Bug 242783 - kernel oops p54usb
Summary: kernel oops p54usb
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: John W. Linville
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-05 19:12 UTC by Martin Jürgens
Modified: 2007-11-30 22:12 UTC (History)
3 users (show)

Fixed In Version: 2.6.22.1-41.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-02 19:33:02 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
/var/log/messages oops cutting (4.40 KB, text/plain)
2007-06-05 19:12 UTC, Martin Jürgens 		no flags Details
View All

Description Martin Jürgens 2007-06-05 19:12:27 UTC 
Description of problem:
Kernel oopses when plugging in Siemens Gigaset USB WLAN Adapter 54.

Version-Release number of selected component (if applicable):
-/-

How reproducible:
Every time


Steps to Reproduce:
1. Plug in Siemens Gigaset USB WLAN Adapter 54
  
Actual results:
OOPS

Expected results:
LED should turn on and I should have access to the WLAN.

Additional info:
OOPS is attached. I had to download the device's firmware from
http://jbnote.free.fr/prism54usb/data/firmwares/net2280/2.4.3.7/2.4.3.7.arm to
/lib/firmware/isl3890usb
Comment 1 Martin Jürgens 2007-06-05 19:12:28 UTC 
Created attachment 156262 [details]
/var/log/messages oops cutting
Comment 2 John W. Linville 2007-06-05 19:21:41 UTC 
Did the oops disappear once you had the firmware in place?  Just checking...
Comment 3 Pete Zaitcev 2007-06-05 19:23:04 UTC 
See also bug 242638 (please do not dup just yet!)
Comment 4 Martin Jürgens 2007-06-05 19:28:08 UTC 
> Did the oops disappear once you had the firmware in place?

No, it started appearing after placing the firmware to /lib/firmware and
replugging the device in.

Without the firmware I do not get a OOPS but I do not get WLAN either ;-)
Comment 5 Martin Jürgens 2007-06-05 19:48:24 UTC 
In bug 242638 one machine does not OOPS because the firmware is not installed
(p54usb: cannot find firmware).

Caolan in bug 242638 needs an other firmware (isl3887usb_bare) than I had to get
(isl3890usb). That's why I think that our devices are slightly different.

lsusb output:


Bus 002 Device 001: ID 0000:0000  
Bus 001 Device 003: ID 1241:1166 Belkin 
Bus 001 Device 001: ID 0000:0000  
Bus 003 Device 026: ID 14aa:0221 AVerMedia (again) or C&E AVermedia DVBT Tuner
Dongle
Bus 003 Device 016: ID 083a:4502 Accton Technology Corp. 
Bus 003 Device 001: ID 0000:0000
Comment 6 Chuck Ebbert 2007-06-05 20:31:45 UTC 
There is something very wrong with either the firmware or the parsing code.

eax (==1fc800a0) contains the len field in the bootrec
ebp (==f8da411c) holds the address of the data

prism54common.c line 86:
        bootrec = (struct bootrec *)&bootrec->data[le32_to_cpu(bootrec->len)];
        if ((u32 *)bootrec > end_data)
                break;

There is a 32-bit overflow when calculating the new value of bootrec, so the
check for "bootrec > end_data" is not true and we go on to dereference an
invalid address.
Comment 7 Pete Zaitcev 2007-07-17 03:51:39 UTC 
Chuck, how did you manage to perform the above analysis? I downloaded the
SRPM for 2.6.23-0.15.rc0.git1.fc8, and there's no prism54usb anywhere in sight
on it. What source are you looking at?
Comment 8 Pete Zaitcev 2007-07-17 05:47:28 UTC 
Never mind, I found it. Someone took a perfectly good drivers/wireless/prism54usb
and ported it to D-scape stack... poorly.
Comment 9 John W. Linville 2007-07-30 19:34:16 UTC 
This issue should be resolved with current F7 kernels.  Can you verify that?
Comment 10 Martin Jürgens 2007-08-01 09:06:42 UTC 
sorry. my wlan device is broken.,
Note You need to log in before you can comment on or make changes to this bug.