Date: Mon, 12 Jul 2010 18:54:08 -0700 (PDT) From: PseudoCylon <moonlightakkiy@yahoo.ca> To: Hans Petter Selasky <hselasky@c2i.net>, freebsd-current@freebsd.org Cc: Sam Leffler <sam@freebsd.org>, freebsd-usb@freebsd.org Subject: Re: [panic] Race in IEEE802.11 layer towards device drivers Message-ID: <768329.28397.qm@web51801.mail.re2.yahoo.com> In-Reply-To: <201007122201.11534.hselasky@c2i.net> References: <201007072113.16320.hselasky@c2i.net> <AANLkTim-2GbC0fOKnZkyV_c_LzIy2hPdeC_jnNaBFXza@mail.gmail.com> <201007122201.11534.hselasky@c2i.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ---- > From: Hans Petter Selasky <hselasky@c2i.net> > To: freebsd-current@freebsd.org > Cc: Andrew Thompson <thompsa@freebsd.org>; Sam Leffler <sam@freebsd.org>; >PseudoCylon <moonlightakkiy@yahoo.ca>; freebsd-usb@freebsd.org > Sent: Mon, July 12, 2010 2:01:11 PM > Subject: Re: [panic] Race in IEEE802.11 layer towards device drivers > > Hi Andrew, > > Your patch appears to be working. Can you fix this issue in the other WLAN > drivers aswell? Then send an e-mail to request testing? I had a go at it here: > > http://p4web.freebsd.org/@@180844?ac=10 > Since I wasn't able to reproduce the panic, I can only confirm the patched run(4) driver runs OK. I just want to patch hostap related fix before calling for this test. I'll ask the user if it's fixed. Should the debugging code, usb_pause_mtx(), be left in the code for testing? If the drivers don't panic to begin with, we won't know the patch really fixed the issue. AK > I found another panic issue: > > ifconfig wlan0 delete > ifconfig wlan0 destroy > > When not associate or associated. > > Backtrace (AMD64 - 9-current): > > node_free() + 0x2c > rum_tx_free() + 0x3b > which is called from the bulk tx callback > > Another thread is running an IOCTL -> rum_stop(), which causes the CANCELLED > event to be passed to USB. Can't we free any nodes at this point? > > --HPS > > > This turned out to be refcounting of the ieee80211_node struct which > > was causing this panic. vap->iv_bss can be freed at any time so all > > users of it need to bump the refcount to use it safely. > > > > This patch should fix the panic in the rum driver. > > http://people.freebsd.org/~thompsa/rum_node_refcnt.diff > > > > There are other places where it is still an issue such as the > > ieee80211_tx_mgt_timeout callout which havnt been addressed yet, and > > of course all other ieee80211 drivers. > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?768329.28397.qm>