Questions on libertas driver
Vladimir Davydov
vladimir.davydov at promwad.com
Mon Jan 28 11:12:36 EST 2008
> I become crazy !! :)
>
> But I continue to have kernel Oops with non aligned data.
> The kernel panic happen when I use iwconfig to change the essid. When I
> use essid "any", we can some communication between the driver and the
> card, but when I use essid "a3ipWifi", It hangs directly.
>
About kernel Oops with non aligned data.
You can try to change following lines in scan.c:
bytesleft = le16_to_cpu(pscan->bssdescriptsize);
to
bytesleft = le16_to_cpu(get_unaligned((u16*)&pscan->bssdescriptsize));
and
scanrespsize = le16_to_cpu(resp->size);
to
scanrespsize = le16_to_cpu(get_unaligned((u16*)&resp->size));
I don't known why David Woodhouse has changed those lines.
Vladimir
> Log with essid "any" :
>
> root:~> iwconfig eth0 essid "any"
> root:~> flags: 0x00000002
> SSID: '<hidden>'
> chann: 1
> band: 0
> mode: 2
> BSSID: 00:00:00:00:00:00
> secinfo:
> auth_mode: 1
> libertas SCAN_CMD: 03 00 00 00 00 00 00
> libertas SCAN_TLV: 01 01 1c 00 00 01 00 00 00 64 00 00 02 00 00 00
> libertas SCAN_TLV: 64 00 00 03 00 00 00 64 00 00 04 00 00 00 64 00
> libertas SCAN_TLV: 01 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60 6c
> libertas DNLD_CMD: 06 00 3f 00 0a 00 00 00 03 00 00 00 00 00 00 01
> libertas DNLD_CMD: 01 1c 00 00 01 00 00 00 64 00 00 02 00 00 00 64
> libertas DNLD_CMD: 00 00 03 00 00 00 64 00 00 04 00 00 00 64 00 01
> libertas DNLD_CMD: 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60 6c
> libertas CMD_RESP: 06 80 0b 00 0a 00 00 00 00 00 00
> libertas SCAN_CMD: 03 00 00 00 00 00 00
> libertas SCAN_TLV: 01 01 1c 00 00 05 00 00 00 64 00 00 06 00 00 00
> libertas SCAN_TLV: 64 00 00 07 00 00 00 64 00 00 08 00 00 00 64 00
> libertas SCAN_TLV: 01 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60 6c
> libertas DNLD_CMD: 06 00 3f 00 0b 00 00 00 03 00 00 00 00 00 00 01
> libertas DNLD_CMD: 01 1c 00 00 05 00 00 00 64 00 00 06 00 00 00 64
> libertas DNLD_CMD: 00 00 07 00 00 00 64 00 00 08 00 00 00 64 00 01
> libertas DNLD_CMD: 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60 6c
> libertas CMD_RESP: 06 80 0b 00 0b 00 00 00 00 00 00
> libertas SCAN_CMD: 03 00 00 00 00 00 00
> libertas SCAN_TLV: 01 01 1c 00 00 09 00 00 00 64 00 00 0a 00 00 00
> libertas SCAN_TLV: 64 00 00 0b 00 00 00 64 00 00 0c 00 00 00 64 00
> libertas SCAN_TLV: 01 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60 6c
> libertas DNLD_CMD: 06 00 3f 00 0c 00 00 00 03 00 00 00 00 00 00 01
> libertas DNLD_CMD: 01 1c 00 00 09 00 00 00 64 00 00 0a 00 00 00 64
> libertas DNLD_CMD: 00 00 0b 00 00 00 64 00 00 0c 00 00 00 64 00 01
> libertas DNLD_CMD: 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60 6c
> libertas CMD_RESP: 06 80 57 00 0c 00 00 00 40 00 01 3e 00 00 18 4d
> libertas CMD_RESP: 39 e3 e8 51 38 92 eb 23 00 00 00 00 64 00 01 04
