Date: Sat, 09 Oct 2010 19:11:57 +0300 From: Nikos Vassiliadis <nvass9573@gmx.com> To: Paul B Mahol <onemda@gmail.com> Cc: FreeBSD Net <net@freebsd.org> Subject: Re: VIMAGE + NDIS Message-ID: <4CB0944D.7060806@gmx.com> In-Reply-To: <AANLkTinG=TtS-h6VO6D50cY79c22rSKvYj3_bVH3p8te@mail.gmail.com> References: <4CA0F4CE.7020905@freebsd.org> <AANLkTinG=TtS-h6VO6D50cY79c22rSKvYj3_bVH3p8te@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul B Mahol wrote:
> On 9/27/10, Julian Elischer <julian@freebsd.org> wrote:
>> anyone here have NDIS experience?
>>
>> On 9/27/10 10:51 AM, Nikos Vassiliadis wrote:
>>> Julian Elischer wrote:
>>>>> #10 0xc0978200 in rt_dispatch (m=0xc764ad00, sa=0x0) at
>>>>> /usr/src/sys/net/rtsock.c:1374
>>>>> 1374 if (V_loif)
>>>>> (kgdb) list
>>>>> 1369 }
>>>>> 1370 *(unsigned short *)(tag + 1) = sa->sa_family;
>>>>> 1371 m_tag_prepend(m, tag);
>>>>> 1372 }
>>>>> 1373 #ifdef VIMAGE
>>>>> 1374 if (V_loif)
>>>>> 1375 m->m_pkthdr.rcvif = V_loif;
>>>>> 1376 else {
>>>>> 1377 m_freem(m);
>>>>> 1378 return;
>>>>> (kgdb)
>>>>>
>>>> ok so probably there is a code-path to this point that does not first
>>>> set up the current-vnet pointer before doing this.
>>>> what you need to do is to produce a stack-trace so we can see how
>>>> it got here,
>>>> and then we can figure out where on that path we should set the
>>>> pointer.
>>> Here it is:
>>> (kgdb) #0 doadump () at pcpu.h:231
>>> #1 0xc04d48b9 in db_fncall (dummy1=1, dummy2=0, dummy3=-1058443808,
>>> dummy4=0xeef1d720 "") at /usr/src/sys/ddb/db_command.c:548
>>> #2 0xc04d4cb1 in db_command (last_cmdp=0xc0df4bdc, cmd_table=0x0,
>>> dopager=1)
>>> at /usr/src/sys/ddb/db_command.c:445
>>> #3 0xc04d4e0a in db_command_loop () at
>>> /usr/src/sys/ddb/db_command.c:498
>>> #4 0xc04d6d0d in db_trap (type=12, code=0) at
>>> /usr/src/sys/ddb/db_main.c:229
>>> #5 0xc08e17ce in kdb_trap (type=12, code=0, tf=0xeef1d948)
>>> at /usr/src/sys/kern/subr_kdb.c:535
>>> #6 0xc0c0ae7f in trap_fatal (frame=0xeef1d948, eva=24)
>>> at /usr/src/sys/i386/i386/trap.c:929
>>> #7 0xc0c0b140 in trap_pfault (frame=0xeef1d948, usermode=0, eva=24)
>>> at /usr/src/sys/i386/i386/trap.c:851
>>> #8 0xc0c0bad5 in trap (frame=0xeef1d948) at
>>> /usr/src/sys/i386/i386/trap.c:533
>>> #9 0xc0bec9ac in calltrap () at /usr/src/sys/i386/i386/exception.s:166
>>> #10 0xc0978200 in rt_dispatch (m=0xc764ad00, sa=0x0)
>>> at /usr/src/sys/net/rtsock.c:1374
>>> #11 0xc0978864 in rt_ifmsg (ifp=0xc6c3d400) at
>>> /usr/src/sys/net/rtsock.c:1168
>>> #12 0xc76704a1 in ?? ()
>>> #13 0xc6c3d400 in ?? ()
>>> #14 0xeef1daa8 in ?? ()
>>> #15 0xeef1daf4 in ?? ()
>>> #16 0xc769ecb3 in NdisMIndicateStatusComplete (adapter=0xc76b9200)
>>> at /usr/src/sys/modules/ndis/../../compat/ndis/subr_ndis.c:3105
>>> #17 0xc766d8a1 in ?? ()
>>> #18 0xc76b9200 in ?? ()
>>> #19 0xc76c0000 in ?? ()
>>> #20 0xc76f1000 in ?? ()
>>> #21 0xeef1dacc in ?? ()
>>> #22 0xc79d2afd in ndis_bcmwl5_sys_drv_data_start ()
>>> from /boot/modules/bcmwl5_sys.ko
>>> #23 0x006c0000 in ?? ()
>>> #24 0xeef1dbb4 in ?? ()
>>> #25 0xc79dcdac in ndis_bcmwl5_sys_drv_data_start ()
>>> from /boot/modules/bcmwl5_sys.ko
>>> #26 0xc76c0000 in ?? ()
>>> #27 0xc76c0000 in ?? ()
>>> #28 0xc7340800 in ?? ()
>>> #29 0xc086adcc in hardclock_cpu (usermode=7077888)
>>> at /usr/src/sys/kern/kern_clock.c:447
>>
>> whoa!
>> hardclock interrupted itself?
>>
>>> #30 0xc79d2afd in ndis_bcmwl5_sys_drv_data_start ()
>>> from /boot/modules/bcmwl5_sys.ko
>>> #31 0x006c0000 in ?? ()
>>> #32 0xeef1dbb4 in ?? ()
>>> #33 0xc79dcdac in ndis_bcmwl5_sys_drv_data_start ()
>>> from /boot/modules/bcmwl5_sys.ko
>>> #34 0xc76c0000 in ?? ()
>>> #35 0xc76c0000 in ?? ()
>>> #36 0xc7340800 in ?? ()
>> hmmm maybe we need to get ndis to put in a wrapper at this point that
>> is called form hardclock and sets the value before going further
>>
>> I'd have to look at the code to see what happens here..
>>
>> *wonders who has their fingers in this code*..
>>
>>> #37 0xc086adcc in hardclock_cpu (usermode=-949223424)
>>> at /usr/src/sys/kern/kern_clock.c:447
>>> Previous frame inner to this frame (corrupt stack?)
>>> (kgdb)
>>>
>>>
>>> and the panic, in case it helps:
>>> Fatal trap 12: page fault while in kernel mode
>>> cpuid = 1; apic id = 01
>>> fault virtual address = 0x18
>>> fault code = supervisor read, page not present
>>> instruction pointer = 0x20:0xc0978200
>>> stack pointer = 0x28:0xeef1d988
>>> frame pointer = 0x28:0xeef1d9a0
>>> code segment = base 0x0, limit 0xfffff, type 0x1b
>>> = DPL 0, pres 1, def32 1, gran 1
>>> processor eflags = interrupt enabled, resume, IOPL = 0
>>> current process = 1404 (Windows Workitem 3)
>>> panic: from debugger
>>> cpuid = 1
>>> KDB: stack backtrace:
>>> Physical memory: 2916 MB
>>> Dumping 113 MB: 98 82 66 50 34 18 2
>>>
>>> Thanks, Nikos
>>>
>
> Please give more background information of this case.
> Personally I never tested VIMAGE.
Sorry for the delayed response,
It is easily producible. Build a kernel with VIMAGE, associate
with an AP, run dhclient and then change the SSID to something
random.
If there is something I can do to help you debug this problem,
please don't hesitate to ask.
Thanks, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CB0944D.7060806>