, Andrew Watts a écrit :
> Hi.
> 
> The 'time stamping in phy devices' code introduced in 2.6.36
> (c1f19b51d1d87f3e3bb7e6648f43f7d57ed2da6b et al.) triggers
> kernel panics when wireless devices are placed in monitor mode
> (tested with b43 and ath5k devices on a 32-bit system).
> 
> To reproduce, set CONFIG_NETWORK_PHY_TIMESTAMPING=y and put a
> wireless device into monitor mode:
> 
>  # ifconfig wlan0 down
>  # iwconfig wlan0 mode monitor 
>  # ifconfig wlan0 up
> 
> ~ Andy
> 
> ==============
> 
>  [<c14455ad>] ? __alloc_skb+0x53/0xf8
>  [<f92fdd57>] ? b43_dma_rx+0x18a/0x342 [b43]
>  [<f92e8475>] ? b43_do_interrupt_thread+0x420/0x92e [b43]
>  [<c1027731>] ? __dequeue_entity+0x31/0x35
>  [<c1027a44>] ? set_next_entity+0xad/0xbb
>  [<f92e899b>] ? b43_interrupt_thread_handler+0x18/0x2b [b43]
>  [<c107c378>] ? irq_thread+0xb6/0x19e
>  [<c15625a0>] ? schedule+0x254/0x566
>  [<c107c2c2>] ? irq_thread+0x0/0x19e
>  [<c10448b1>] ? kthread+0x67/0x69
>  [<c104484a>] ? kthread+0x0/0x69
>  [<c100323e>] ? kernel_thread_helper+0x6/0x18
> Code: 4c 24 14 8b 88 a8 00 00 00 89 4c 24 10 89 54 24 0c 8b
> 40 50 89 44 24 08 8b 45 04 89 44 24 04 c7 04 24 30 74 7a c1
> e8 b5 d2 11 00 <0f> 0b eb fe 55 89 e5 56 53 83 ec 24 8b 88
> a0 00 00 00 8b 58 54
> EIP: [<c1444ea0>] skb_push+0x7d/0x81 SS:ESP 0068:cee01d78
> ---[ end trace af1c99818e62b195 ]---
> Kernel panic - not syncing: Fatal exception in interrupt
> Pid: 6674, comm: irq/18-b43 Tainted: G     D     2.6.36.1
> Call Trace:
>  [<c156217d>] ? printk+0x28/0x2a
>  [<c156205c>] panic+0x57/0x150
>  [<c1564adf>] oops_begin+0x0/0x40
>  [<c1004e36>] die+0x49/0x5d
>  [<c1564304>] do_trap+0x84/0xad
>  [<c10037e5>] ? do_invalid_op+0x0/0x93
>  [<c100386b>] do_invalid_op+0x86/0x93
>  [<c1444ea0>] ? skb_push+0x7d/0x81
>  [<c15640b9>] error_code+0x65/0x6c
>  [<c1444ea0>] ? skb_push+0x7d/0x81
>  [<c145f721>] ? skb_defer_rx_timestamp+0x12/0x5a
>  [<c145f721>] skb_defer_rx_timestamp+0x12/0x5a
>  [<c144d23c>] netif_receive_skb+0x1f/0x47
>  [<c153a6e8>] ieee80211_rx+0x661/0x8e1
>  [<f85daca2>] ? ssb_pci_read32+0x19/0x31 [ssb]
>  [<f92e54cf>] ? b43_tsf_read+0x2a/0x47 [b43]
>  [<f92f8d42>] b43_rx+0x24c/0x5eb [b43]
>  [<c14455ad>] ? __alloc_skb+0x53/0xf8
>  [<f92fdd57>] b43_dma_rx+0x18a/0x342 [b43]
>  [<f92e8475>] b43_do_interrupt_thread+0x420/0x92e [b43]
>  [<c1027731>] ? __dequeue_entity+0x31/0x35
>  [<c1027a44>] ? set_next_entity+0xad/0xbb
>  [<f92e899b>] b43_interrupt_thread_handler+0x18/0x2b [b43]
>  [<c107c378>] irq_thread+0xb6/0x19e
>  [<c15625a0>] ? schedule+0x254/0x566
>  [<c107c2c2>] ? irq_thread+0x0/0x19e
>  [<c10448b1>] kthread+0x67/0x69
>  [<c104484a>] ? kthread+0x0/0x69
>  [<c100323e>] kernel_thread_helper+0x6/0x18
> 
> 