> libertas CMD_RESP: 00 08 61 33 69 70 57 69 66 69 01 08 82 84 8b 96
> libertas CMD_RESP: 24 30 48 6c 03 01 0b 2a 01 04 2f 01 04 32 04 0c
> libertas CMD_RESP: 12 18 60 dd 06 00 10 18 02 00 f0 13 01 08 00 f0
> libertas CMD_RESP: 41 27 01 00 00 00 00
> libertas process_bss: IE info: 00 08 61 33 69 70 57 69 66 69 01 08 82 84
> 8b 96
> libertas process_bss: IE info: 24 30 48 6c 03 01 0b 2a 01 04 2f 01 04 32
> 04 0c
> libertas process_bss: IE info: 12 18 60 dd 06 00 10 18 02 00 f0
> libertas SCAN_CMD: 03 00 00 00 00 00 00
> libertas SCAN_TLV: 01 01 0e 00 00 0d 00 00 00 64 00 00 0e 00 00 00
> libertas SCAN_TLV: 64 00 01 00 0c 00 82 84 8b 96 0c 12 18 24 30 48
> libertas SCAN_TLV: 60 6c
> libertas DNLD_CMD: 06 00 31 00 0d 00 00 00 03 00 00 00 00 00 00 01
> libertas DNLD_CMD: 01 0e 00 00 0d 00 00 00 64 00 00 0e 00 00 00 64
> libertas DNLD_CMD: 00 01 00 0c 00 82 84 8b 96 0c 12 18 24 30 48 60
> libertas DNLD_CMD: 6c
> libertas CMD_RESP: 06 80 0b 00 0d 00 00 00 00 00 00
> Data access misaligned address violation
> - Attempted misaligned data memory or data cache access.
> Kernel OOPS in progress
> Defered Exception context
>
> No Valid process in current context
> return address: [0x00750b9a]; contents of:
> 0x00750b70: e530 0025 0c40 1402 252d e530 0025 9941
> 0x00750b80: 4348 0c00 15e9 6018 e6b0 0037 e530 0025
> 0x00750b90: e14a 0075 e10a c847 6c08 [9440] e730 0025
> 0x00750ba0: 9442 e730 0025 9543 6fd8 e730 0025 9551
>
> SEQUENCER STATUS:
> SEQSTAT: 00000024 IPEND: 8030 SYSCFG: 0006
> HWERRCAUSE: 0x0
> EXCAUSE : 0x24
> physical IVG15 asserted : <0xffa01008> { _evt_system_call + 0x0 }
> logical irq 6 mapped : <0xffa00168> { _timer_interrupt + 0x0 }
> logical irq 18 mapped : <0x00086754> { _bfin_serial_dma_rx_int + 0x0 }
> logical irq 19 mapped : <0x00086540> { _bfin_serial_dma_tx_int + 0x0 }
> logical irq 68 mapped : <0x004a0eac> { :libertas_cs:_if_cs_interrupt
> + 0x0 }
> RETE: <0x00000000> /* Maybe null pointer? */
> RETN: <0x004bfe08> /* unknown address */
> RETX: <0x00750b9a> { :libertas:_lbs_scan_networks + 0x6e }
> RETS: <0x007514de> { :libertas:_lbs_scan_networks + 0x9b2 }
> PC : <0x00750b9a> { :libertas:_lbs_scan_networks + 0x6e }
> DCPLB_FAULT_ADDR: <0x004bfe9c> /* unknown address */
> ICPLB_FAULT_ADDR: <0x00750b9a> { :libertas:_lbs_scan_networks + 0x6e }
>
> PROCESSOR STATE:
> R0 : 00000003 R1 : 00000000 R2 : 0000001f R3 : 0000001f
> R4 : 00000000 R5 : 00000008 R6 : 00000008 R7 : 0075fe08
> P0 : 004bfeb1 P1 : 00158cd4 P2 : 0075c847 P3 : 01eca380
> P4 : 01ed1004 P5 : 007678b0 FP : 004bfe74 SP : 004bfd2c
> LB0: ffa01954 LT0: ffa01952 LC0: 00000000
> LB1: 00078582 LT1: 00078574 LC1: 00000000
> B0 : 00000000 L0 : 00000000 M0 : 00000000 I0 : 01efa848
> B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 00000000
> B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : fffefe2b
> B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
