Hi,
I've been trying to use bleeding edge wireless-testing on a stable
2.6.33 with a ath9k card. The kernel is x86 (AMD Geode LX) and
all wireless modules are build as .ko-files as far as possible.
Hostapd also starts fine and offers connectivity, though
some simple commands such is iwconfig a causing OOPSses and
some more sophisticated things like wireless vlan separation just does
not work (packages show up in the wrong vlan).
Debugging the OOPs with kgdb turned out that the struct wiphy has been
changed in cfg80211.h since 2.6.33 has been released. The newly build
cfg80211 correctly uses the new definition, though some core
functionality of the kernel still uses the old wiphy struct and
therefore fails to dereference the wext pointer in the wiphy struct.
Please find extracts of .config and kgdb output attached, more
information can be provided upon request.
I'm currently stuck on how to build a 2.6.33 kernel compatible to
wireless-testing drivers. If possible, I'd like to avoid replacing the
entire kernel with an unstable build.
Thanks a lot in advance,
Michael
--
...
>> .config >>
CONFIG_WIRELESS=y
CONFIG_WIRELESS_EXT=y
CONFIG_WEXT_CORE=y
CONFIG_WEXT_PROC=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
CONFIG_CFG80211_REG_DEBUG=y
CONFIG_CFG80211_DEFAULT_PS=y
CONFIG_CFG80211_DEBUGFS=y
# CONFIG_WIRELESS_OLD_REGULATORY is not set
CONFIG_CFG80211_WEXT=y
CONFIG_WIRELESS_EXT_SYSFS=y
CONFIG_LIB80211=m
CONFIG_LIB80211_CRYPT_WEP=m
CONFIG_LIB80211_CRYPT_CCMP=m
CONFIG_LIB80211_CRYPT_TKIP=m
# CONFIG_LIB80211_DEBUG is not set
CONFIG_MAC80211=m
CONFIG_MAC80211_RC_PID=y
CONFIG_MAC80211_RC_MINSTREL=y
# CONFIG_MAC80211_RC_DEFAULT_PID is not set
CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y
CONFIG_MAC80211_RC_DEFAULT="minstrel"
CONFIG_MAC80211_MESH=y
CONFIG_MAC80211_LEDS=y
# CONFIG_MAC80211_DEBUGFS is not set
# CONFIG_MAC80211_DEBUG_MENU is not set
# CONFIG_WIMAX is not set
CONFIG_RFKILL=m
CONFIG_RFKILL_LEDS=y
# CONFIG_RFKILL_INPUT is not set
# CONFIG_NET_9P is not set
...
CONFIG_WLAN=y
# CONFIG_PCMCIA_RAYCS is not set
# CONFIG_LIBERTAS_THINFIRM is not set
# CONFIG_AIRO is not set
# CONFIG_ATMEL is not set
# CONFIG_AT76C50X_USB is not set
# CONFIG_AIRO_CS is not set
# CONFIG_PCMCIA_WL3501 is not set
# CONFIG_PRISM54 is not set
# CONFIG_USB_ZD1201 is not set
# CONFIG_USB_NET_RNDIS_WLAN is not set
# CONFIG_RTL8180 is not set
# CONFIG_RTL8187 is not set
# CONFIG_ADM8211 is not set
# CONFIG_MAC80211_HWSIM is not set
# CONFIG_MWL8K is not set
CONFIG_ATH_COMMON=m
CONFIG_ATH_DEBUG=y
CONFIG_ATH5K=m
CONFIG_ATH5K_DEBUG=y
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_COMMON=m
CONFIG_ATH9K=m
CONFIG_ATH9K_DEBUGFS=y
CONFIG_AR9170_USB=m
CONFIG_AR9170_LEDS=y
# CONFIG_B43 is not set
# CONFIG_B43LEGACY is not set
CONFIG_HOSTAP=m
CONFIG_HOSTAP_FIRMWARE=y
CONFIG_HOSTAP_FIRMWARE_NVRAM=y
# CONFIG_HOSTAP_PLX is not set
# CONFIG_HOSTAP_PCI is not set
# CONFIG_HOSTAP_CS is not set
# CONFIG_IPW2100 is not set
# CONFIG_IPW2200 is not set
# CONFIG_IWLWIFI is not set
# CONFIG_LIBERTAS is not set
# CONFIG_HERMES is not set
# CONFIG_P54_COMMON is not set
# CONFIG_RT2X00 is not set
# CONFIG_WL12XX is not set
# CONFIG_ZD1211RW is not set
...