Thanks for the report

Please try following patch.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Andrew Watts Dec. 2, 2010, 6:21 p.m. UTC | #1 
--- On Thu, 12/2/10, Eric Dumazet <eric.dumazet@gmail.com> wrote:

> Le jeudi 02 décembre 2010 à 08:05
> -0800, Andrew Watts a écrit :
> > Hi.
> > 
> > The 'time stamping in phy devices' code introduced in
> 2.6.36
> > (c1f19b51d1d87f3e3bb7e6648f43f7d57ed2da6b et al.)
> triggers
> > kernel panics when wireless devices are placed in
> monitor mode
> > (tested with b43 and ath5k devices on a 32-bit
> system).
> > 
> > To reproduce, set CONFIG_NETWORK_PHY_TIMESTAMPING=y
> and put a
> > wireless device into monitor mode:
> > 
> >  # ifconfig wlan0 down
> >  # iwconfig wlan0 mode monitor 
> >  # ifconfig wlan0 up
> > 
> > ~ Andy
> > 
> > ==============
> > 
> >  [<c14455ad>] ? __alloc_skb+0x53/0xf8
> >  [<f92fdd57>] ? b43_dma_rx+0x18a/0x342
> [b43]
> >  [<f92e8475>] ?
> b43_do_interrupt_thread+0x420/0x92e [b43]
> >  [<c1027731>] ? __dequeue_entity+0x31/0x35
> >  [<c1027a44>] ? set_next_entity+0xad/0xbb
> >  [<f92e899b>] ?
> b43_interrupt_thread_handler+0x18/0x2b [b43]
> >  [<c107c378>] ? irq_thread+0xb6/0x19e
> >  [<c15625a0>] ? schedule+0x254/0x566
> >  [<c107c2c2>] ? irq_thread+0x0/0x19e
> >  [<c10448b1>] ? kthread+0x67/0x69
> >  [<c104484a>] ? kthread+0x0/0x69
> >  [<c100323e>] ?
> kernel_thread_helper+0x6/0x18
> > Code: 4c 24 14 8b 88 a8 00 00 00 89 4c 24 10 89 54 24
> 0c 8b
> > 40 50 89 44 24 08 8b 45 04 89 44 24 04 c7 04 24 30 74
> 7a c1
> > e8 b5 d2 11 00 <0f> 0b eb fe 55 89 e5 56 53 83
> ec 24 8b 88
> > a0 00 00 00 8b 58 54
> > EIP: [<c1444ea0>] skb_push+0x7d/0x81 SS:ESP
> 0068:cee01d78
> > ---[ end trace af1c99818e62b195 ]---
> > Kernel panic - not syncing: Fatal exception in
> interrupt
> > Pid: 6674, comm: irq/18-b43 Tainted: G 
>    D     2.6.36.1