> A0.w: 000000a0 A0.x: 00000000 A1.w: 000000a0 A1.x: 00000000
> USP : 00000000 ASTAT: 02003025
>
> Stack from 004bfd10:
> 00000400 ffa00918 00158788 00158788 00000000 0000000a 0000c680
> 00750b9a
> 00008030 00000024 00000000 004bfe08 00750b9a 00750b9a 007514de
> 00000003
> 02003025 00078582 ffa01954 00078574 ffa01952 00000000 00000000
> 000000a0
> 00000000 000000a0 00000000 00000000 00000000 00000000 00000000
> 00000000
> 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000
> fffefe2b 00000000 01efa848 00000000 004bfe74 007678b0 01ed1004
> 01eca380
>
> Call Trace:
> [<0000c680>] _release_console_sem+0x17c/0x23c
> [<0000df5e>] _do_wait+0x40e/0x820
> [<00078c5a>] _vscnprintf+0x16/0x24
> [<0000c1a2>] _vprintk+0x19a/0x2f0
> [<0000ffff>] _tasklet_kill+0x4f/0x80
> [<0000c30a>] _printk+0x12/0x18
> [<00751a18>] _lbs_send_specific_ssid_scan+0xd4/0x140 [libertas]
> [<0075ae1c>] _lbs_association_worker+0x170c/0x1948 [libertas]
> [<000087fe>] ___activate_task+0x1a/0x34
> [<00017d4c>] _run_workqueue+0x6c/0x12c
> [<00759710>] _lbs_association_worker+0x0/0x1948 [libertas]
> [<0001863a>] _worker_thread+0x8a/0xa4
> [<0001861e>] _worker_thread+0x6e/0xa4
> [<0001aec4>] _autoremove_wake_function+0x0/0x30
> [<0001aaf4>] _kthread+0x50/0x64
> [<000185b0>] _worker_thread+0x0/0xa4
> [<00001686>] _kernel_thread_helper+0x6/0xc
>
> Please turn on CONFIG_ACCESS_CHECK
> Kernel panic - not syncing: Kernel exception
>
>
> Log with essid "a3ipWifi" :
>
> root:~> iwconfig eth0 essid "a3ipWifi"
> root:~> flags: 0x00000002
> SSID: 'a3ipWifi'
> chann: 1
> band: 0
> mode: 2
> BSSID: 00:00:00:00:00:00
> secinfo:
> auth_mode: 1
> Data access misaligned address violation
> - Attempted misaligned data memory or data cache access.
> Kernel OOPS in progress
> Defered Exception context
>
> No Valid process in current context
> return address: [0x00750b9a]; contents of:
> 0x00750b70: e530 0025 0c40 1402 252d e530 0025 9941
> 0x00750b80: 4348 0c00 15e9 6018 e6b0 0037 e530 0025
> 0x00750b90: e14a 0075 e10a c847 6c08 [9440] e730 0025
> 0x00750ba0: 9442 e730 0025 9543 6fd8 e730 0025 9551
>
> SEQUENCER STATUS:
> SEQSTAT: 00000024 IPEND: 8030 SYSCFG: 0006
> HWERRCAUSE: 0x0
> EXCAUSE : 0x24
> physical IVG15 asserted : <0xffa01008> { _evt_system_call + 0x0 }
> logical irq 6 mapped : <0xffa00168> { _timer_interrupt + 0x0 }
> logical irq 18 mapped : <0x00086754> { _bfin_serial_dma_rx_int + 0x0 }
> logical irq 19 mapped : <0x00086540> { _bfin_serial_dma_tx_int + 0x0 }
> logical irq 68 mapped : <0x00734eac> { :libertas_cs:_if_cs_interrupt +
> 0x0 } RETE: <0x00000000> /* Maybe null pointer? */
> RETN: <0x004a5e08> /* unknown address */
> RETX: <0x00750b9a> { :libertas:_lbs_scan_networks + 0x6e }
> RETS: <0x007514de> { :libertas:_lbs_scan_networks + 0x9b2 }
> PC : <0x00750b9a> { :libertas:_lbs_scan_networks + 0x6e }
> DCPLB_FAULT_ADDR: <0x004a5e9c> /* unknown address */
