Bug 90331

Summary: p54usb kernel panic on recent mainline kernels
Product: Drivers Reporter: Christopher Chavez (chrischavez)
Component: network-wirelessAssignee: drivers_network-wireless (drivers_network-wireless)
Status: RESOLVED CODE_FIX    
Severity: normal CC: chunkeey, kvalo, Larry.Finger, linville
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.17-rc1 Subsystem:
Regression: Yes Bisected commit-id:

Description Christopher Chavez 2014-12-26 04:11:33 UTC
Kernel panic occurs for devices using p54usb on recent mainline kernels: cf. mailing list discussion http://thread.gmane.org/gmane.linux.kernel.wireless.general/132327/

Currently bisecting near 3.17-rc1.

In my case, the panic seems to occur as soon as connecting to an AP using WPA2.

For another's case, not until long packet transmission. Quote:
>
>I did not get the entire traceback, but I got a reference to
>p54_tx_80211+0x3de 
>from p54common.ko. Using gdb to disassemble this reference, the erring code is 
>as follows:
>
>(gdb) l *p54_tx_80211+0x3de
>0x3c9e is in p54_tx_80211 (drivers/net/wireless/p54/txrx.c:913).
>908                             memcpy(skb_put(skb, 8),
>&(info->control.hw_key->key
>909                                    
>[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]), 8);
>910                     }
>911                     /* reserve some space for ICV */
>912                     len += info->control.hw_key->icv_len;
>913                     memset(skb_put(skb, info->control.hw_key->icv_len), 0,
>914                            info->control.hw_key->icv_len);
>915             } else {
>916                     txhdr->key_type = 0;
>917                     txhdr->key_len = 0;
>
>At present I do not know why there is a problem with skb_put() here. Perhaps 
>someone else will know before I find it.
Comment 1 Larry Finger 2014-12-29 00:42:57 UTC
Christian Lamparter has a fix for this that will be sent to Kalle in the near future. This bug report can be marked RESOLVED/CODE FIX and closed.