Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Jun 2011 17:21:55 +0800
From:      Adrian Chadd <adrian@freebsd.org>
To:        bschmidt@freebsd.org
Cc:        Stefan Esser <st_esser@t-online.de>, freebsd-current@freebsd.org
Subject:   Re: Panic in ieee80211 tx mgmt timeout
Message-ID:  <BANLkTi=QNwtifaq0svdexVjBvSViVjVgWA@mail.gmail.com>
In-Reply-To: <201106291027.56939.bschmidt@freebsd.org>
References:  <4E099EB2.7050902@freebsd.org> <201106290803.36647.bschmidt@freebsd.org> <BANLkTim601dRADEPz4sbETwMiEBt0YqyHg@mail.gmail.com> <201106291027.56939.bschmidt@freebsd.org>
index | next in thread | previous in thread | raw e-mail 

The question here is - what context is the callback being called in?

The lack of net80211 locking has me confused and sad. :/


Adrian

On 29 June 2011 16:27, Bernhard Schmidt <bschmidt@freebsd.org> wrote:
> On Wednesday, June 29, 2011 10:03:02 Adrian Chadd wrote:
>> On 29 June 2011 14:03, Bernhard Schmidt <bschmidt@freebsd.org> wrote:
>>
>> > It's name is ieee80211_tx_mgt_timeout used to track AUTH/ASSOC
>> > requests. Afaik there is even a similar PR about that.
>> >
>> > Adrian, you've got a AP set up to drop either a AUTH or ASSOC
>> > response frame?
>>
>> Tell me how and I'll set it up.
>>
>> A panic at that point in the function indicates maybe ni is NULL?
>> or ni->vap is now NULL, maybe?
>
> vap should never be NULL, so, I'd guess it's ni.
>
> Hmm.. I'd guess there is some kind of racy behavior, if the driver is
> telling us that it was able to send the AUTH req frame, net80211 sets
> up the timeout callback. What happens if the AUTH resp as well as the
> callback hit at the same time? It should be locked appropriately, but
> is it?
>
> This will drop the AUTH response:
>
> Index: sys/net80211/ieee80211_hostap.c
> ===================================================================
> --- sys/net80211/ieee80211_hostap.c     (revision 223661)
> +++ sys/net80211/ieee80211_hostap.c     (working copy)
> @@ -978,7 +978,7 @@ hostap_auth_open(struct ieee80211_node *ni, struct
>                    "%s", "station authentication defered (radius acl)");
>                ieee80211_notify_node_auth(ni);
>        } else {
> -               IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
> +               //IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
>                IEEE80211_NOTE_MAC(vap,
>                    IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, ni->ni_macaddr,
>                    "%s", "station authenticated (open)");
> @@ -1158,7 +1158,7 @@ hostap_auth_shared(struct ieee80211_node *ni, stru
>                estatus = IEEE80211_STATUS_SEQUENCE;
>                goto bad;
>        }
> -       IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
> +       //IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
>        return;
>  bad:
>        /*
>
>
> --
> Bernhard
>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTi=QNwtifaq0svdexVjBvSViVjVgWA>