ccmp crashes kernel

Marco Aime m.aime at polito.it
Tue Feb 3 05:39:55 EST 2004



Jouni Malinen wrote:
> On Mon, Feb 02, 2004 at 12:45:39PM +0100, Marco Aime wrote:
> 
> 
>>caught a weird bug:
>>receiving a single arp packet always causes a kernel panic when ccmp is 
>>enabled
>>
>>all seems to work fine when populating the arp cache manually (at least 
>>both ping and tcp)
> 
> 
> Are you are using Host AP driver in Managed mode with wpa_supplicant?
> What do you mean with "single arp packet"? arp who-has request? That is
> a broadcast packet and it is encrypted with another key, which might
> explain some differences with the other case. If you set ARP entries
> manually, AP does not need to send any broadcast frames to the station.
> You should also be able to get similar behavior by trying to ping
> broadcast address from the AP (or wired net if you are using bridging).
>

Well, I configured a single CCMP key manually... ("hostap_crypt_conf 
wlan0 ff:ff:ff:ff:ff:ff CCMP ...")
The killer packets do are arp requests, but I don't think it's a matter 
of broadcast frames since pinging broadcast does work fine

> 
>>some context information:
>>- Master mode
>>- kernel 2.4.20
>>- latest cvs version by pserver (but same problem with snapshot tar)
>>- Netgear MA311 PCI cards with firmware v1.3.6 (but updating does not help)
> 
> 
> Hmm.. what do you mean with Master mode here? How did you set the keys?
> What was the other end of the connection running?
> 

both use HostAP, one managed and one master mode, but just the AP crashes

> 
>>if it can help:
>>when tring to track the problem with some printk, I stopped before the 
>>skb_pull() instruction at line 978 in hostap_80211_rx.c
> 
> 
> CVS version does not have skb_pull() on that line. There's one on line
> 976 (skb_pull(skb, hdrlen +6) after "remove RFC1042 or .." comment). Is
> that the one you mean? The if statement just before that skb_sull() is
> verifying that there is enough header bytes before removing them with
> skb_pull, so it should not really crash..
> 

Yep, that is the instruction
However, it' just where I stopped to get printk's output: I dubt it's 
the real point

> Any change of you sending the full kernel panic message? 
> 
> I haven't tested CCMP with 2.4.x kernels, but at least I can't reproduce
> similar problems with 2.6.x kernels when using Host AP driver in managed
> mode.
> 

well, I tried with kernel 2.6.1 and got similar results
at least, the 2.6 panic message seems a bit more readable:
below you find a summary.

Thanks, I'm available for any additional info
Bye



************************************************

[<.........>] dev_queue_xmit .......
[<.........>]  hostap_data_start_xmit.......
[<.........>]  dev_queue_xmit.......
[<.........>]  hostap_80211_rx.......
[<.........>]  common_interrupt.......
[<.........>]  hfa384x_setup_bap.......
[<.........>]  hostap_rx_skb.......
[<.........>]  hostap_rx_tasklet.......
[<.........>]  tasklet_action.......
[<.........>]  do_softirq.......
[<.........>]  do_IRQ.......
[<.........>]  _stext.......
[<.........>]  common_interrupt.......
[<.........>]  _stext.......
[<.........>]  setup_timer.......
[<.........>]  default_idle.......
[<.........>]  cpu_idle.......
[<.........>]  start_kernel.......
[<.........>]  unknown_bootoption.......


Code: 8b 02 f6 c4 08 75 17 8b 42 04 85 c0 74 4a ff 4a 04 0f 94 c0
<0> Kernel Panic: Fatal exception in interrupt
in interrupt handler - not syncing
<6> wifi0: SW TICK stuck? bits=0x0 EvStat=8001 IntEn=e018

****************************************



-- 
------------------------------------------------------------------
Marco Domenico AIME
Dipartimento di Automatica e Informatica
Politecnico di Torino
Addr: Via Boggio 61, Torino, Italy
Tel: +39 011 2276-807
Mail: m.aime at polito.it (marcodomenico.aime at polito.it)
------------------------------------------------------------------





More information about the HostAP mailing list