| Message ID | 1408360749-10233-1-git-send-email-michal.kazior@tieto.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
On Mon, 2014-08-18 at 13:19 +0200, Michal Kazior wrote: > The new_ctx pointer is set only for non-chanctx > drivers. This yielded a crash for chanctx-based > drivers during channel switch finalization: > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 > IP: ieee80211_vif_use_reserved_switch+0x71c/0xb00 [mac80211] > > Use an adequate chanctx pointer to fix this. > > Reported-by: Linus Torvalds <torvalds@linux-foundation.org> > Signed-off-by: Michal Kazior <michal.kazior@tieto.com> > --- > Note: This is based on mac80211-next/master albeit > it should apply cleanly on wireless-next/master > and v3.17-rc1. > > I've verified this fix with iwlmvm & 7260. Cool! I've also tested this (with P2P client) and it works fine. You can add my: Tested-by: Luciano Coelho <luciano.coelho@intel.com> The reason I haven't seen this before is because I've been using 2 channels support with iwlmvm, so we never get an in-place channel switch. :( The normal case is to have single channel support... -- Cheers, Luca. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Aug 18, 2014 at 6:19 AM, Michal Kazior <michal.kazior@tieto.com> wrote: > > I've verified this fix with iwlmvm & 7260. So I'm running a kernel with this manually applied, and so far so good. But I don't know what actually triggered the problem, and it definitely didn't happen all the time, so my testing of this is dubious. But the patch certainly seems to match the symptoms. Thanks, Linus -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Linus, On Mon, 2014-08-18 at 08:53 -0500, Linus Torvalds wrote: > On Mon, Aug 18, 2014 at 6:19 AM, Michal Kazior <michal.kazior@tieto.com> wrote: > > > > I've verified this fix with iwlmvm & 7260. > > So I'm running a kernel with this manually applied, and so far so > good. But I don't know what actually triggered the problem, and it > definitely didn't happen all the time, so my testing of this is > dubious. But the patch certainly seems to match the symptoms. Thanks, What triggers this is a "Channel Switch Announcement" on which the access point tells the clients to move to another channel at a specified time. This is not very common, but some enterprise APs use it to improve the operating radio conditions, for instance. Previously, as a client, we would simply disconnect from the current channel and reconnect on the new channel after the time specified by the AP. Now we implemented a more advanced switch where we don't lose connectivity, but "simply" switch channels. Hope this clarifies a bit. -- Cheers, Luca. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Aug 18, 2014 at 6:19 AM, Michal Kazior <michal.kazior@tieto.com> wrote: > > I've verified this fix with iwlmvm & 7260. So I'm running a kernel with this manually applied, and so far so good. But I don't know what actually triggered the problem, and it definitely didn't happen all the time, so my testing of this is dubious. But the patch certainly seems to match the symptoms. Thanks, Linus -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index f3317fa..7367e66 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c @@ -1353,7 +1353,7 @@ static int ieee80211_vif_use_reserved_switch(struct ieee80211_local *local) list_del(&sdata->reserved_chanctx_list); list_move(&sdata->assigned_chanctx_list, - &new_ctx->assigned_vifs); + &ctx->assigned_vifs); sdata->reserved_chanctx = NULL; ieee80211_vif_chanctx_reservation_complete(sdata);
The new_ctx pointer is set only for non-chanctx drivers. This yielded a crash for chanctx-based drivers during channel switch finalization: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 IP: ieee80211_vif_use_reserved_switch+0x71c/0xb00 [mac80211] Use an adequate chanctx pointer to fix this. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Michal Kazior <michal.kazior@tieto.com> --- Note: This is based on mac80211-next/master albeit it should apply cleanly on wireless-next/master and v3.17-rc1. I've verified this fix with iwlmvm & 7260. net/mac80211/chan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)