In Froyo Almond builds Kernel Panic was observed when we enable USB Tethering.
Call stack of the crash looks like this :-
PC: strlen+0xc0/0x20
LR: rndis_msg_parser+0x614/0x10c8
Strlen+0xc/0x20
Rndis_msg_parser+0x640/0x10c8
Rndis_command_complete+0x20
Ep0_queue_ack_complete+0x68
Usb_interrupt+0x7f8/0x914
Handle_IRQ_event+0x34/0xf4
Handle_level_iqr+0xd4/0x178
Asm_do_IRQ+0x68/0x84
After collecting Le-Croy log it was found that when RNDIS Host driver sends REMOTE_NDIS_QUERY_MSG for OID_GEN_VENDOR_DESCRIPTION_MSG kernel panic is observed.
Analysis:
Basically crash happens when rndis_msg_parser() gets called for REMOTE_NDIS_QUERY_MSG which further calls rndis_query_response() ->gen_ndis_query_resp(case: OID_GEN_VENDOR_DESCRIPTION)-> which calls strlen (rndis_per_dev_params [configNr].vendorDescr); and we see crash after that.It is found that rndis_set_param_vendor() is setting the value for vendorDescr and vendorId.rndis_set_param_vendor() needs to be called from rndis_bind()[f_rndis.c].
If you see this function being commented out in rndis_bind() like this :-
#if 0
// FIXME
if (rndis_set_param_vendor(rndis->config, vendorID,
manufacturer))
goto fail0;
No comments:
Post a Comment