From owner-freebsd-current@FreeBSD.ORG Mon Jul 12 16:56:36 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD7A5106566B; Mon, 12 Jul 2010 16:56:36 +0000 (UTC) (envelope-from rpaulo@freebsd.org) Received: from karen.lavabit.com (karen.lavabit.com [72.249.41.33]) by mx1.freebsd.org (Postfix) with ESMTP id 323278FC16; Mon, 12 Jul 2010 16:56:35 +0000 (UTC) Received: from e.earth.lavabit.com (e.earth.lavabit.com [192.168.111.14]) by karen.lavabit.com (Postfix) with ESMTP id 6B4A911BA87; Mon, 12 Jul 2010 11:56:34 -0500 (CDT) Received: from 10.0.10.3 (54.81.54.77.rev.vodafone.pt [77.54.81.54]) by lavabit.com with ESMTP id B8FY11U9KTRO; Mon, 12 Jul 2010 11:56:32 -0500 Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Rui Paulo In-Reply-To: Date: Mon, 12 Jul 2010 17:56:28 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <275997A3-6832-4EB9-B1BD-F9848E2C1F66@FreeBSD.org> References: <201007072113.16320.hselasky@c2i.net> To: Andrew Thompson X-Mailer: Apple Mail (2.1081) Cc: freebsd-current@freebsd.org, Sam Leffler , PseudoCylon , freebsd-usb@freebsd.org, Hans Petter Selasky Subject: Re: [panic] Race in IEEE802.11 layer towards device drivers X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 16:56:36 -0000 On 12 Jul 2010, at 01:07, Andrew Thompson wrote: > On 8 July 2010 07:13, Hans Petter Selasky wrote: >> Hi, >>=20 >> When supplying wpa_supplicant.conf with incorrect passwords, but a = valid SSID, >> I have seen kernel panics several times when using USB based WLAN = dongles. >> When only supplying a valid password, no panic has been seen. >>=20 >> How to reproduce: >>=20 >> 1) configure invalid password >> 2) wpa_cli: reconfigure >> 3) configure valid password >> 4) wpa_cli: reconfigure >> 5) goto 1 >>=20 >> The USB commands which are executed inside the newstate callback = usually take >> very little time, but still not as little time as PCI read/writes. = I've forced >> slower operation in the newstate callback, and can reproduce warning = printouts >> from the IEEE802.11 layer in FreeBSD. Try to apply the following = patch to your >> USB code: >>=20 >> http://p4web.freebsd.org/@@180604?ac=3D10 >>=20 >> In my opinion the deferring of all states to a single task is wrong. = There >> should be at least one task per possible state, and the queuing = mechanism >> should follow the last-queued is last executed rule. This is not the = case with >> the task-queue mechanism in the kernel. >=20 > This turned out to be refcounting of the ieee80211_node struct which > was causing this panic. vap->iv_bss can be freed at any time so all > users of it need to bump the refcount to use it safely. >=20 > This patch should fix the panic in the rum driver. > http://people.freebsd.org/~thompsa/rum_node_refcnt.diff >=20 > There are other places where it is still an issue such as the > ieee80211_tx_mgt_timeout callout which havnt been addressed yet, and > of course all other ieee80211 drivers. Oh, this makes sense now. My previous attempt at help you made no = sense... Regards, -- Rui Paulo