> ICPLB_FAULT_ADDR: <0x00750b9a> { :libertas:_lbs_scan_networks + 0x6e }
>
> PROCESSOR STATE:
> R0 : 00000003 R1 : 00000000 R2 : 0000001f R3 : 0000001f
> R4 : 00000000 R5 : 00000008 R6 : 00000008 R7 : 0075fe08
> P0 : 004a5eb1 P1 : 00158cd4 P2 : 0075c847 P3 : 004a2380
> P4 : 00727004 P5 : 007678b0 FP : 004a5e74 SP : 004a5d2c
> LB0: ffa01954 LT0: ffa01952 LC0: 00000000
> LB1: 00078582 LT1: 00078574 LC1: 00000000
> B0 : 00000000 L0 : 00000000 M0 : 00000000 I0 : 001eee10
> B1 : 00000000 L1 : 00000000 M1 : 00000000 I1 : 00000000
> B2 : 00000000 L2 : 00000000 M2 : 00000000 I2 : ffff5f92
> B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 00000000
> A0.w: 000000a0 A0.x: 00000000 A1.w: 000000a0 A1.x: 00000000
> USP : 00000000 ASTAT: 02003025
>
> Stack from 004a5d10:
> 00000400 ffa00918 00158788 00158788 00000000 0000000a 0000c680
> 00750b9a 00008030 00000024 00000000 004a5e08 00750b9a 00750b9a 007514de
> 00000003 02003025 00078582 ffa01954 00078574 ffa01952 00000000 00000000
> 000000a0 00000000 000000a0 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000 ffff5f92 00000000 001eee10 00000000 004a5e74 007678b0 00727004
> 004a2380
>
> Call Trace:
> [<0000ffff>] _tasklet_kill+0x4f/0x80
> [<0000ffff>] _tasklet_kill+0x4f/0x80
> [<0000c30a>] _printk+0x12/0x18
> [<00751a18>] _lbs_send_specific_ssid_scan+0xd4/0x140 [libertas]
> [<0075ae1c>] _lbs_association_worker+0x170c/0x1948 [libertas]
> [<0003bacc>] _sys_unlink+0x0/0xc
> [<000087fe>] ___activate_task+0x1a/0x34
> [<00017d4c>] _run_workqueue+0x6c/0x12c
> [<00759710>] _lbs_association_worker+0x0/0x1948 [libertas]
> [<0001863a>] _worker_thread+0x8a/0xa4
> [<0001861e>] _worker_thread+0x6e/0xa4
> [<0001aec4>] _autoremove_wake_function+0x0/0x30
> [<0001aaf4>] _kthread+0x50/0x64
> [<000185b0>] _worker_thread+0x0/0xa4
> [<00001686>] _kernel_thread_helper+0x6/0xc
>
> Please turn on CONFIG_ACCESS_CHECK
> Kernel panic - not syncing: Kernel exception
>
>
> To test, I added the get_unaligned() function into all le16_to_cpu()
> function !! But same kernel panic...
> From the log I think the problem come from lbs_scan_networks(), but I
> am unsure and I don't see what can be the problem.
>
> Any idea ?
> Regards,
> Cyril
>
> Holger Schurig a écrit :
> >>libertas DNLD_CMD: 03 00 2e 00 02 00 00 00 00 00 00 00 00 00 00 00
> >>libertas DNLD_CMD: ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00
> >>libertas DNLD_CMD: 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >>##inw 00000020<0005
> >>##outw 00000018>002e
> >>##outsw 0000001a>(0x17 words)
> >>##outw 00000000>0004
> >>##outw 00000002>0004
> >>root:~> libertas: Command 3 timed out
> >>libertas: requeueing command 3 due to timeout (#1)
> >
> >Your card doesn't generate an interrupt.
> >
> >After the last "##outw 00000002>0004" the driver is finished so far.
> >Then the driver waits until the card interrupts back -- or the driver
> >moans about a time out.
