Bug 39560

Summary: unaligned access in wihap_input_data ( wi_hostap.c )
Product: Base System Reporter: Andrew J Forgue <ajf>
Component: alphaAssignee: freebsd-alpha (Nobody) <alpha>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.6-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
wi.diff none

Description Andrew J Forgue 2002-06-20 06:20:01 UTC 
While running the new hostap code for the PRISM Chipset, configuration of the card for hostap goes normal, but as soon as any network card is trying to use it as an AP, the kernel panics with the below information 0x4 (unaligned trap).

Wireless Card
-------------------------
wi0: <Linksys WDT11> port 0x8180-0x81bf,0x8100-0x817f mem 0x80025000-0x800253ff irq 16 at device 9.0 on pci1
wi0: interrupting at CIA irq 16
wi0: 802.11 address: 00:03:2f:00:26:01
wi0: using RF:PRISM2 MAC:HFA3841 CARD:HWB3163 rev.A
wi0: Intersil Firmware: Primary 0.03.00, Station 0.08.00


Syslog Entries
-----------------------------------
Jun 20 00:57:25 thunder /kernel:
Jun 20 00:57:25 thunder /kernel: fatal kernel trap:
Jun 20 00:57:25 thunder /kernel:
Jun 20 00:57:25 thunder /kernel: trap entry = 0x4 (unaligned access fault)
Jun 20 00:57:25 thunder /kernel: a0         = 0xfffffe0011b3bc02
Jun 20 00:57:25 thunder /kernel: a1         = 0x28
Jun 20 00:57:25 thunder /kernel: a2         = 0x2
Jun 20 00:57:25 thunder /kernel: pc         = 0xfffffc00003895f8
Jun 20 00:57:25 thunder /kernel: ra         = 0xfffffc00003819bc
Jun 20 00:57:25 thunder /kernel: curproc    = 0
Jun 20 00:57:25 thunder /kernel:

GDB 
-----------------------------------
(kgdb) where
#0  0xfffffc00003ad780 in dumpsys () at ../../kern/kern_shutdown.c:486
#1  0xfffffc00003ad2c8 in boot (howto=256) at ../../kern/kern_shutdown.c:316
#2  0xfffffc00003adb70 in panic (fmt=0xfffffc00005405fc "trap") at ../../kern/kern_shutdown.c:595
#3  0xfffffc00004e15bc in trap (a0=18446741874983287810, a1=40, a2=2, entry=4, framep=0xfffffe0011b3ba50) at ../../alpha/alpha/trap.c:551
#4  0xfffffc00004d3564 in XentUna ()
#5  0xfffffc00003819bc in wi_rxeof (sc=0xfffffe0001615120) at ../../dev/wi/if_wi.c:720
warning: Hit heuristic-fence-post without finding
warning: enclosing function for address 0x4


PC Register
-----------------------------------
(kgdb) l *0xfffffc00003895b8
0xfffffc00003895b8 is in wihap_data_input (../../dev/wi/wi_hostap.c:1061).
1056            struct wihap_info       *whi = &sc->wi_hostap_info;
1057            struct wihap_sta_info   *sta;
1058            int                     mcast, s;
1059
1060            /* TODS flag must be set. */
1061            if (!(rxfrm->wi_frame_ctl & htole16(WI_FCTL_TODS))) {      <-------- PC
1062                    if (ifp->if_flags & IFF_DEBUG)
1063                            printf("wihap_data_input: no TODS src=%6D\n",
1064                                rxfrm->wi_addr2, ":");
1065                    m_freem(m);

RA Register
------------------------------------
(kgdb) l *0xfffffc00003819bc
0xfffffc00003819bc is in wi_rxeof (../../dev/wi/if_wi.c:720).
715                              * Give host AP code first crack at data
716                              * packets.  If it decides to handle it (or
717                              * drop it), it will return a non-zero.
718                              * Otherwise, it is destined for this host.
719                              */
720                             if (wihap_data_input(sc, &rx_frame, m))     <------- RA
721                                     return;
722                     }
723                     /* Receive packet. */
724                     m_adj(m, sizeof(struct ether_header));

How-To-Repeat: Configure this card as a wireless Access Point, and attempt to use it (alpha only?).
Comment 1 robert 2002-06-20 12:32:12 UTC 
Hi Andrew,
can you please try a kernel built with the attached patch?

