As indicated by the comment, the aMPDU RX reorder code
should logically be after ieee80211_rx_h_check(). The
previous patch moved the code there, and this patch now
hooks it up in that place by introducing a list of skbs
that are then processed by the remaining handlers. The
list may be empty if the function is buffering the skb
to release it later.
The only change needed to the RX data is that the crypto
handler needs to clear the key that may be set from a
previous loop iteration, and that not everything can be
in the rx flags now.
Signed-off-by: Johannes Berg <[email protected]>
---
v2: ieee80211_rx_reorder_ampdu must not ignore the return
value of ieee80211_sta_manage_reorder_buf()
net/mac80211/ieee80211_i.h | 1
net/mac80211/rx.c | 168 +++++++++++++++++++++++++--------------------
2 files changed, 96 insertions(+), 73 deletions(-)
--- wireless-testing.orig/net/mac80211/rx.c 2009-11-25 16:23:44.000000000 +0100
+++ wireless-testing/net/mac80211/rx.c 2009-11-25 17:43:56.000000000 +0100
@@ -27,10 +27,6 @@
#include "tkip.h"
#include "wme.h"
-static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
- struct sk_buff *skb,
- struct ieee80211_rate *rate);
-
/*
* monitor mode reception
*
@@ -555,7 +551,8 @@ static inline u16 seq_sub(u16 sq1, u16 s
static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
struct tid_ampdu_rx *tid_agg_rx,
- int index)
+ int index,
+ struct sk_buff_head *frames)
{
struct ieee80211_supported_band *sband;
struct ieee80211_rate *rate = NULL;
@@ -571,9 +568,9 @@ static void ieee80211_release_reorder_fr
sband = hw->wiphy->bands[status->band];
if (!(status->flag & RX_FLAG_HT))
rate = &sband->bitrates[status->rate_idx];
- __ieee80211_rx_handle_packet(hw, skb, rate);
tid_agg_rx->stored_mpdu_num--;
tid_agg_rx->reorder_buf[index] = NULL;
+ skb_queue_tail(frames, skb);
no_frame:
tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
@@ -581,14 +578,15 @@ no_frame:
static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
struct tid_ampdu_rx *tid_agg_rx,
- u16 head_seq_num)
+ u16 head_seq_num,
+ struct sk_buff_head *frames)
{
int index;
while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
tid_agg_rx->buf_size;
- ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
+ ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
}
}
@@ -608,7 +606,8 @@ static void ieee80211_release_reorder_fr
*/
static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
struct tid_ampdu_rx *tid_agg_rx,
- struct sk_buff *skb)
+ struct sk_buff *skb,
+ struct sk_buff_head *frames)
{
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
u16 sc = le16_to_cpu(hdr->seq_ctrl);
@@ -632,7 +631,8 @@ static bool ieee80211_sta_manage_reorder
if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) {
head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size));
/* release stored frames up to new head to stack */
- ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num);
+ ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num,
+ frames);
}
/* Now the new frame is always in the range of the reordering buffer */
@@ -687,7 +687,8 @@ static bool ieee80211_sta_manage_reorder
"frames\n",
wiphy_name(hw->wiphy));
#endif
- ieee80211_release_reorder_frame(hw, tid_agg_rx, j);
+ ieee80211_release_reorder_frame(hw, tid_agg_rx,
+ j, frames);
/*
* Increment the head seq# also for the skipped slots.
@@ -697,7 +698,7 @@ static bool ieee80211_sta_manage_reorder
skipped = 0;
}
} else while (tid_agg_rx->reorder_buf[index]) {
- ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
+ ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
tid_agg_rx->buf_size;
}
@@ -709,38 +710,39 @@ static bool ieee80211_sta_manage_reorder
* Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns
* true if the MPDU was buffered, false if it should be processed.
