Date: Wed, 29 Jun 2011 17:21:55 +0800 From: Adrian Chadd <adrian@freebsd.org> To: bschmidt@freebsd.org Cc: Stefan Esser <st_esser@t-online.de>, freebsd-current@freebsd.org Subject: Re: Panic in ieee80211 tx mgmt timeout Message-ID: <BANLkTi=QNwtifaq0svdexVjBvSViVjVgWA@mail.gmail.com> In-Reply-To: <201106291027.56939.bschmidt@freebsd.org> References: <4E099EB2.7050902@freebsd.org> <201106290803.36647.bschmidt@freebsd.org> <BANLkTim601dRADEPz4sbETwMiEBt0YqyHg@mail.gmail.com> <201106291027.56939.bschmidt@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The question here is - what context is the callback being called in? The lack of net80211 locking has me confused and sad. :/ Adrian On 29 June 2011 16:27, Bernhard Schmidt <bschmidt@freebsd.org> wrote: > On Wednesday, June 29, 2011 10:03:02 Adrian Chadd wrote: >> On 29 June 2011 14:03, Bernhard Schmidt <bschmidt@freebsd.org> wrote: >> >> > It's name is ieee80211_tx_mgt_timeout used to track AUTH/ASSOC >> > requests. Afaik there is even a similar PR about that. >> > >> > Adrian, you've got a AP set up to drop either a AUTH or ASSOC >> > response frame? >> >> Tell me how and I'll set it up. >> >> A panic at that point in the function indicates maybe ni is NULL? >> or ni->vap is now NULL, maybe? > > vap should never be NULL, so, I'd guess it's ni. > > Hmm.. I'd guess there is some kind of racy behavior, if the driver is > telling us that it was able to send the AUTH req frame, net80211 sets > up the timeout callback. What happens if the AUTH resp as well as the > callback hit at the same time? It should be locked appropriately, but > is it? > > This will drop the AUTH response: > > Index: sys/net80211/ieee80211_hostap.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/net80211/ieee80211_hostap.c =A0 =A0 (revision 223661) > +++ sys/net80211/ieee80211_hostap.c =A0 =A0 (working copy) > @@ -978,7 +978,7 @@ hostap_auth_open(struct ieee80211_node *ni, struct > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"%s", "station authentication defe= red (radius acl)"); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ieee80211_notify_node_auth(ni); > =A0 =A0 =A0 =A0} else { > - =A0 =A0 =A0 =A0 =A0 =A0 =A0 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTY= PE_AUTH, seq + 1); > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 //IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUB= TYPE_AUTH, seq + 1); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0IEEE80211_NOTE_MAC(vap, > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0IEEE80211_MSG_DEBUG | IEEE80211_MS= G_AUTH, ni->ni_macaddr, > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"%s", "station authenticated (open= )"); > @@ -1158,7 +1158,7 @@ hostap_auth_shared(struct ieee80211_node *ni, stru > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0estatus =3D IEEE80211_STATUS_SEQUENCE; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0goto bad; > =A0 =A0 =A0 =A0} > - =A0 =A0 =A0 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1= ); > + =A0 =A0 =A0 //IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq += 1); > =A0 =A0 =A0 =A0return; > =A0bad: > =A0 =A0 =A0 =A0/* > > > -- > Bernhard >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTi=QNwtifaq0svdexVjBvSViVjVgWA>