From owner-freebsd-usb@FreeBSD.ORG Thu Jul 8 03:12:43 2010 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C89791065672; Thu, 8 Jul 2010 03:12:43 +0000 (UTC) (envelope-from andy@fud.org.nz) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 515A48FC18; Thu, 8 Jul 2010 03:12:42 +0000 (UTC) Received: by vws6 with SMTP id 6so635628vws.13 for ; Wed, 07 Jul 2010 20:12:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.220.128.203 with SMTP id l11mr3916158vcs.125.1278558757095; Wed, 07 Jul 2010 20:12:37 -0700 (PDT) Sender: andy@fud.org.nz Received: by 10.220.72.134 with HTTP; Wed, 7 Jul 2010 20:12:37 -0700 (PDT) In-Reply-To: <201007072113.16320.hselasky@c2i.net> References: <201007072113.16320.hselasky@c2i.net> Date: Thu, 8 Jul 2010 15:12:37 +1200 X-Google-Sender-Auth: 3yuWLq2vCbm6Dk81gmAi58HpdEw Message-ID: From: Andrew Thompson To: Hans Petter Selasky Content-Type: text/plain; charset=ISO-8859-1 Cc: Sam Leffler , PseudoCylon , freebsd-usb@freebsd.org, freebsd-current@freebsd.org Subject: Re: [panic] Race in IEEE802.11 layer towards device drivers X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2010 03:12:43 -0000 On 8 July 2010 07:13, Hans Petter Selasky wrote: > Hi, > > When supplying wpa_supplicant.conf with incorrect passwords, but a valid SSID, > I have seen kernel panics several times when using USB based WLAN dongles. > When only supplying a valid password, no panic has been seen. > > How to reproduce: > > 1) configure invalid password > 2) wpa_cli: reconfigure > 3) configure valid password > 4) wpa_cli: reconfigure > 5) goto 1 > > The USB commands which are executed inside the newstate callback usually take > very little time, but still not as little time as PCI read/writes. I've forced > slower operation in the newstate callback, and can reproduce warning printouts > from the IEEE802.11 layer in FreeBSD. Try to apply the following patch to your > USB code: > > http://p4web.freebsd.org/@@180604?ac=10 > > In my opinion the deferring of all states to a single task is wrong. There > should be at least one task per possible state, and the queuing mechanism > should follow the last-queued is last executed rule. This is not the case with > the task-queue mechanism in the kernel. You dont say why it should be this way, do you have an example of a problem this fixes? I think the single state thread is correct. The whole thing works on state transitions, you dont just set a state. > > Description of panics. I didn't have core dump enabled on this box, so please > bear over with the following hand-written notes: > > 1) A vap->iv_bss == NULL, inside ratectl task in RUM driver. > > 2) A memcpy() fails inside the iee80211...newstate_cb() > > 3) This and similar printouts are seen: > > wlan0: ieee80211_new_state_locked: pending AUTH -> ASSOC transition lost Can you see if you can get a core dump, or at least a DDB trace and the output from `show vap ` Andrew