*/
-static bool ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
- struct sk_buff *skb)
+static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
+ struct sk_buff_head *frames)
{
+ struct sk_buff *skb = rx->skb;
+ struct ieee80211_local *local = rx->local;
struct ieee80211_hw *hw = &local->hw;
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- struct sta_info *sta;
+ struct sta_info *sta = rx->sta;
struct tid_ampdu_rx *tid_agg_rx;
u16 sc;
int tid;
if (!ieee80211_is_data_qos(hdr->frame_control))
- return false;
+ goto dont_reorder;
/*
* filter the QoS data rx stream according to
* STA/TID and check if this STA/TID is on aggregation
*/
- sta = sta_info_get(local, hdr->addr2);
if (!sta)
- return false;
+ goto dont_reorder;
tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
- return false;
+ goto dont_reorder;
tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
/* qos null data frames are excluded */
if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
- return false;
+ goto dont_reorder;
/* new, potentially un-ordered, ampdu frame - process it */
@@ -755,10 +757,14 @@ static bool ieee80211_rx_reorder_ampdu(s
ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr,
tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP);
dev_kfree_skb(skb);
- return true;
+ return;
}
- return ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb);
+ if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames))
+ return;
+
+ dont_reorder:
+ __skb_queue_tail(frames, skb);
}
static ieee80211_rx_result debug_noinline
@@ -863,6 +869,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
return RX_CONTINUE;
+ /* start without a key */
+ rx->key = NULL;
+
if (rx->sta)
stakey = rcu_dereference(rx->sta->key);
@@ -1815,7 +1824,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_
}
static ieee80211_rx_result debug_noinline
-ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
+ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
{
struct ieee80211_local *local = rx->local;
struct ieee80211_hw *hw = &local->hw;
@@ -1845,7 +1854,8 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_
TU_TO_EXP_TIME(tid_agg_rx->timeout));
/* release stored frames up to start of BAR */
- ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num);
+ ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num,
+ frames);
kfree_skb(skb);
return RX_QUEUED;
}
@@ -2168,8 +2178,11 @@ static void ieee80211_invoke_rx_handlers
struct sk_buff *skb,
struct ieee80211_rate *rate)
{
+ struct sk_buff_head reorder_release;
ieee80211_rx_result res = RX_DROP_MONITOR;
+ __skb_queue_head_init(&reorder_release);
+
rx->skb = skb;
rx->sdata = sdata;
@@ -2177,50 +2190,72 @@ static void ieee80211_invoke_rx_handlers
do { \
res = rxh(rx); \
if (res != RX_CONTINUE) \
- goto rxh_done; \
+ goto rxh_next; \
} while (0);
+ /*
+ * NB: the rxh_next label works even if we jump
+ * to it from here because then the list will
+ * be empty, which is a trivial check
+ */
CALL_RXH(ieee80211_rx_h_passive_scan)
CALL_RXH(ieee80211_rx_h_check)
- CALL_RXH(ieee80211_rx_h_decrypt)
- CALL_RXH(ieee80211_rx_h_check_more_data)
- CALL_RXH(ieee80211_rx_h_sta_process)
- CALL_RXH(ieee80211_rx_h_defragment)
- CALL_RXH(ieee80211_rx_h_ps_poll)
- CALL_RXH(ieee80211_rx_h_michael_mic_verify)
- /* must be after MMIC verify so header is counted in MPDU mic */
- CALL_RXH(ieee80211_rx_h_remove_qos_control)
- CALL_RXH(ieee80211_rx_h_amsdu)
+
+ ieee80211_rx_reorder_ampdu(rx, &reorder_release);
+
+ while ((skb = __skb_dequeue(&reorder_release))) {
+ /*
+ * all the other fields are valid across frames
+ * that belong to an aMPDU since they are on the
+ * same TID from the same station
+ */
+ rx->skb = skb;
+
+ CALL_RXH(ieee80211_rx_h_decrypt)
+ CALL_RXH(ieee80211_rx_h_check_more_data)
+ CALL_RXH(ieee80211_rx_h_sta_process)
+ CALL_RXH(ieee80211_rx_h_defragment)
+ CALL_RXH(ieee80211_rx_h_ps_poll)
+ CALL_RXH(ieee80211_rx_h_michael_mic_verify)
+ /* must be after MMIC verify so header is counted in MPDU mic */
+ CALL_RXH(ieee80211_rx_h_remove_qos_control)
