From nobody@www.freebsd.org  Wed Jun 19 22:11:55 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 0BF5F37B414
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Jun 2002 22:11:55 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g5K5BnhG066018
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Jun 2002 22:11:49 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g5K5BnZY066017;
	Wed, 19 Jun 2002 22:11:49 -0700 (PDT)
Message-Id: <200206200511.g5K5BnZY066017@www.freebsd.org>
Date: Wed, 19 Jun 2002 22:11:49 -0700 (PDT)
From: Andrew J Forgue <ajf@agitated.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: unaligned access in wihap_input_data ( wi_hostap.c  )
X-Send-Pr-Version: www-1.0

>Number:         39560
>Category:       alpha
>Synopsis:       unaligned access in wihap_input_data ( wi_hostap.c  )
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-alpha
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 19 22:20:01 PDT 2002
>Closed-Date:    Sat Apr 05 00:31:28 MST 2003
>Last-Modified:  Sat Apr 05 00:31:28 MST 2003
>Originator:     Andrew J Forgue
>Release:        4.6-STABLE
>Organization:
>Environment:
FreeBSD thunder.home.agitated.net 4.6-STABLE FreeBSD 4.6-STABLE #0: Thu Jun 20 00:39:29 EDT 2002     root@thunder.home.agitated.net:/usr/src/sys/compile/thunder  alpha
>Description:
While running the new hostap code for the PRISM Chipset, configuration of the card for hostap goes normal, but as soon as any network card is trying to use it as an AP, the kernel panics with the below information 0x4 (unaligned trap).

Wireless Card
-------------------------
wi0: <Linksys WDT11> port 0x8180-0x81bf,0x8100-0x817f mem 0x80025000-0x800253ff irq 16 at device 9.0 on pci1
wi0: interrupting at CIA irq 16
wi0: 802.11 address: 00:03:2f:00:26:01
wi0: using RF:PRISM2 MAC:HFA3841 CARD:HWB3163 rev.A
wi0: Intersil Firmware: Primary 0.03.00, Station 0.08.00


Syslog Entries
-----------------------------------
Jun 20 00:57:25 thunder /kernel:
Jun 20 00:57:25 thunder /kernel: fatal kernel trap:
Jun 20 00:57:25 thunder /kernel:
Jun 20 00:57:25 thunder /kernel: trap entry = 0x4 (unaligned access fault)
Jun 20 00:57:25 thunder /kernel: a0         = 0xfffffe0011b3bc02
Jun 20 00:57:25 thunder /kernel: a1         = 0x28
Jun 20 00:57:25 thunder /kernel: a2         = 0x2
Jun 20 00:57:25 thunder /kernel: pc         = 0xfffffc00003895f8
Jun 20 00:57:25 thunder /kernel: ra         = 0xfffffc00003819bc
Jun 20 00:57:25 thunder /kernel: curproc    = 0
Jun 20 00:57:25 thunder /kernel:

GDB 
-----------------------------------
(kgdb) where
#0  0xfffffc00003ad780 in dumpsys () at ../../kern/kern_shutdown.c:486
#1  0xfffffc00003ad2c8 in boot (howto=256) at ../../kern/kern_shutdown.c:316
#2  0xfffffc00003adb70 in panic (fmt=0xfffffc00005405fc "trap") at ../../kern/kern_shutdown.c:595
#3  0xfffffc00004e15bc in trap (a0=18446741874983287810, a1=40, a2=2, entry=4, framep=0xfffffe0011b3ba50) at ../../alpha/alpha/trap.c:551
#4  0xfffffc00004d3564 in XentUna ()
#5  0xfffffc00003819bc in wi_rxeof (sc=0xfffffe0001615120) at ../../dev/wi/if_wi.c:720
warning: Hit heuristic-fence-post without finding
warning: enclosing function for address 0x4


