#12197 NORM 13.1.0: xo-4 page faults and silent hangs on boot. mwifiex?
Zarro Boogs per Child
bugtracker at laptop.org
Mon Jan 7 14:47:42 EST 2013
#12197: xo-4 page faults and silent hangs on boot. mwifiex?
---------------------------------+------------------------------------------
Reporter: pgf | Owner: shep
Type: defect | Status: new
Priority: normal | Milestone: 13.1.0
Component: wireless | Version: Development build as of this date
Resolution: | Keywords:
Next_action: reproduce | Verified: 0
Deployment_affected: | Blockedby:
Blocking: |
---------------------------------+------------------------------------------
Comment(by shep):
There appear to be 3 other identical sorts of problems.
{{{
int mwifiex_sta_init_cmd(struct mwifiex_private *priv, u8 first_sta)
{
int ret;
u16 enable = true;
struct mwifiex_ds_11n_amsdu_aggr_ctrl amsdu_aggr_ctrl;
struct mwifiex_ds_auto_ds auto_ds;
enum state_11d_t state_11d;
struct mwifiex_ds_11n_tx_cfg tx_cfg;
}}}
Pointers to amsdu_aggr_ctrl, auto_ds, state_11d, and tx_cfg are all taken
and stored as the data_buf in a command sent to the firmware, and in
mwifiex_process_sta_cmdresp (which runs in a different thread) the data
buf is passed to a routine which then writes through that pointer.
(A pointer is taken of enable and that pointer gets copied into a data_buf
of a command, but I don't see a corresponding write through that pointer
in mwifiex_process_sta_cmdresp. This wouldn't appear to be a fifth stack
corrupting bug, but it may still be a bug if the command can be queued and
sent later after this memory on the stack is being reused.)
So there appear to be at least four bugs here, any of which could be
causing the crashes we've been seeing.
--
Ticket URL: <http://dev.laptop.org/ticket/12197#comment:8>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list