+ CALL_RXH(ieee80211_rx_h_amsdu)
#ifdef CONFIG_MAC80211_MESH
- if (ieee80211_vif_is_mesh(&sdata->vif))
- CALL_RXH(ieee80211_rx_h_mesh_fwding);
+ if (ieee80211_vif_is_mesh(&sdata->vif))
+ CALL_RXH(ieee80211_rx_h_mesh_fwding);
#endif
- CALL_RXH(ieee80211_rx_h_data)
- CALL_RXH(ieee80211_rx_h_ctrl)
- CALL_RXH(ieee80211_rx_h_action)
- CALL_RXH(ieee80211_rx_h_mgmt)
+ CALL_RXH(ieee80211_rx_h_data)
+
+ /* special treatment -- needs the queue */
+ res = ieee80211_rx_h_ctrl(rx, &reorder_release);
+ if (res != RX_CONTINUE)
+ goto rxh_next;
+
+ CALL_RXH(ieee80211_rx_h_action)
+ CALL_RXH(ieee80211_rx_h_mgmt)
#undef CALL_RXH
- rxh_done:
- switch (res) {
- case RX_DROP_MONITOR:
- I802_DEBUG_INC(sdata->local->rx_handlers_drop);
- if (rx->sta)
- rx->sta->rx_dropped++;
- /* fall through */
- case RX_CONTINUE:
- ieee80211_rx_cooked_monitor(rx, rate);
- break;
- case RX_DROP_UNUSABLE:
- I802_DEBUG_INC(sdata->local->rx_handlers_drop);
- if (rx->sta)
- rx->sta->rx_dropped++;
- dev_kfree_skb(rx->skb);
- break;
- case RX_QUEUED:
- I802_DEBUG_INC(sdata->local->rx_handlers_queued);
- break;
+ rxh_next:
+ switch (res) {
+ case RX_DROP_MONITOR:
+ I802_DEBUG_INC(sdata->local->rx_handlers_drop);
+ if (rx->sta)
+ rx->sta->rx_dropped++;
+ /* fall through */
+ case RX_CONTINUE:
+ ieee80211_rx_cooked_monitor(rx, rate);
+ break;
+ case RX_DROP_UNUSABLE:
+ I802_DEBUG_INC(sdata->local->rx_handlers_drop);
+ if (rx->sta)
+ rx->sta->rx_dropped++;
+ dev_kfree_skb(rx->skb);
+ break;
+ case RX_QUEUED:
+ I802_DEBUG_INC(sdata->local->rx_handlers_queued);
+ break;
+ }
}
}
@@ -2494,20 +2529,7 @@ void ieee80211_rx(struct ieee80211_hw *h
return;
}
- /*
- * In theory, the block ack reordering should happen after duplicate
- * removal (ieee80211_rx_h_check(), which is an RX handler). As such,
- * the call to ieee80211_rx_reorder_ampdu() should really be moved to
- * happen as a new RX handler between ieee80211_rx_h_check and
- * ieee80211_rx_h_decrypt. This cleanup may eventually happen, but for
- * the time being, the call can be here since RX reorder buf processing
- * will implicitly skip duplicates. We could, in theory at least,
- * process frames that ieee80211_rx_h_passive_scan would drop (e.g.,
- * frames from other than operational channel), but that should not
- * happen in normal networks.
- */
- if (!ieee80211_rx_reorder_ampdu(local, skb))
- __ieee80211_rx_handle_packet(hw, skb, rate);
+ __ieee80211_rx_handle_packet(hw, skb, rate);
rcu_read_unlock();
--- wireless-testing.orig/net/mac80211/ieee80211_i.h 2009-11-25 16:23:43.000000000 +0100
+++ wireless-testing/net/mac80211/ieee80211_i.h 2009-11-25 16:24:18.000000000 +0100
@@ -164,6 +164,7 @@ typedef unsigned __bitwise__ ieee80211_r
#define IEEE80211_RX_RA_MATCH BIT(1)
#define IEEE80211_RX_AMSDU BIT(2)
#define IEEE80211_RX_FRAGMENTED BIT(3)
+/* only add flags here that do not change with subframes of an aMPDU */
struct ieee80211_rx_data {
struct sk_buff *skb;
Hi Johannes,
On Thu, 2009-12-03 at 11:14 -0800, Johannes Berg wrote:
> ---
> net/mac80211/rx.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- wireless-testing.orig/net/mac80211/rx.c 2009-12-03 20:13:44.000000000 +0100
> +++ wireless-testing/net/mac80211/rx.c 2009-12-03 20:13:50.000000000 +0100
> @@ -570,7 +570,7 @@ static void ieee80211_release_reorder_fr
> rate = &sband->bitrates[status->rate_idx];
> tid_agg_rx->stored_mpdu_num--;
> tid_agg_rx->reorder_buf[index] = NULL;
> - skb_queue_tail(frames, skb);
> + __skb_queue_tail(frames, skb);
>
> no_frame:
> tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
>
>
Thank you very much for looking into this so promptly. This patch fixes
the problem.
Tested-by: Reinette Chatre <[email protected]>
Reinette
On Thu, 2009-12-03 at 10:13 -0800, reinette chatre wrote:
> I bisected a hang problem to this patch. When associating to an 11n AP
> (tested on 5GHz), ping works fine, but trying to copy a large file
> causes the system to freeze (keyboard lights start blinking and system
> unresponsive. Reverting this patch I can copy large files successfully.