>> kgdb >>
[ 192.125780] BUG: unable to handle kernel NULL pointer dereference at
00000005
[ 192.126320] IP: [<c03d81bb>] wext_handle_ioctl+0xfb/0x1e7
[ 192.126320] *pde = 00000000
[ 192.126320] Oops: 0000 [#1] PREEMPT
[ 192.126320] last sysfs file: /sys/class/net/lo/operstate
[ 192.126320] KGDB: Waiting for remote debugger
Remote debugging using /dev/ttyS0
get_handler (net=<value optimized out>, ifr=0xcfa77eb8, cmd=35585,
arg=0xbfc59490) at net/wireless/wext-core.c:666
666 if (index < handlers->num_standard)
(gdb) bt full
#0 get_handler (net=<value optimized out>, ifr=0xcfa77eb8, cmd=35585,
arg=0xbfc59490) at net/wireless/wext-core.c:666
index = 1
handlers = 0x1
#1 wireless_process_ioctl (net=<value optimized out>, ifr=0xcfa77eb8,
cmd=35585, arg=0xbfc59490) at net/wireless/wext-core.c:896
iwr = 0xcfa77eb8
dev = 0xcfd01820
handler = <value optimized out>
#2 wext_ioctl_dispatch (net=<value optimized out>, ifr=0xcfa77eb8,
cmd=35585,
arg=0xbfc59490) at net/wireless/wext-core.c:936
No locals.
#3 wext_handle_ioctl (net=<value optimized out>, ifr=0xcfa77eb8,
cmd=35585,
arg=0xbfc59490) at net/wireless/wext-core.c:992
info = {cmd = 35585, flags = 0}
ret = 1
#4 0xc035ac2d in dev_ioctl (net=0xc0588e80, cmd=35585,
arg=<value optimized out>) at net/core/dev.c:4739
ifr = {ifr_ifrn = {
ifrn_name = "wlan0\000ſ\000\000\000\000\000\000\000"},
ifr_ifru = {ifru_addr = {sa_family = 0,
sa_data = '\000' <repeats 13 times>}, ifru_dstaddr = {
sa_family = 0, sa_data = '\000' <repeats 13 times>},
---Type <return> to continue, or q <return> to quit---
ifru_broadaddr = {sa_family = 0,
sa_data = '\000' <repeats 13 times>}, ifru_netmask = {
sa_family = 0, sa_data = '\000' <repeats 13 times>},
ifru_hwaddr = {sa_family = 0,
sa_data = '\000' <repeats 13 times>}, ifru_flags = 0,
ifru_ivalue = 0, ifru_mtu = 0, ifru_map = {mem_start = 0,
mem_end = 0, base_addr = 0, irq = 0 '\000', dma = 0 '\000',
port = 0 '\000'}, ifru_slave = '\000' <repeats 15 times>,
ifru_newname = '\000' <repeats 15 times>, ifru_data = 0x0,
ifru_settings = {type = 0, size = 0, ifs_ifsu = {raw_hdlc =
0x0,
cisco = 0x0, fr = 0x0, fr_pvc = 0x0, fr_pvc_info = 0x0,
sync = 0x0, te1 = 0x0}}}}
ret = <value optimized out>
colon = 0x0
#5 0xc03498dc in sock_ioctl (file=<value optimized out>, cmd=35585, arg=1)
at net/socket.c:941
sock = 0xcfedd000
argp = 0xbfc59490
err = <value optimized out>
#6 0xc0185b09 in vfs_ioctl (filp=0xcfef1740, cmd=35585, arg=3217396880)
at fs/ioctl.c:46
error = <value optimized out>
__func__ = "vfs_ioctl"
---Type <return> to continue, or q <return> to quit---
#7 0xc0186179 in do_vfs_ioctl (filp=0xcfef1740, fd=<value optimized out>,
cmd=3483860664, arg=3217396880) at fs/ioctl.c:604
