Kernel panic, when send a reserved data type frame myself

Huang Xiaodong xdhuang
Fri Nov 1 21:55:29 PST 2002 

Hi all,

Who can help?

I want to periodically broadcast a frame, the type is defined as Reserved Data
Frame (2:8) in the ieee 802.11 standard. I modified the driver adn found that
after rebooting the system, my program can run very well, and the clients can
receive the broadcast frame well too. But if I use "/etc/init.d/pcmcia
restart" 
after rebooting to start the D-Link pcmcia card, kernel panic error pop up,
like this:

Code: Bad EIP value.
Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing

My system is:
OS: Redhat Linux 7.1
Hostap driver: Prism2-2002-05-19

And following is my modification in the drivers

1. In file : prism2_wlan.h

/*define my timer in local_info to call the send function periodically
.....
struct local_info {
...
...

	/*defien my timer*/
	timer_t timer_send_ac_frame;
...
...
}



2. In file: prism2.c

/* init the timer in following function*/
local_info_t *prism2_init_local_data(struct prism2_helper_functions *funcs,
				     int card_idx)
{
.....

/*my timer init*/
      	init_timer(&local->timer_send_ac_frame);
	local->timer_send_ac_frame.expires = jiffies+HZ;
	local->timer_send_ac_frame.data = (unsigned long)(local);
	local->timer_send_ac_frame.function = send_ac_frame;
	add_timer(&local->timer_send_ac_frame);
/*end of my timer init end*/

	return local;

 fail:
	if (local->ap != NULL)
		kfree(local->ap);
	if (local->dev != NULL)
		kfree(local->dev);
#if defined(PRISM2_PCI) && defined(PRISM2_BUS_MASTER)
	if (local->bus_m0_buf)
		kfree(local->bus_m0_buf);
#endif /* PRISM2_PCI and PRISM2_BUS_MASTER */
	if (local->bus_m1_buf)
		kfree(local->bus_m1_buf);
#ifdef PRISM2_HOSTAPD
	if (local->apdev != NULL)
		kfree(local->apdev);
#endif /* PRISM2_HOSTAPD */
	kfree(local);
	return NULL;
}

/*Send ac(admission control) frame function
  Following is my data frame sending function. I use a Reserved Data type:
2:8.
*/

 void send_ac_frame(unsigned long data)
 {

	struct hfa384x_tx_frame txdesc;
	int res, idx;
	u16 fc;
	u8 wepbuf[8];
	unsigned long flags;
	char body[8];
	u8 broadcast_address[8] = { 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF };
	int body_len = 8;

	int type =2;
	int subtype = 8;//Reserved data type

       local_info_t *local = (struct local_info_t *)data;

  //     printk ( "\nBegin send admission control frame to stations...\n");

	memset(&txdesc, 0, sizeof(txdesc));

	/* FIX: set tx_rate if f/w does not know how to do it */
	/*txdesc.tx_control = cpu_to_le16(txevent ? local->tx_control :
					HFA384X_TX_CTRL_802_11);*/
	txdesc.tx_control = cpu_to_le16(1 ? local->tx_control :
					HFA384X_TX_CTRL_802_11);

	txdesc.data_len = cpu_to_le16(body_len);

	fc = (type << 2) | (subtype << 4);

	memcpy(txdesc.addr1, broadcast_address, ETH_ALEN); /* DA / RA */

	fc |= WLAN_FC_FROMDS;
	memcpy(txdesc.addr2, local->dev->dev_addr, ETH_ALEN); /* BSSID */
	memcpy(txdesc.addr3, local->dev->dev_addr, ETH_ALEN); /* SA */

        txdesc.frame_control = cpu_to_le16(fc);
	txdesc.len = __cpu_to_be16(body_len);

	idx = prism2_get_txfid_idx(local);
	if (idx < 0)
		return;

	if (local->frame_dump & PRISM2_DUMP_TX_HDR)
		prism2_dump_tx_header(local->dev->name, &txdesc);

	spin_lock_irqsave(&local->baplock, flags);
	res = hfa384x_setup_bap(local->dev, BAP0, local->txfid[idx], 0);
	if (!res)
		res = hfa384x_to_bap(local->dev, BAP0, &txdesc, sizeof(txdesc));
	if (!res && local->use_wep && type == WLAN_FC_TYPE_DATA)
		res = hfa384x_to_bap(local->dev, BAP0, wepbuf, 8);
	else if (!res && body != NULL)
		res = hfa384x_to_bap(local->dev, BAP0, body, body_len);
	spin_unlock_irqrestore(&local->baplock, flags);
	if (!res)
		res = prism2_transmit(local->dev, idx);

	if (res) {
		local->intransmitfid[idx] = PRISM2_TXFID_EMPTY;
		printk(KERN_DEBUG "%s: prism2_send_mgmt - to BAP0 failed\n",
		       local->dev->name);
		if (res == -ETIMEDOUT)
			prism2_hw_reset(local->dev);
	}



    //    printk("\nEnd of send admission control frame to station.\n" );

	/*start next trigger*/
	mod_timer(&local->timer_send_ac_frame, jiffies+HZ);
	
}

If remove the last line "mod_timer(&local->timer_send_ac_frame,
jiffies+HZ);",
no kernel panic appear. But the ac frame is sent only once, this is not what I
want.
It seems like something wrong with the timer, but I can not assure and have no
idea how to do.

Please comment.

Thanks a lot.

Huang xiaodong






--http://www.eyou.com
--??????????????????????  ????????  ????????  ????????  ????????...????????

More information about the Hostap mailing list