Ouch. Thanks for the report/information, I'll look into it promptly.
johannes
On Thu, 2009-12-03 at 10:13 -0800, reinette chatre wrote:
> [ 729.672010] [<ffffffff812aff1b>] skb_queue_tail+0x2b/0x60
> [ 729.672010] [<ffffffffa04b11f5>] ieee80211_release_reorder_frame+0x35/0x50 [mac80211]
So Christian beat me to looking at the trace and pointed out that
skb_queue_tail has no business here, we've intentionally not initialised
the spinlock. The patch below should fix it. I suppose I never had
actual reordering in my tests.
johannes
---
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- wireless-testing.orig/net/mac80211/rx.c 2009-12-03 20:13:44.000000000 +0100
+++ wireless-testing/net/mac80211/rx.c 2009-12-03 20:13:50.000000000 +0100
@@ -570,7 +570,7 @@ static void ieee80211_release_reorder_fr
rate = &sband->bitrates[status->rate_idx];
tid_agg_rx->stored_mpdu_num--;
tid_agg_rx->reorder_buf[index] = NULL;
- skb_queue_tail(frames, skb);
+ __skb_queue_tail(frames, skb);
no_frame:
tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
Hi Johannes,
On Wed, 2009-11-25 at 08:46 -0800, Johannes Berg wrote:
> As indicated by the comment, the aMPDU RX reorder code
> should logically be after ieee80211_rx_h_check(). The
> previous patch moved the code there, and this patch now
> hooks it up in that place by introducing a list of skbs
> that are then processed by the remaining handlers. The
> list may be empty if the function is buffering the skb
> to release it later.
>
> The only change needed to the RX data is that the crypto
> handler needs to clear the key that may be set from a
> previous loop iteration, and that not everything can be
> in the rx flags now.
>
> Signed-off-by: Johannes Berg <[email protected]>
I bisected a hang problem to this patch. When associating to an 11n AP
(tested on 5GHz), ping works fine, but trying to copy a large file
causes the system to freeze (keyboard lights start blinking and system
unresponsive. Reverting this patch I can copy large files successfully.
This is also described in
http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2126.
Here is the panic:
[ 729.671546] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 729.671656] IP: [<ffffffff81074b89>] __bfs+0xc9/0x270
[ 729.671729] PGD 0
[ 729.671796] Oops: 0000 [#1] SMP
[ 729.671900] last sysfs file: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0A:00/power_supply/BAT0/energy_full
[ 729.671939] CPU 0
[ 729.672008] Modules linked in: iwlagn iwlcore mac80211 cfg80211 i915 drm_kms_helper drm i2c_algo_bit i2c_core ipv6 acpi_cpufreq cpufreq_userspace cpufreq_powersave cpufreq_ondemand cpufreq_conservative cpufreq_stats freq_table container sbs sbshc pcmcia joydev arc4 ecb af_packet yenta_socket psmouse rsrc_nonstatic evdev pcspkr serio_raw pcmcia_core iTCO_wdt iTCO_vendor_support intel_agp button battery sony_laptop rfkill tpm_infineon tpm tpm_bios video output ac processor ext3 jbd mbcache sg sr_mod cdrom sd_mod ahci libata scsi_mod ehci_hcd uhci_hcd usbcore thermal fan thermal_sys [last unloaded: cfg80211]
[ 729.672010] Pid: 14639, comm: ssh Not tainted 2.6.32-rc8-wl-60817-gc1f4e0e #96 VGN-Z540N
[ 729.672010] RIP: 0010:[<ffffffff81074b89>] [<ffffffff81074b89>] __bfs+0xc9/0x270
[ 729.672010] RSP: 0018:ffff8800020036e0 EFLAGS: 00010002
[ 729.672010] RAX: ffffffff81af3f30 RBX: ffffffff81af3f20 RCX: ffff880002003760
