Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Jun 2011 10:27:56 +0200
From:      Bernhard Schmidt <bschmidt@freebsd.org>
To:        Adrian Chadd <adrian@freebsd.org>
Cc:        Stefan Esser <st_esser@t-online.de>, freebsd-current@freebsd.org
Subject:   Re: Panic in ieee80211 tx mgmt timeout
Message-ID:  <201106291027.56939.bschmidt@freebsd.org>
In-Reply-To: <BANLkTim601dRADEPz4sbETwMiEBt0YqyHg@mail.gmail.com>
References:  <4E099EB2.7050902@freebsd.org> <201106290803.36647.bschmidt@freebsd.org> <BANLkTim601dRADEPz4sbETwMiEBt0YqyHg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday, June 29, 2011 10:03:02 Adrian Chadd wrote:
> On 29 June 2011 14:03, Bernhard Schmidt <bschmidt@freebsd.org> wrote:
> 
> > It's name is ieee80211_tx_mgt_timeout used to track AUTH/ASSOC
> > requests. Afaik there is even a similar PR about that.
> >
> > Adrian, you've got a AP set up to drop either a AUTH or ASSOC
> > response frame?
> 
> Tell me how and I'll set it up.
> 
> A panic at that point in the function indicates maybe ni is NULL?
> or ni->vap is now NULL, maybe?

vap should never be NULL, so, I'd guess it's ni.

Hmm.. I'd guess there is some kind of racy behavior, if the driver is
telling us that it was able to send the AUTH req frame, net80211 sets
up the timeout callback. What happens if the AUTH resp as well as the
callback hit at the same time? It should be locked appropriately, but
is it?

This will drop the AUTH response:

Index: sys/net80211/ieee80211_hostap.c
===================================================================
--- sys/net80211/ieee80211_hostap.c	(revision 223661)
+++ sys/net80211/ieee80211_hostap.c	(working copy)
@@ -978,7 +978,7 @@ hostap_auth_open(struct ieee80211_node *ni, struct
 		    "%s", "station authentication defered (radius acl)");
 		ieee80211_notify_node_auth(ni);
 	} else {
-		IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
+		//IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
 		IEEE80211_NOTE_MAC(vap,
 		    IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, ni->ni_macaddr,
 		    "%s", "station authenticated (open)");
@@ -1158,7 +1158,7 @@ hostap_auth_shared(struct ieee80211_node *ni, stru
 		estatus = IEEE80211_STATUS_SEQUENCE;
 		goto bad;
 	}
-	IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
+	//IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
 	return;
 bad:
 	/*


-- 
Bernhard

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106291027.56939.bschmidt>