PC Register
-----------------------------------
(kgdb) l *0xfffffc00003895b8
0xfffffc00003895b8 is in wihap_data_input (../../dev/wi/wi_hostap.c:1061).
1056            struct wihap_info       *whi = &sc->wi_hostap_info;
1057            struct wihap_sta_info   *sta;
1058            int                     mcast, s;
1059
1060            /* TODS flag must be set. */
1061            if (!(rxfrm->wi_frame_ctl & htole16(WI_FCTL_TODS))) {      <-------- PC
1062                    if (ifp->if_flags & IFF_DEBUG)
1063                            printf("wihap_data_input: no TODS src=%6D\n",
1064                                rxfrm->wi_addr2, ":");
1065                    m_freem(m);

RA Register
------------------------------------
(kgdb) l *0xfffffc00003819bc
0xfffffc00003819bc is in wi_rxeof (../../dev/wi/if_wi.c:720).
715                              * Give host AP code first crack at data
716                              * packets.  If it decides to handle it (or
717                              * drop it), it will return a non-zero.
718                              * Otherwise, it is destined for this host.
719                              */
720                             if (wihap_data_input(sc, &rx_frame, m))     <------- RA
721                                     return;
722                     }
723                     /* Receive packet. */
724                     m_adj(m, sizeof(struct ether_header));



>How-To-Repeat:
Configure this card as a wireless Access Point, and attempt to use it (alpha only?).

>Fix:
      
>Release-Note:
>Audit-Trail:

From: Robert Drehmel <robert@ferrari-electronic.de>
To: freebsd-gnats-submit@FreeBSD.org, ajf@agitated.net
Cc:  
Subject: Re: alpha/39560: unaligned access in wihap_input_data ( wi_hostap.c )
Date: Thu, 20 Jun 2002 13:32:12 +0200

 --0F1p//8PRICkK4MW
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Hi Andrew,
 can you please try a kernel built with the attached patch?
 
 Thanks,
 -robert
 
 --0F1p//8PRICkK4MW
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="wi.diff"
 
 Index: src/sys/dev/wi/wi_hostap.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/dev/wi/wi_hostap.c,v
 retrieving revision 1.14
 diff -r1.14 wi_hostap.c
 343a344,347
 > #if defined(__alpha__) || defined(__sparc64__)
 > 	return (a[0] == b[0] && a[1] == b[1] && a[2] == b[2] &&
 > 		a[3] == b[3] && a[4] == b[4] && a[5] == b[5]);
 > #else
 345a350
 > #endif
 
 --0F1p//8PRICkK4MW--

From: "Andrew Forgue" <ajf@agitated.net>
To: "'Robert Drehmel'" <robert@ferrari-electronic.de>,
	<freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: RE: alpha/39560: unaligned access in wihap_input_data ( wi_hostap.c )
Date: Thu, 20 Jun 2002 17:39:41 -0400

 Robert,
 
 Sorry, It still traps however it is a little different now
 
 
 Here is the trace from gdb on the core
 
 (kgdb) where
 #0  0xfffffc00003ad800 in dumpsys () at ../../kern/kern_shutdown.c:486
 #1  0xfffffc00003ad348 in boot (howto=260) at
 ../../kern/kern_shutdown.c:316
 #2  0xfffffc00003adbf0 in panic (fmt=0xfffffc000054067c "trap")
     at ../../kern/kern_shutdown.c:595
 #3  0xfffffc00004e163c in trap (a0=88, a1=1, a2=0, entry=2,
     framep=0xfffffe0011b376a0) at ../../alpha/alpha/trap.c:551
 #4  0xfffffc00004d353c in XentMM ()
 #5  0xfffffc000049ccf0 in softdep_update_inodeblock
 (ip=0xfffffe0001709200,
     bp=0xfffffe00074ea0d0, waitfor=0) at
 ../../ufs/ffs/ffs_softdep.c:3813
 can not access 0x1603ffc, invalid translation (invalid L3 PTE)
 can not access 0x1603ffc, invalid translation (invalid L3 PTE)
 
 
 I don't see how softdep_update_inodeblock can be in the wi driver,
 However it did happen at exactly the same time. (When I turned 
 On a client)
 
 Let me know if you want anything else.
 -Andrew
 
 > -----Original Message-----
 > From: Robert Drehmel [mailto:robert@ferrari-electronic.de]
 > Sent: Thursday, June 20, 2002 7:32 AM
 > To: freebsd-gnats-submit@FreeBSD.org; ajf@agitated.net
 > Subject: Re: alpha/39560: unaligned access in wihap_input_data (
 > wi_hostap.c )
 > 
 > Hi Andrew,
 > can you please try a kernel built with the attached patch?
 > 
 > Thanks,
 > -robert
 