[ 729.672010] RDX: ffff880002003708 RSI: 0000000000000006 RDI: ffff880002003760
[ 729.672010] RBP: ffff880002003740 R08: 0000000000000001 R09: 0000000000000000
[ 729.672010] R10: ffff8800955f86b0 R11: 0000000000000000 R12: 0000000000000006
[ 729.672010] R13: ffffffff81073810 R14: ffff8800020037a8 R15: 0000000000000000
[ 729.672010] FS: 00007fdf4f7d3710(0000) GS:ffff880002000000(0000) knlGS:0000000000000000
[ 729.672010] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 729.672010] CR2: 0000000000000000 CR3: 0000000079ff7000 CR4: 00000000000006f0
[ 729.672010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 729.672010] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 729.672010] Process ssh (pid: 14639, threadinfo ffff88005a630000, task ffff8800955f8000)
[ 729.672010] Stack:
[ 729.672010] 000000000000b520 ffffffff813624c0 ffff88005a631d50 ffffffff00000001
[ 729.672010] <0> ffff880002003790 ffff880002003760 ffff88000200375c ffff880002003760
[ 729.672010] <0> ffff8800955f86b0 ffffffff814811cd ffff8800955f8000 ffffffff8107a6c0
[ 729.672010] Call Trace:
[ 729.672010] <IRQ>
[ 729.672010] [<ffffffff8107a6c0>] ? check_usage_forwards+0x0/0x110
[ 729.672010] [<ffffffff8107a741>] check_usage_forwards+0x81/0x110
[ 729.672010] [<ffffffff81076210>] mark_lock+0x200/0x640
[ 729.672010] [<ffffffff8107824f>] __lock_acquire+0xabf/0x1d30
[ 729.672010] [<ffffffff8107955b>] lock_acquire+0x9b/0x120
[ 729.672010] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.672010] [<ffffffff813593a1>] _spin_lock_irqsave+0x41/0x60
[ 729.672010] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.672010] [<ffffffff81359130>] ? _spin_unlock_irqrestore+0x40/0x60
[ 729.672010] [<ffffffff812aff1b>] skb_queue_tail+0x2b/0x60
[ 729.672010] [<ffffffffa04b11f5>] ieee80211_release_reorder_frame+0x35/0x50 [mac80211]
[ 729.672010] [<ffffffffa04b2f0c>] ieee80211_invoke_rx_handlers+0xb8c/0x1990 [mac80211]
[ 729.672010] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.672010] [<ffffffff81358f30>] ? _write_unlock_irqrestore+0x40/0x60
[ 729.672010] [<ffffffff810768bb>] ? trace_hardirqs_on_caller+0x6b/0x190
[ 729.672010] [<ffffffff810769ed>] ? trace_hardirqs_on+0xd/0x10
[ 729.672010] [<ffffffffa04b3db6>] ? ieee80211_rx+0xa6/0x8f0 [mac80211]
[ 729.672010] [<ffffffffa04b3fef>] ieee80211_rx+0x2df/0x8f0 [mac80211]
[ 729.672010] [<ffffffffa04b3db6>] ? ieee80211_rx+0xa6/0x8f0 [mac80211]
[ 729.672010] [<ffffffff812af1c7>] ? skb_copy_bits+0x167/0x2b0
[ 729.672010] [<ffffffffa04fd2f1>] iwl_rx_reply_rx+0x571/0xee0 [iwlcore]
[ 729.672010] [<ffffffff8100efb5>] ? dump_trace+0x105/0x2c0
[ 729.672010] [<ffffffff811dceb9>] ? debug_dma_unmap_page+0x59/0x60
[ 729.672010] [<ffffffffa0557e89>] iwl_rx_handle+0x149/0x670 [iwlagn]
[ 729.672010] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.672010] [<ffffffffa0559afc>] iwl_irq_tasklet+0x2ec/0x1320 [iwlagn]
[ 729.672010] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.672010] [<ffffffff8104b1d9>] ? tasklet_action+0x49/0xe0
[ 729.672010] [<ffffffff8104b260>] tasklet_action+0xd0/0xe0
[ 729.672010] [<ffffffff8104c78b>] __do_softirq+0xcb/0x200
[ 729.672010] [<ffffffff8100d09c>] call_softirq+0x1c/0x50
[ 729.672010] [<ffffffff8100e80d>] do_softirq+0x7d/0xb0
[ 729.672010] [<ffffffff8104c2c5>] irq_exit+0x95/0xa0
[ 729.672010] [<ffffffff8135e485>] do_IRQ+0x75/0xf0
[ 729.672010] [<ffffffff8100c893>] ret_from_intr+0x0/0xf