error = <value optimized out>
argp = 0xbfc59490
#8 0xc01861e5 in sys_ioctl (fd=5, cmd=35585, arg=3217396880) at
fs/ioctl.c:624
filp = 0xcfef1740
error = -9
fput_needed = 0
#9 0xc03e0971 in ?? () at arch/x86/kernel/entry_32.S:541
No locals.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) print *dev
$8 = {name = "wlan0\000\000\000\000\000\000\000\000\000\000", name_hlist = {
next = 0x0, pprev = 0xcf81ecc4}, ifalias = 0x0, mem_end = 0,
mem_start = 0, base_addr = 0, irq = 0, if_port = 0 '\000', dma = 0
'\000',
state = 3, dev_list = {next = 0xcf8b0554, prev = 0xcfcb8ad4},
napi_list = {
next = 0xcfd0185c, prev = 0xcfd0185c}, unreg_list = {next = 0xcfd01864,
prev = 0xcfd01864}, features = 8192, ifindex = 8, iflink = 8, stats = {
rx_packets = 0, tx_packets = 74, rx_bytes = 0, tx_bytes = 5068,
rx_errors = 0, tx_errors = 0, rx_dropped = 0, tx_dropped = 0,
multicast = 0, collisions = 0, rx_length_errors = 0, rx_over_errors
= 0,
rx_crc_errors = 0, rx_frame_errors = 0, rx_fifo_errors = 0,
rx_missed_errors = 0, tx_aborted_errors = 0, tx_carrier_errors = 0,
tx_fifo_errors = 0, tx_heartbeat_errors = 0, tx_window_errors = 0,
rx_compressed = 0, tx_compressed = 0}, wireless_handlers = 0x0,
wireless_data = 0x0, netdev_ops = 0xd1690c60, ethtool_ops = 0xd0db5140,
header_ops = 0xc0412b00, flags = 4355, gflags = 0, priv_flags = 1024,
padded = 24, operstate = 0 '\000', link_mode = 0 '\000', mtu = 1500,
type = 1, hard_header_len = 14, needed_headroom = 53, needed_tailroom
= 18,
master = 0x0,
perm_addr = "\000\016\216\031\356v", '\000' <repeats 25 times>,
addr_len = 6 '\006', dev_id = 0, uc = {list = {next = 0xcfd01928,
prev = 0xcfd01928}, count = 0}, uc_promisc = 0, addr_list_lock = {{
rlock = {raw_lock = {<No data fields>}}}}, mc_list = 0xcfa4f60c,
mc_count = 3, promiscuity = 1, allmulti = 0, atalk_ptr = 0x0,
---Type <return> to continue, or q <return> to quit---
ip_ptr = 0xcf9910a0, dn_ptr = 0x0, ip6_ptr = 0xcf9904e8, ec_ptr = 0x0,
ax25_ptr = 0x0, ieee80211_ptr = 0xcfd01ae8, last_rx = 0,
dev_addr = 0xcf999404 "", dev_addrs = {list = {next = 0xcf9993fc,
prev = 0xcf9993fc}, count = 1},
broadcast = "\377\377\377\377\377\377", '\000' <repeats 25 times>,
rx_queue = {dev = 0xcfd01820, qdisc = 0xc04f5620, state = 0,
qdisc_sleeping = 0xc04f5620, _xmit_lock = {{rlock = {
raw_lock = {<No data fields>}}}}, xmit_lock_owner = -1,
trans_start = 0, tx_bytes = 0, tx_packets = 0, tx_dropped = 0},
_tx = 0xcf999368, num_tx_queues = 4, real_num_tx_queues = 4,
qdisc = 0xcf91d040, tx_queue_len = 1000, tx_global_lock = {{rlock = {
raw_lock = {<No data fields>}}}}, trans_start = 4294828304,
watchdog_timeo = 0, watchdog_timer = {entry = {next = 0x0, prev = 0x0},
expires = 0, function = 0xc036631a <dev_watchdog>, data = 3486521376,
base = 0xc056e400}, refcnt = {counter = 13}, todo_list = {next = 0x0,
prev = 0x0}, index_hlist = {next = 0x0, pprev = 0xcf844024},
link_watch_list = {next = 0xcfd01a04, prev = 0xcfd01a04},
reg_state = NETREG_REGISTERED, destructor = 0xc0356fef <free_netdev>,
ml_priv = 0x0, br_port = 0xcfa06e78, macvlan_port = 0x0, garp_port = 0x0,
dev = {parent = 0xcf845374, p = 0xcf99949c, kobj = {
name = 0xcf999130 "wlan0", entry = {next = 0xcf9fbdd8,
prev = 0xcf905478}, parent = 0xcf843ed4, kset = 0xcf808b04,
ktype = 0xc04f0cac, sd = 0xcf9991cc, kref = {refcount = {counter =
4}},
---Type <return> to continue, or q <return> to quit---
state_initialized = 1, state_in_sysfs = 1, state_add_uevent_sent = 1,
state_remove_uevent_sent = 0, uevent_suppress = 0}, init_name = 0x0,
type = 0xd0db787c, sem = {lock = {{rlock = {
raw_lock = {<No data fields>}}}}, count = 1, wait_list = {
next = 0xcfd01a5c, prev = 0xcfd01a5c}}, bus = 0x0, driver = 0x0,
platform_data = 0xcfd01820, power = {power_state = {event = 0},
can_wakeup = 0, should_wakeup = 0, status = DPM_INVALID},
dma_mask = 0x0, coherent_dma_mask = 0, dma_parms = 0x0, dma_pools = {
next = 0xcfd01a8c, prev = 0xcfd01a8c}, dma_mem = 0x0, archdata = {
acpi_handle = 0x0}, devt = 0, devres_lock = {{rlock = {
raw_lock = {<No data fields>}}}}, devres_head = {next =
0xcfd01aa0,
prev = 0xcfd01aa0}, knode_class = {n_klist = 0xcf843efc, n_node = {
next = 0xcf8b07ac, prev = 0xcfcb8d2c}, n_ref = {refcount = {
counter = 1}}}, class = 0xc04f50e0, groups = 0xcfd01ac4,
release = 0}, sysfs_groups = {0xc04f5114, 0xc04f5120, 0x0, 0x0},
rtnl_link_ops = 0x0, vlan_features = 0, gso_max_size = 65536}
(gdb) print *dev->ieee80211_ptr
$10 = {wiphy = 0xcf0440c0, iftype = NL80211_IFTYPE_AP, list = {
next = 0xcf044050, prev = 0xcfc36a70}, netdev = 0xcfd01820, mtx = {
count = {counter = -811498776}, wait_lock = {{rlock = {
raw_lock = {<No data fields>}}}}, wait_list = {next = 0xcfa182e8,
prev = 0x1}}, cleanup_work = {data = {counter = -808445176}, entry = {
next = 0xcfd01b08, prev = 0x0}, func = 0xcfd01b14}, use_4addr = 20,
ssid = "\033\320Ͼ\344\331\320", '\000' <repeats 24 times>,
ssid_len = 0 '\000', sme_state = CFG80211_SME_IDLE, conn = 0x0,
connect_keys = 0x0, event_list = {next = 0x0, prev = 0x0}, event_lock = {{
rlock = {raw_lock = {<No data fields>}}}}, authtry_bsses =
{0xcfd01b50,
0xcfd01b50, 0x0, 0x0}, auth_bsses = {0x0, 0x0, 0x0, 0x0},
current_bss = 0x0, wext = {ibss = {ssid = 0x0, bssid = 0x0, channel =
0x0,
ie = 0x64 <Address 0x64 out of bounds>, ssid_len = 0 '\000',
ie_len = 0 '\000', beacon_interval = 0, channel_fixed = false,