> > Call Trace:
> >  [<c156217d>] ? printk+0x28/0x2a
> >  [<c156205c>] panic+0x57/0x150
> >  [<c1564adf>] oops_begin+0x0/0x40
> >  [<c1004e36>] die+0x49/0x5d
> >  [<c1564304>] do_trap+0x84/0xad
> >  [<c10037e5>] ? do_invalid_op+0x0/0x93
> >  [<c100386b>] do_invalid_op+0x86/0x93
> >  [<c1444ea0>] ? skb_push+0x7d/0x81
> >  [<c15640b9>] error_code+0x65/0x6c
> >  [<c1444ea0>] ? skb_push+0x7d/0x81
> >  [<c145f721>] ?
> skb_defer_rx_timestamp+0x12/0x5a
> >  [<c145f721>]
> skb_defer_rx_timestamp+0x12/0x5a
> >  [<c144d23c>] netif_receive_skb+0x1f/0x47
> >  [<c153a6e8>] ieee80211_rx+0x661/0x8e1
> >  [<f85daca2>] ? ssb_pci_read32+0x19/0x31
> [ssb]
> >  [<f92e54cf>] ? b43_tsf_read+0x2a/0x47
> [b43]
> >  [<f92f8d42>] b43_rx+0x24c/0x5eb [b43]
> >  [<c14455ad>] ? __alloc_skb+0x53/0xf8
> >  [<f92fdd57>] b43_dma_rx+0x18a/0x342 [b43]
> >  [<f92e8475>]
> b43_do_interrupt_thread+0x420/0x92e [b43]
> >  [<c1027731>] ? __dequeue_entity+0x31/0x35
> >  [<c1027a44>] ? set_next_entity+0xad/0xbb
> >  [<f92e899b>]
> b43_interrupt_thread_handler+0x18/0x2b [b43]
> >  [<c107c378>] irq_thread+0xb6/0x19e
> >  [<c15625a0>] ? schedule+0x254/0x566
> >  [<c107c2c2>] ? irq_thread+0x0/0x19e
> >  [<c10448b1>] kthread+0x67/0x69
> >  [<c104484a>] ? kthread+0x0/0x69
> >  [<c100323e>]
> kernel_thread_helper+0x6/0x18
> > 
> > 
> 
> Thanks for the report
> 
> Please try following patch.
> 
> diff --git a/net/core/timestamping.c
> b/net/core/timestamping.c
> index dac7ed6..a710ab0 100644
> --- a/net/core/timestamping.c
> +++ b/net/core/timestamping.c
> @@ -96,7 +96,10 @@ bool skb_defer_rx_timestamp(struct
> sk_buff *skb)
>      struct phy_device *phydev;
>      unsigned int type;
>  
> -    skb_push(skb, ETH_HLEN);
> +    if (skb->data - ETH_HLEN <
> skb->head)
> +        return false;
> +
> +    __skb_push(skb, ETH_HLEN);
>  
>      type = classify(skb);
>   

