Return-path: <linux-wireless-owner@vger.kernel.org>
Received: from wolverine02.qualcomm.com ([199.106.114.251]:42361 "EHLO
	wolverine02.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752220Ab2A3TOV (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Mon, 30 Jan 2012 14:14:21 -0500
Message-ID: <4F26EC06.4050503@qca.qualcomm.com> (sfid-20120130_201424_763671_84F36AC1)
Date: Mon, 30 Jan 2012 21:14:14 +0200
From: Kalle Valo <kvalo@qca.qualcomm.com>
MIME-Version: 1.0
To: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
CC: <linux-wireless@vger.kernel.org>, <ath6kl-devel@qualcomm.com>
Subject: Re: [PATCH V2] ath6kl: Fix kernel panic during rx aggregation
References: <1327564038-2455-1-git-send-email-vthiagar@qca.qualcomm.com>
In-Reply-To: <1327564038-2455-1-git-send-email-vthiagar@qca.qualcomm.com>
Content-Type: text/plain; charset="ISO-8859-1"
Sender: linux-wireless-owner@vger.kernel.org
List-ID: <linux-wireless.vger.kernel.org>

On 01/26/2012 09:47 AM, Vasanthakumar Thiagarajan wrote:
> "ath6kl: Define a structure for connection specific aggregation information"
> introduces this. In aggr_conn_init(), vif->aggr_cntxt is assigned to
> aggr_conn->aggr_info, but vif->aggr_cntxt is not initialized at this
> point, this would end up accessing an invalid pointer in aggregation
> receive path. Fix this by passing the correct aggr_info to aggr_conn_init().
> The panic trace would look like.
> 
> [<ffffffff8159e02e>] panic+0xa1/0x1c6
> [<ffffffff8103773d>] ? kmsg_dump+0xfd/0x160
> [<ffffffff815a2f6a>] oops_end+0xea/0xf0
> [<ffffffff8102b95d>] no_context+0x11d/0x2d0
> [<ffffffff8102bc5d>] __bad_area_nosemaphore+0x14d/0x230
> [<ffffffff815a5c4d>] ? do_page_fault+0x30d/0x520
> [<ffffffff8102bd53>] bad_area_nosemaphore+0x13/0x20
> [<ffffffff815a5cfd>] do_page_fault+0x3bd/0x520
> [<ffffffff8108bd60>] ? __lock_acquire+0x320/0x1680
> [<ffffffff812e3a9d>] ? trace_hardirqs_off_thunk+0x3a/0x3c
> [<ffffffff815a2385>] page_fault+0x25/0x30
> [<ffffffffa0487a5f>] ? aggr_slice_amsdu+0xdf/0x170 [ath6kl_core]
> [<ffffffffa0487bac>] aggr_deque_frms+0xbc/0x190 [ath6kl_core]
> [<ffffffffa0488404>] ath6kl_rx+0x3e4/0xae0 [ath6kl_core]
> [<ffffffffa047ae77>] ath6kl_htc_rxmsg_pending_handler+0x8b7/0xf10 [ath6kl_core]
> [<ffffffffa00c82f0>] ? mmc_do_release_host+0x70/0x90 [mmc_core]
> [<ffffffffa00c833a>] ? mmc_release_host+0x2a/0x50 [mmc_core]
> [<ffffffffa04865c0>] ? ath6kl_alloc_amsdu_rxbuf+0x140/0x140 [ath6kl_core]
> [<ffffffffa0477772>] ath6kl_hif_intr_bh_handler+0x362/0x510 [ath6kl_core]
> [<ffffffffa01f1000>] ath6kl_sdio_irq_handler+0x60/0xb0 [ath6kl_sdio]
> [<ffffffffa00d30bc>] sdio_irq_thread+0xec/0x320 [mmc_core]
> [<ffffffffa00d2fd0>] ? sdio_claim_irq+0x220/0x220 [mmc_core]
> [<ffffffffa00d2fd0>] ? sdio_claim_irq+0x220/0x220 [mmc_core]
> [<ffffffff8105b21e>] kthread+0xbe/0xd0
> [<ffffffff815ab574>] kernel_thread_helper+0x4/0x10
> [<ffffffff815a2174>] ? retint_restore_args+0x13/0x13
> [<ffffffff8105b160>] ? __init_kthread_worker+0x70/0x70
> [<ffffffff815ab570>] ? gs_change+0x13/0x13
> 
> Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>

Thanks, applied.

Kalle