privacy = false}, connect = {channel = 0x0, bssid = 0x0, ssid = 0x0,
ssid_len = 0, auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM, ie = 0x0,
ie_len = 0, privacy = false, crypto = {wpa_versions = 4,
cipher_group = 0, n_ciphers_pairwise = 0, ciphers_pairwise = {0,
0, 0,
0, 0}, n_akm_suites = 0, akm_suites = {0, 0}, control_port =
false},
key = 0x0, key_len = 0 '\000', key_idx = 0 '\000'}, keys = 0x0,
ie = 0x0, ie_len = 0, bssid = "\000\000\000\000\000",
prev_bssid = "\000\000\000\000\000", ssid = '\000' <repeats 31 times>,
default_key = 0 '\000', default_mgmt_key = 0 '\000', ps = false,
---Type <return> to continue, or q <return> to quit---
prev_bssid_valid = false, ps_timeout = 0}}
(gdb) print *dev->ieee80211_ptr->wiphy
$12 = {perm_addr = "\000\016\216\031\356v", interface_modes = 0, flags = 0,
signal_type = CFG80211_SIGNAL_TYPE_NONE, bss_priv_size = 0,
max_scan_ssids = 222 '\336', max_scan_ie_len = 0, n_cipher_suites = 106,
cipher_suites = 0x1, retry_short = 96 '`', retry_long = 0 '\000',
frag_threshold = 148111364, rts_threshold = 5,
fw_version = "@\vi\321\a\004\000\000\377\377\377\377\377\377\377\377",
'\000' <repeats 15 times>, hw_version = 0, max_num_pmkids = 0 '\000',
privid = 0x0,
bands = {0x0, 0x0}, reg_notifier = 0, regd = 0x0, dev = {
parent = 0xd1693734, p = 0xcf044cd8, kobj = {name = 0xcf044d04 "",
entry = {next = 0xd18dc5a5, prev = 0xcf9f3508}, parent = 0xcf845374,
kset = 0xcf9976b0, ktype = 0xcf8ee8cc, sd = 0xcf905478, kref = {
refcount = {counter = -812108172}}, state_initialized = 0,
state_in_sysfs = 0, state_add_uevent_sent = 1,
state_remove_uevent_sent = 0, uevent_suppress = 1},
init_name = 0xcf808b04
"\f\016O\300\200\032\301\316t\201\200\317\020\213\200\317\020\213\200",
<incomplete sequence \317>, type = 0xc04f0cac, sem = {
lock = {{rlock = {raw_lock = {<No data fields>}}}}, count =
3482941176,
wait_list = {next = 0x4, prev = 0x7}}, bus = 0x0, driver = 0x0,
platform_data = 0x1, power = {power_state = {event = -821804684},
can_wakeup = 0, should_wakeup = 0, status = DPM_INVALID},
dma_mask = 0x0, coherent_dma_mask = 3473162240, dma_parms = 0x0,
dma_pools = {next = 0x0, prev = 0x0}, dma_mem = 0x0, archdata = {
acpi_handle = 0x0}, devt = 0, devres_lock = {{rlock = {
---Type <return> to continue, or q <return> to quit---
raw_lock = {<No data fields>}}}}, devres_head = {next =
0xcf0441a4,
prev = 0xcf0441a4}, knode_class = {n_klist = 0x0, n_node = {next =
0x0,
prev = 0x0}, n_ref = {refcount = {counter = -821804616}}},
class = 0xcf0441b8, groups = 0xcf98ac3c, release = 0xcf98ac3c},
debugfsdir = 0xcf98ac3c, wext = 0x1,
priv = 0xcf0441e0 "\350T\333", <incomplete sequence \320>}
Please not the missing addr_mask field in wiphy.