[ 729.672010] <EOI>
[ 729.672010] [<ffffffff8102eccd>] ? flush_tlb_page+0x7d/0x90
[ 729.672010] [<ffffffff8102ec98>] ? flush_tlb_page+0x48/0x90
[ 729.672010] [<ffffffff810f508d>] ? move_page_tables+0x2cd/0x4c0
[ 729.672010] [<ffffffff810f5133>] ? move_page_tables+0x373/0x4c0
[ 729.672010] [<ffffffff810f5879>] ? do_mremap+0x5f9/0x7a0
[ 729.672010] [<ffffffff810f5a7f>] ? sys_mremap+0x5f/0x90
[ 729.672010] [<ffffffff8100bedb>] ? system_call_fastpath+0x16/0x1b
[ 729.672010] Code: 0a 89 05 bb f5 da 00 48 8b 41 10 48 85 c0 0f 84 2e 01 00 00 48 8d 98 70 01 00 00 48 05 80 01 00 00 45 85 c0 48 0f 44 d8 4c 8b 3b <49> 8b 07 49 39 df 0f 18 08 74 a4 4c 89 f8 48 2d c0 c2 76 81 48
[ 729.672010] RIP [<ffffffff81074b89>] __bfs+0xc9/0x270
[ 729.672010] RSP <ffff8800020036e0>
[ 729.672010] CR2: 0000000000000000
[ 729.672010] ---[ end trace 73a47421077c9586 ]---
[ 729.672010] Kernel panic - not syncing: Fatal exception in interrupt
[ 729.672010] Pid: 14639, comm: ssh Tainted: G D 2.6.32-rc8-wl-60817-gc1f4e0e #96
[ 729.672010] Call Trace:
[ 729.672010] <IRQ> [<ffffffff81355ad6>] panic+0x78/0x136
[ 729.672010] [<ffffffff8135a752>] oops_end+0xe2/0xf0
[ 729.672010] [<ffffffff8102aab2>] no_context+0xf2/0x260
[ 729.672010] [<ffffffff8129f7a5>] ? led_trigger_event+0x85/0x90
[ 729.672010] [<ffffffff8102ad45>] __bad_area_nosemaphore+0x125/0x1e0
[ 729.672010] [<ffffffffa04b4f47>] ? __ieee80211_tx+0x147/0x1a0 [mac80211]
[ 729.672010] [<ffffffff8102ae13>] bad_area_nosemaphore+0x13/0x20
[ 729.672010] [<ffffffff8135c174>] do_page_fault+0x2d4/0x380
[ 729.672010] [<ffffffff81073810>] ? usage_match+0x0/0x20
[ 729.672010] [<ffffffff8135994f>] page_fault+0x1f/0x30
[ 729.672010] [<ffffffff81073810>] ? usage_match+0x0/0x20
[ 729.672010] [<ffffffff81074b89>] ? __bfs+0xc9/0x270
[ 729.672010] [<ffffffff8107a6c0>] ? check_usage_forwards+0x0/0x110
[ 729.672010] [<ffffffff8107a741>] check_usage_forwards+0x81/0x110
[ 729.672010] [<ffffffff81076210>] mark_lock+0x200/0x640
[ 729.672010] [<ffffffff8107824f>] __lock_acquire+0xabf/0x1d30
[ 729.672010] [<ffffffff8107955b>] lock_acquire+0x9b/0x120
[ 729.672010] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.672010] [<ffffffff813593a1>] _spin_lock_irqsave+0x41/0x60
[ 729.672010] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.672010] [<ffffffff81359130>] ? _spin_unlock_irqrestore+0x40/0x60
[ 729.672010] [<ffffffff812aff1b>] skb_queue_tail+0x2b/0x60
[ 729.672010] [<ffffffffa04b11f5>] ieee80211_release_reorder_frame+0x35/0x50 [mac80211]
[ 729.672010] [<ffffffffa04b2f0c>] ieee80211_invoke_rx_handlers+0xb8c/0x1990 [mac80211]
[ 729.672010] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.672010] [<ffffffff81358f30>] ? _write_unlock_irqrestore+0x40/0x60
[ 729.672010] [<ffffffff810768bb>] ? trace_hardirqs_on_caller+0x6b/0x190
[ 729.672010] [<ffffffff810769ed>] ? trace_hardirqs_on+0xd/0x10
[ 729.672010] [<ffffffffa04b3db6>] ? ieee80211_rx+0xa6/0x8f0 [mac80211]
[ 729.672010] [<ffffffffa04b3fef>] ieee80211_rx+0x2df/0x8f0 [mac80211]
[ 729.672010] [<ffffffffa04b3db6>] ? ieee80211_rx+0xa6/0x8f0 [mac80211]
[ 729.672010] [<ffffffff812af1c7>] ? skb_copy_bits+0x167/0x2b0
[ 729.672010] [<ffffffffa04fd2f1>] iwl_rx_reply_rx+0x571/0xee0 [iwlcore]
[ 729.672010] [<ffffffff8100efb5>] ? dump_trace+0x105/0x2c0
[ 729.672010] [<ffffffff811dceb9>] ? debug_dma_unmap_page+0x59/0x60
[ 729.672010] [<ffffffffa0557e89>] iwl_rx_handle+0x149/0x670 [iwlagn]
[ 729.672010] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.672010] [<ffffffffa0559afc>] iwl_irq_tasklet+0x2ec/0x1320 [iwlagn]
[ 729.672010] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.672010] [<ffffffff8104b1d9>] ? tasklet_action+0x49/0xe0
[ 729.672010] [<ffffffff8104b260>] tasklet_action+0xd0/0xe0
[ 729.672010] [<ffffffff8104c78b>] __do_softirq+0xcb/0x200
[ 729.672010] [<ffffffff8100d09c>] call_softirq+0x1c/0x50
[ 729.672010] [<ffffffff8100e80d>] do_softirq+0x7d/0xb0
[ 729.672010] [<ffffffff8104c2c5>] irq_exit+0x95/0xa0
[ 729.672010] [<ffffffff8135e485>] do_IRQ+0x75/0xf0
[ 729.672010] [<ffffffff8100c893>] ret_from_intr+0x0/0xf
[ 729.672010] <EOI> [<ffffffff8102eccd>] ? flush_tlb_page+0x7d/0x90
[ 729.672010] [<ffffffff8102ec98>] ? flush_tlb_page+0x48/0x90
[ 729.672010] [<ffffffff810f508d>] ? move_page_tables+0x2cd/0x4c0
[ 729.672010] [<ffffffff810f5133>] ? move_page_tables+0x373/0x4c0
[ 729.672010] [<ffffffff810f5879>] ? do_mremap+0x5f9/0x7a0
[ 729.672010] [<ffffffff810f5a7f>] ? sys_mremap+0x5f/0x90
[ 729.672010] [<ffffffff8100bedb>] ? system_call_fastpath+0x16/0x1b
[ 729.682892] ------------[ cut here ]------------
[ 729.682936] WARNING: at /home/rchatre/iwlwifi-2.6/arch/x86/kernel/smp.c:117 native_smp_send_reschedule+0x54/0x60()
[ 729.682976] Hardware name: VGN-Z540N
[ 729.683014] Modules linked in: iwlagn iwlcore mac80211 cfg80211 i915 drm_kms_helper drm i2c_algo_bit i2c_core ipv6 acpi_cpufreq cpufreq_userspace cpufreq_powersave cpufreq_ondemand cpufreq_conservative cpufreq_stats freq_table container sbs sbshc pcmcia joydev arc4 ecb af_packet yenta_socket psmouse rsrc_nonstatic evdev pcspkr serio_raw pcmcia_core iTCO_wdt iTCO_vendor_support intel_agp button battery sony_laptop rfkill tpm_infineon tpm tpm_bios video output ac processor ext3 jbd mbcache sg sr_mod cdrom sd_mod ahci libata scsi_mod ehci_hcd uhci_hcd usbcore thermal fan thermal_sys [last unloaded: cfg80211]
[ 729.685583] Pid: 14639, comm: ssh Tainted: G D 2.6.32-rc8-wl-60817-gc1f4e0e #96
[ 729.685623] Call Trace:
[ 729.685663] <IRQ> [<ffffffff81044deb>] warn_slowpath_common+0x7b/0xc0
[ 729.685750] [<ffffffff81044e44>] warn_slowpath_null+0x14/0x20
[ 729.685793] [<ffffffff810213d4>] native_smp_send_reschedule+0x54/0x60
[ 729.685838] [<ffffffff81030048>] resched_task+0x68/0x70
[ 729.685882] [<ffffffff81036ae9>] check_preempt_wakeup+0x1c9/0x240
[ 729.685926] [<ffffffff810402ff>] try_to_wake_up+0x1af/0x250
[ 729.685970] [<ffffffff810403b2>] default_wake_function+0x12/0x20
[ 729.686014] [<ffffffff810637d6>] autoremove_wake_function+0x16/0x40
[ 729.686057] [<ffffffff8102f8f9>] __wake_up_common+0x59/0x90
[ 729.686100] [<ffffffff81036088>] __wake_up+0x48/0x70
[ 729.686151] [<ffffffffa040aa91>] i915_driver_irq_handler+0x3c1/0x5b0 [i915]
[ 729.686196] [<ffffffff810a42d0>] handle_IRQ_event+0x50/0x160
[ 729.686240] [<ffffffff810a63bd>] handle_edge_irq+0xcd/0x170
[ 729.686283] [<ffffffff8100e862>] handle_irq+0x22/0x30
[ 729.686327] [<ffffffff8135e47c>] do_IRQ+0x6c/0xf0
[ 729.686372] [<ffffffff8100c893>] ret_from_intr+0x0/0xf
[ 729.686417] [<ffffffff81355b70>] ? panic+0x112/0x136
[ 729.686459] [<ffffffff81355b73>] ? panic+0x115/0x136
[ 729.686502] [<ffffffff81355b70>] ? panic+0x112/0x136
[ 729.686545] [<ffffffff8135a752>] ? oops_end+0xe2/0xf0
[ 729.686589] [<ffffffff8102aab2>] ? no_context+0xf2/0x260