I can confirm that I get no kernel panics after
applying that patch.

~ Andy



      
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Richard Cochran Dec. 4, 2010, 7:57 a.m. UTC | #2 
Date: Sat, 4 Dec 2010 08:55:04 +0100
From: Richard Cochran <richardcochran@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Andrew Watts <akwatts@ymail.com>, netdev@vger.kernel.org,
	David Miller <davem@davemloft.net>
Subject: Re: kernel panic with time-stamping in phy devices (monitor mode)
Message-ID: <20101204075503.GA3490@riccoc20.at.omicron.at>
References: <252997.92320.qm@web111013.mail.gq1.yahoo.com>
 <1291307884.2871.69.camel@edumazet-laptop>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1291307884.2871.69.camel@edumazet-laptop>
User-Agent: Mutt/1.5.20 (2009-06-14)

Ugh, new kernel code with no users is already causing trouble!

On Thu, Dec 02, 2010 at 05:38:04PM +0100, Eric Dumazet wrote:
> Thanks for the report
> 
> Please try following patch.

And thank you, Eric, for the quick patch.

Can this fix go into 2.6.37, please?

Thanks,
Richard
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Dumazet Dec. 4, 2010, 8:17 a.m. UTC | #3 
Le samedi 04 décembre 2010 à 08:57 +0100, Richard Cochran a écrit :
> Date: Sat, 4 Dec 2010 08:55:04 +0100
> From: Richard Cochran <richardcochran@gmail.com>
> To: Eric Dumazet <eric.dumazet@gmail.com>
> Cc: Andrew Watts <akwatts@ymail.com>, netdev@vger.kernel.org,
> 	David Miller <davem@davemloft.net>
> Subject: Re: kernel panic with time-stamping in phy devices (monitor mode)
> Message-ID: <20101204075503.GA3490@riccoc20.at.omicron.at>
> References: <252997.92320.qm@web111013.mail.gq1.yahoo.com>
>  <1291307884.2871.69.camel@edumazet-laptop>
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> In-Reply-To: <1291307884.2871.69.camel@edumazet-laptop>
> User-Agent: Mutt/1.5.20 (2009-06-14)
> 
> Ugh, new kernel code with no users is already causing trouble!
> 
> On Thu, Dec 02, 2010 at 05:38:04PM +0100, Eric Dumazet wrote:
> > Thanks for the report
> > 
> > Please try following patch.
> 
> And thank you, Eric, for the quick patch.
> 
> Can this fix go into 2.6.37, please?

Sure, I'll submit to David today, thanks !


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Andrew Watts Dec. 4, 2010, 8:46 p.m. UTC | #4 
--- On Sat, 12/4/10, Eric Dumazet wrote:

> From: Eric Dumazet <eric.dumazet@gmail.com>
> Subject: Re: kernel panic with time-stamping in phy devices (monitor mode)
> To: "Richard Cochran" <richardcochran@gmail.com>
> Cc: "Andrew Watts" <akwatts@ymail.com>, netdev@vger.kernel.org, "David Miller" <davem@davemloft.net>
> Date: Saturday, December 4, 2010, 8:17 AM
> Le samedi 04 décembre 2010 à 08:57
> +0100, Richard Cochran a écrit :
> > Date: Sat, 4 Dec 2010 08:55:04 +0100
> > From: Richard Cochran <richardcochran@gmail.com>
> > To: Eric Dumazet <eric.dumazet@gmail.com>
> > Cc: Andrew Watts <akwatts@ymail.com>,
> netdev@vger.kernel.org,
> >     David Miller <davem@davemloft.net>
> > Subject: Re: kernel panic with time-stamping in phy
> devices (monitor mode)
> > Message-ID: <20101204075503.GA3490@riccoc20.at.omicron.at>
> > References: <252997.92320.qm@web111013.mail.gq1.yahoo.com>
> > 
> <1291307884.2871.69.camel@edumazet-laptop>
> > MIME-Version: 1.0
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > In-Reply-To:
> <1291307884.2871.69.camel@edumazet-laptop>
> > User-Agent: Mutt/1.5.20 (2009-06-14)
> > 
> > Ugh, new kernel code with no users is already causing
> trouble!
> > 
> > On Thu, Dec 02, 2010 at 05:38:04PM +0100, Eric Dumazet
> wrote:
> > > Thanks for the report
> > > 
> > > Please try following patch.
> > 
> > And thank you, Eric, for the quick patch.
> > 
> > Can this fix go into 2.6.37, please?
> 
> Sure, I'll submit to David today, thanks !
> 

Eric, I echo the thanks on the lightning patch.
Impressive turnaround!

There's an open bug report on the kernel's bugzilla
for 2.6.36 (#24102). What is the best way to tie these
together?

~ Andy



      
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/core/timestamping.c b/net/core/timestamping.c
index dac7ed6..a710ab0 100644
--- a/net/core/timestamping.c
+++ b/net/core/timestamping.c
@@ -96,7 +96,10 @@  bool skb_defer_rx_timestamp(struct sk_buff *skb)
 	struct phy_device *phydev;
 	unsigned int type;
 
-	skb_push(skb, ETH_HLEN);
+	if (skb->data - ETH_HLEN < skb->head)
+		return false;
+
+	__skb_push(skb, ETH_HLEN);
 
 	type = classify(skb);