> >
> >Here's a relevant from this driver, talking to my CF card:
> >
> >libertas enter: lbs_submit_command():1166
> >libertas cmd: DNLD_CMD: command 0x0003, seq 2, size 46, jiffies 578632
> >libertas DNLD_CMD: 03 00 2e 00 02 00 00 00 00 00 00 00 00 00 00 00
> >libertas DNLD_CMD: ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00
> >libertas DNLD_CMD: 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >libertas_cs enter: if_cs_host_to_card(type 1, bytes 46):622
> >libertas_cs enter: if_cs_send_cmd():290
> >##inw 00000020<0005
> >
> >This are bits IF_CS_C_S_TX_DNLD_RDY and IF_CS_C_S_CMD_DNLD_RDY. So we can
> >download a command. Which we do. First the length, then the data:
> >
> >##outw 00000018>002e
> >##outsw 0000001a>(0x17 words)
> >
> >0x17 * 2 = 0x2e, so this seems all fine. So we poke
> >IF_CS_H_STATUS_DNLD_OVER into the host status register
> >
> >##outw 00000000>0004
> >
> >and create an interrupt on on the embedded ARM processor:
> >
> >##outw 00000002>0004
> >libertas_cs leave: if_cs_send_cmd():321, ret 0
> >libertas_cs leave: if_cs_host_to_card():638, ret 0
> >libertas leave: lbs_submit_command():1199
> >libertas leave: lbs_execute_next_command():1879
> >libertas thread: main-thread 111: intcounter=0 currenttxskb=00000000
> > dnld_sent=2 libertas thread: main-thread sleeping... Conn=1 IntC=0
> > PS_mode=0 PS_State=0
> >
> >... and then we have to wait until we get an interrupt. Here it comes:
> >
> >libertas_cs enter (INT): if_cs_interrupt():249
> >##inw 00000022<0008
> >##outw 00000022>0008
> >libertas enter (INT): lbs_interrupt():1464
> >libertas thread (INT): lbs_interrupt: intcounter=0
> >libertas leave (INT): lbs_interrupt():1472
> >libertas thread: main-thread 222 (waking up): intcounter=1
> > currenttxskb=00000000 dnld_sent=2 libertas thread: main-thread 333:
> > intcounter=1 currenttxskb=00000000 dnld_sent=2 libertas_cs enter:
> > if_cs_get_int_status():650
> >
> >Read the int cause (IF_CS_C_S_CMD_UPLD_RDY) and clear it:
> >
> >##inw 00000022<0000
> >##outw 00000022>0000
> >
> >Forgot about this now:
> >
> >##inw 00000020<000d
> >libertas_cs enter: if_cs_receive_cmdres():357
> >##inw 00000020<000d
> >
> >
> >Read the data back (e.g. MAC adress of the card etc):
> >
> >##inw 00000030<0036
> >##insw 00000012<(0x1b words)
> >libertas_cs leave: if_cs_receive_cmdres():382, ret 0, len 46
> >libertas_cs leave: if_cs_get_int_status():684, ret 0, ireg 0xd, hisregcpy
> > 0x0 libertas thread: main-thread 444: intcounter=0 currenttxskb=00000000
> > dnld_sent=0 libertas thread: main-thread: cmd response ready
> >libertas enter: lbs_process_rx_command():473
> >libertas cmd: CMD_RESP: response 0x8003, seq 2, size 46, jiffies 578632
> >libertas CMD_RESP: 03 80 2e 00 02 00 00 00 02 00 13 02 08 00 40 00
> >libertas CMD_RESP: 00 16 41 72 f6 a8 40 30 01 00 10 00 05 00 00 00
> >libertas CMD_RESP: 00 00 00 00 00 00 00 00 00 00 03 03 00 00
> >libertas leave: lbs_process_rx_command():625, ret 0
> >libertas enter: lbs_execute_next_command():1744
> >libertas leave: lbs_execute_next_command():1879
> >
> >
> >
> >So, basically you don't get an interrupt. MAYBE it's
> >because of the PCMCIA subsystem (your kernel is way older).
> >Be my guest to look into if_cs_probe(), this is where this
> >happens.
> >
> >For me, the PCMCIA stuff was a little opaque. Part of the
> >code I wrote by looking at other drivers, part by trying
> >and part by peeking into drivers/pcmcia/cs.c, ds.c, etc.
> >
> >_______________________________________________
> >libertas-dev mailing list
> >libertas-dev at lists.infradead.org
> >http://lists.infradead.org/mailman/listinfo/libertas-dev
--
Vladimir Davydov
Senior Developer
Promwad Innovation Company
19, Sharangovicha Str.
220018, Minsk, Belarus
Phone/Fax: +375 (17) 211-5826
Web: www.promwad.com
More information about the libertas-dev
mailing list