Hi,
I'm using mac80211/ATH9K driver in monitor mode to inject some packets.
With the latest driver version my packet injector software generated a
kernel panic.
The reason of this crash is:
In mac80211/tx.c, function __ieee80211_tx:
case NL80211_IFTYPE_MONITOR:
if (sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE) {
vif = &sdata->vif;
break;
}
sdata = rcu_dereference(local->monitor_sdata);
if (sdata) {
vif = &sdata->vif;
info->hw_queue =
vif->hw_queue[skb_get_queue_mapping(skb)];
} else if (ieee80211_hw_check(&local->hw,
QUEUE_CONTROL)) {
ieee80211_purge_tx_queue(&local->hw, skbs);
return true;
} else
vif = NULL;
break;
If I don't enable the MONITOR_FLAG_ACTIVE I'm going to the line vif =
null, this function will continue and will call ieee80211_tx_frags and
this function will call ieee80211_drv_tx.
In ieee80211_drv_tx function:
if (pubsta) {
u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
txq = pubsta->txq[tid];
} else if (vif) {
txq = vif->txq;
}
In my case pubsta == null so I'm going to else statement. The line
vif->txq generate kernel pannic because the VIF pointer have been
initialized to null in __ieee80211_tx function.
Do you have any suggestion to fix this crash?
Cedric Voncken.
On Thu, 2015-12-10 at 10:21 +0100, Cedric VONCKEN wrote:
>
> In ieee80211_drv_tx function:
>
> if (pubsta) {
> u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
>
> txq = pubsta->txq[tid];
> } else if (vif) {
> txq = vif->txq;
> }
>
> In my case pubsta == null so I'm going to else statement. The line
> vif->txq generate kernel pannic because the VIF pointer have been
> initialized to null in __ieee80211_tx function.
>
Clearly you must be missing something, since the code is "else if
(vif)"
johannes