From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-08-19 18:49:36 UTC
On Mon, Aug 19, 2002 at 08:24:00PM +0300, Jouni Malinen wrote:
> I do not normally use WEP or kernel bridging in my tests. However, now
> that I enabled both of these, I was able to crash kernel after extended
> flooding from a station to a host in wired net (i.e., using kernel
> bridge code). This crash was also in an interrupt handler. It looks like
> softirq was doing TX and when it freed the packet, something hang..
I think I found this and the fix is in the CVS. Actually, it did not have anything to do with bridge or WEP code. I changed management frame passing a while ago, but forget to change memory freeing routines to use proper dev_kfree_skb() (it used be just a memory area allocated with kmalloc() and freed with kfree()).
This bug caused at least memory leaks for management frames, but I wouldn't be suprised if it also corrupted memory allocation data and thus caused wierd errors.. Anyway, I was unable to crash my test setup after this fix, so hopefully this helps also some other cases that have been reported. In other words, if you have seen crashes with the CVS version, please retest with the latest CVS snapshot and report if this fixes some problems or if the problems persist.
-- Jouni Malinen PGP id EFC895FA