Thanks,
-robert
Comment 2 Andrew J Forgue 2002-06-20 22:39:41 UTC 
Robert,

Sorry, It still traps however it is a little different now


Here is the trace from gdb on the core

(kgdb) where
#0  0xfffffc00003ad800 in dumpsys () at ../../kern/kern_shutdown.c:486
#1  0xfffffc00003ad348 in boot (howto=260) at
../../kern/kern_shutdown.c:316
#2  0xfffffc00003adbf0 in panic (fmt=0xfffffc000054067c "trap")
    at ../../kern/kern_shutdown.c:595
#3  0xfffffc00004e163c in trap (a0=88, a1=1, a2=0, entry=2,
    framep=0xfffffe0011b376a0) at ../../alpha/alpha/trap.c:551
#4  0xfffffc00004d353c in XentMM ()
#5  0xfffffc000049ccf0 in softdep_update_inodeblock
(ip=0xfffffe0001709200,
    bp=0xfffffe00074ea0d0, waitfor=0) at
../../ufs/ffs/ffs_softdep.c:3813
can not access 0x1603ffc, invalid translation (invalid L3 PTE)
can not access 0x1603ffc, invalid translation (invalid L3 PTE)


I don't see how softdep_update_inodeblock can be in the wi driver,
However it did happen at exactly the same time. (When I turned 
On a client)

Let me know if you want anything else.
-Andrew

> -----Original Message-----
> From: Robert Drehmel [mailto:robert@ferrari-electronic.de]
> Sent: Thursday, June 20, 2002 7:32 AM
> To: freebsd-gnats-submit@FreeBSD.org; ajf@agitated.net
> Subject: Re: alpha/39560: unaligned access in wihap_input_data (
> wi_hostap.c )
> 
> Hi Andrew,
> can you please try a kernel built with the attached patch?
> 
> Thanks,
> -robert
Comment 3 Andrew J Forgue 2002-06-20 22:45:23 UTC 
Robert, 

I apologize for my previous email, I derefrenced the pc register
Of the next crashdump:

(kgdb) l *0xfffffc00003865fc
0xfffffc00003865fc is in wi_cache_store (../../dev/wi/if_wi.c:2706).
2701             *  .ip source address
2702             *  .mac src
2703             *  .signal, etc.
2704             */
2705            if (sawip)
2706                    sc->wi_sigcache[cache_slot].ipsrc =
ip->ip_src.s_addr;
2707            bcopy( eh->ether_shost,
sc->wi_sigcache[cache_slot].macsrc,  6);
2708
2709            sig = (rx_quality >> 8) & 0xFF;
2710            noise = rx_quality & 0xFF;

Sorry I overlooked it.

Thanks,
Andrew 

> -----Original Message-----
> From: Andrew Forgue [mailto:ajf@agitated.net]
> Sent: Thursday, June 20, 2002 5:40 PM
> To: 'Robert Drehmel'; 'freebsd-gnats-submit@FreeBSD.org'
> Subject: RE: alpha/39560: unaligned access in wihap_input_data (
> wi_hostap.c )
> 
> Robert,
> 
> Sorry, It still traps however it is a little different now
> 
> 
> Here is the trace from gdb on the core
> 
> (kgdb) where
> #0  0xfffffc00003ad800 in dumpsys () at ../../kern/kern_shutdown.c:486
> #1  0xfffffc00003ad348 in boot (howto=260) at
> ../../kern/kern_shutdown.c:316
> #2  0xfffffc00003adbf0 in panic (fmt=0xfffffc000054067c "trap")
>     at ../../kern/kern_shutdown.c:595
> #3  0xfffffc00004e163c in trap (a0=88, a1=1, a2=0, entry=2,
>     framep=0xfffffe0011b376a0) at ../../alpha/alpha/trap.c:551
> #4  0xfffffc00004d353c in XentMM ()
> #5  0xfffffc000049ccf0 in softdep_update_inodeblock
> (ip=0xfffffe0001709200,
>     bp=0xfffffe00074ea0d0, waitfor=0) at
../../ufs/ffs/ffs_softdep.c:3813
> can not access 0x1603ffc, invalid translation (invalid L3 PTE)
> can not access 0x1603ffc, invalid translation (invalid L3 PTE)
> 
> 
> I don't see how softdep_update_inodeblock can be in the wi driver,
> However it did happen at exactly the same time. (When I turned
> On a client)
> 
> Let me know if you want anything else.
> -Andrew
> 
> > -----Original Message-----
> > From: Robert Drehmel [mailto:robert@ferrari-electronic.de]
> > Sent: Thursday, June 20, 2002 7:32 AM
> > To: freebsd-gnats-submit@FreeBSD.org; ajf@agitated.net
> > Subject: Re: alpha/39560: unaligned access in wihap_input_data (
> > wi_hostap.c )
> >
> > Hi Andrew,
> > can you please try a kernel built with the attached patch?
> >
> > Thanks,
> > -robert
Comment 4 Warner Losh freebsd_committer freebsd_triage 2003-04-05 08:30:54 UTC 
State Changed
From-To: open->closed

OBE: hostap is now done completely differently in 5.0 current and is 
both endian and alignment safe.