[ 729.686632] [<ffffffff8129f7a5>] ? led_trigger_event+0x85/0x90
[ 729.686676] [<ffffffff8102ad45>] ? __bad_area_nosemaphore+0x125/0x1e0
[ 729.686724] [<ffffffffa04b4f47>] ? __ieee80211_tx+0x147/0x1a0 [mac80211]
[ 729.686769] [<ffffffff8102ae13>] ? bad_area_nosemaphore+0x13/0x20
[ 729.686813] [<ffffffff8135c174>] ? do_page_fault+0x2d4/0x380
[ 729.686858] [<ffffffff81073810>] ? usage_match+0x0/0x20
[ 729.686884] [<ffffffff8135994f>] ? page_fault+0x1f/0x30
[ 729.686884] [<ffffffff81073810>] ? usage_match+0x0/0x20
[ 729.686884] [<ffffffff81074b89>] ? __bfs+0xc9/0x270
[ 729.686884] [<ffffffff8107a6c0>] ? check_usage_forwards+0x0/0x110
[ 729.686884] [<ffffffff8107a741>] ? check_usage_forwards+0x81/0x110
[ 729.686884] [<ffffffff81076210>] ? mark_lock+0x200/0x640
[ 729.686884] [<ffffffff8107824f>] ? __lock_acquire+0xabf/0x1d30
[ 729.686884] [<ffffffff8107955b>] ? lock_acquire+0x9b/0x120
[ 729.686884] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.686884] [<ffffffff813593a1>] ? _spin_lock_irqsave+0x41/0x60
[ 729.686884] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.686884] [<ffffffff81359130>] ? _spin_unlock_irqrestore+0x40/0x60
[ 729.686884] [<ffffffff812aff1b>] ? skb_queue_tail+0x2b/0x60
[ 729.686884] [<ffffffffa04b11f5>] ? ieee80211_release_reorder_frame+0x35/0x50 [mac80211]
[ 729.686884] [<ffffffffa04b2f0c>] ? ieee80211_invoke_rx_handlers+0xb8c/0x1990 [mac80211]
[ 729.686884] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.686884] [<ffffffff81358f30>] ? _write_unlock_irqrestore+0x40/0x60
[ 729.686884] [<ffffffff810768bb>] ? trace_hardirqs_on_caller+0x6b/0x190
[ 729.686884] [<ffffffff810769ed>] ? trace_hardirqs_on+0xd/0x10
[ 729.686884] [<ffffffffa04b3db6>] ? ieee80211_rx+0xa6/0x8f0 [mac80211]
[ 729.686884] [<ffffffffa04b3fef>] ? ieee80211_rx+0x2df/0x8f0 [mac80211]
[ 729.686884] [<ffffffffa04b3db6>] ? ieee80211_rx+0xa6/0x8f0 [mac80211]
[ 729.686884] [<ffffffff812af1c7>] ? skb_copy_bits+0x167/0x2b0
[ 729.686884] [<ffffffffa04fd2f1>] ? iwl_rx_reply_rx+0x571/0xee0 [iwlcore]
[ 729.686884] [<ffffffff8100efb5>] ? dump_trace+0x105/0x2c0
[ 729.686884] [<ffffffff811dceb9>] ? debug_dma_unmap_page+0x59/0x60
[ 729.686884] [<ffffffffa0557e89>] ? iwl_rx_handle+0x149/0x670 [iwlagn]
[ 729.686884] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.686884] [<ffffffffa0559afc>] ? iwl_irq_tasklet+0x2ec/0x1320 [iwlagn]
[ 729.686884] [<ffffffff810766bc>] ? mark_held_locks+0x6c/0xa0
[ 729.686884] [<ffffffff8104b1d9>] ? tasklet_action+0x49/0xe0
[ 729.686884] [<ffffffff8104b260>] ? tasklet_action+0xd0/0xe0
[ 729.686884] [<ffffffff8104c78b>] ? __do_softirq+0xcb/0x200
[ 729.686884] [<ffffffff8100d09c>] ? call_softirq+0x1c/0x50
[ 729.686884] [<ffffffff8100e80d>] ? do_softirq+0x7d/0xb0
[ 729.686884] [<ffffffff8104c2c5>] ? irq_exit+0x95/0xa0
[ 729.686884] [<ffffffff8135e485>] ? do_IRQ+0x75/0xf0
[ 729.686884] [<ffffffff8100c893>] ? ret_from_intr+0x0/0xf
[ 729.686884] <EOI> [<ffffffff8102eccd>] ? flush_tlb_page+0x7d/0x90
[ 729.686884] [<ffffffff8102ec98>] ? flush_tlb_page+0x48/0x90
[ 729.686884] [<ffffffff810f508d>] ? move_page_tables+0x2cd/0x4c0
[ 729.686884] [<ffffffff810f5133>] ? move_page_tables+0x373/0x4c0
[ 729.686884] [<ffffffff810f5879>] ? do_mremap+0x5f9/0x7a0
[ 729.686884] [<ffffffff810f5a7f>] ? sys_mremap+0x5f/0x90
[ 729.686884] [<ffffffff8100bedb>] ? system_call_fastpath+0x16/0x1b
[ 729.686884] ---[ end trace 73a47421077c9587 ]---
Reinette