From: "Andrew Forgue" <ajf@agitated.net>
To: <robert@ferrari-electronic.de>
Cc: <freebsd-gnats-submit@FreeBSD.org>, <ajf@agitated.net>
Subject: RE: alpha/39560: unaligned access in wihap_input_data ( wi_hostap.c )
Date: Thu, 20 Jun 2002 17:45:23 -0400

 Robert, 
 
 I apologize for my previous email, I derefrenced the pc register
 Of the next crashdump:
 
 (kgdb) l *0xfffffc00003865fc
 0xfffffc00003865fc is in wi_cache_store (../../dev/wi/if_wi.c:2706).
 2701             *  .ip source address
 2702             *  .mac src
 2703             *  .signal, etc.
 2704             */
 2705            if (sawip)
 2706                    sc->wi_sigcache[cache_slot].ipsrc =
 ip->ip_src.s_addr;
 2707            bcopy( eh->ether_shost,
 sc->wi_sigcache[cache_slot].macsrc,  6);
 2708
 2709            sig = (rx_quality >> 8) & 0xFF;
 2710            noise = rx_quality & 0xFF;
 
 Sorry I overlooked it.
 
 Thanks,
 Andrew 
 
 > -----Original Message-----
 > From: Andrew Forgue [mailto:ajf@agitated.net]
 > Sent: Thursday, June 20, 2002 5:40 PM
 > To: 'Robert Drehmel'; 'freebsd-gnats-submit@FreeBSD.org'
 > Subject: RE: alpha/39560: unaligned access in wihap_input_data (
 > wi_hostap.c )
 > 
 > Robert,
 > 
 > Sorry, It still traps however it is a little different now
 > 
 > 
 > Here is the trace from gdb on the core
 > 
 > (kgdb) where
 > #0  0xfffffc00003ad800 in dumpsys () at ../../kern/kern_shutdown.c:486
 > #1  0xfffffc00003ad348 in boot (howto=260) at
 > ../../kern/kern_shutdown.c:316
 > #2  0xfffffc00003adbf0 in panic (fmt=0xfffffc000054067c "trap")
 >     at ../../kern/kern_shutdown.c:595
 > #3  0xfffffc00004e163c in trap (a0=88, a1=1, a2=0, entry=2,
 >     framep=0xfffffe0011b376a0) at ../../alpha/alpha/trap.c:551
 > #4  0xfffffc00004d353c in XentMM ()
 > #5  0xfffffc000049ccf0 in softdep_update_inodeblock
 > (ip=0xfffffe0001709200,
 >     bp=0xfffffe00074ea0d0, waitfor=0) at
 ../../ufs/ffs/ffs_softdep.c:3813
 > can not access 0x1603ffc, invalid translation (invalid L3 PTE)
 > can not access 0x1603ffc, invalid translation (invalid L3 PTE)
 > 
 > 
 > I don't see how softdep_update_inodeblock can be in the wi driver,
 > However it did happen at exactly the same time. (When I turned
 > On a client)
 > 
 > Let me know if you want anything else.
 > -Andrew
 > 
 > > -----Original Message-----
 > > From: Robert Drehmel [mailto:robert@ferrari-electronic.de]
 > > Sent: Thursday, June 20, 2002 7:32 AM
 > > To: freebsd-gnats-submit@FreeBSD.org; ajf@agitated.net
 > > Subject: Re: alpha/39560: unaligned access in wihap_input_data (
 > > wi_hostap.c )
 > >
 > > Hi Andrew,
 > > can you please try a kernel built with the attached patch?
 > >
 > > Thanks,
 > > -robert
 
State-Changed-From-To: open->closed 
State-Changed-By: imp 
State-Changed-When: Sat Apr 5 00:30:54 MST 2003 
State-Changed-Why:  
OBE: hostap is now done completely differently in 5.0 current and is 
both endian and alignment safe. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=39560 
>Unformatted:
