Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Dec 2006 22:57:04 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-current@freebsd.org
Cc:        Munehiro Matsuda <haro@h4.dion.ne.jp>, rwatson@freebsd.org, bzeeb-lists@lists.zabbadoz.net
Subject:   Re: LOR with netisr changes
Message-ID:  <200612042257.12597.max@love2party.net>
In-Reply-To: <200612041149.21533.jhb@freebsd.org>
References:  <20061128180811.P95096@fledge.watson.org> <20061204.004950.74755916.haro@h4.dion.ne.jp> <200612041149.21533.jhb@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2099711.ZZajPHy2dM
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 04 December 2006 17:49, John Baldwin wrote:
> On Sunday 03 December 2006 10:49, Munehiro Matsuda wrote:
> > From: John Baldwin <jhb-at-freebsd.org>
> > Date: Wed, 29 Nov 2006 12:39:56 -0500
> >
> > ::On Tuesday 28 November 2006 14:41, Sam Leffler wrote:
> > ::> Robert Watson wrote:
> > ::> > On Wed, 29 Nov 2006, Munehiro Matsuda wrote:
> > ::> >> JFYI, I got following LOR started after the netisr changes:
> > ::> >
> > ::> > In general, device driver locks should not be held over entry
> > ::> > to the network stack.  However, things get a bit tricky in the
> > ::> > 802.11 code due to lock sharing, I believe, so it could be a
> > ::> > bit more tricky to fix that.
> > ::>
> > ::> It's just a bug in the driver.  Driver locks should be dropped
> > ::> when packets get passed up the stack.  This issue was pointed out
> > ::> before iwi ever was committed but since nothing immediately comes
> > ::> back via the bridge (or similar) it's been ignored.
> > ::
> > ::How about this:
> >
> > <snip>
> >
> > ::(I'm unsure if the net82011 layer protects 'ic' or if the driver is
> > :: supposed to do that.)

That's the main problem of net80211 as far as I understand it.  The 'ic'=20
stores a lot of state and configuration and it is unclear how it is=20
protected.  Most of the time, it seems to be the driver's job.  However,=20
there are entry points in net80211 that change the 'ic' underneath the=20
driver without giving them a chance to protect it.  IIRC, there has been=20
the idea to expose a driver mutex to the net80211 layer in order to take=20
care of this - not sure what has become of that idea, though.

> > Sorry for the late reply, and thanks for the patch.
> > I needed to tweak the patch to make it compile, but seems to work
> > fine. Modified patch attached.
> >
> > From: "Bjoern A. Zeeb" <bzeeb-lists-at-lists.zabbadoz.net>
> > Date: Sat, 2 Dec 2006 12:25:28 +0000 (UTC)
> >
> > ::ok, whoever is going to take care of this and perhaps commit the
> > :: fix let me know. I assigned it LOR ID 194 on "The LOR page":
> > :: 	http://sources.zabbadoz.net/freebsd/lor.html#194
> >
> > LOR seems to be gone with the patch, so it could be removed when
> > committed.
> >
> > Thanks,
> >   Haro
> >
> > --- if_iwi.c.org	9 Nov 2006 16:05:43 -0000
> > +++ if_iwi.c	3 Dec 2006 14:17:45 -0000
> > @@ -1230,6 +1230,7 @@
> >  	struct mbuf *mnew, *m;
> >  	struct ieee80211_node *ni;
> >  	int type, error, framelen;
> > +	IWI_LOCK_DECL;
>
> Hmm, why this?   If it's for spl's, note that the rest of the patch is
> specific to 5.x and up, shouldn't really be dropping spl in 4.x.  Also,
> even if it did, it would pass a garbage value to splx(), so it would
> really break things badly.

No, this is a hack to work around a recursion in net80211.  There are a=20
couple of places where the driver calls back into net80211 with the lock=20
held (to protect the 'ic', see above).  net80211 then might call back=20
into the driver, which means we would have either have to use a recursive=20
lock (which can't be passed to msleep) or avoid the recursion at leat for=20
the lock (which is what IWI_LOCK_DECL does).  I know it's ugly and wrong,=20
but unless there is a propper sollution as to how the net80211 data=20
structures are protected in various call paths, it's not something that=20
can be fixed.

> >  	framelen =3D le16toh(frame->len);
> >  	if (framelen < IEEE80211_MIN_LEN || framelen > MCLBYTES) {
> > @@ -1310,6 +1311,7 @@
> >
> >  		bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m);
> >  	}
> > +	IWI_UNLOCK(sc);
> >
> >  	ni =3D ieee80211_find_rxnode(ic, mtod(m, struct ieee80211_frame_min
> > *));
> >
> > @@ -1319,6 +1321,7 @@
> >  	/* node is no longer needed */
> >  	ieee80211_free_node(ni);
> >
> > +	IWI_LOCK(sc);
> >  	if (sc->sc_softled) {
> >  		/*
> >  		 * Blink for any data frame.  Otherwise do a
> >
> > =3D--------------------------------------------------------------------
> >---------- _ _    Munehiro (haro) Matsuda
> >  -|- /_\  |_|_|   Internet Solution Dept., KGT Inc.
> >  /|\ |_|  |_|_|   2-8-8 Shinjuku Shinjuku-ku Tokyo 160-0022, Japan
> >                   Tel: +81-3-3225-0767  Fax: +81-3-3225-0740

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart2099711.ZZajPHy2dM
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQBFdJm4XyyEoT62BG0RAqPQAJ42c99B19FWwsJy1Z86gOehNMk1swCfU1EV
NwMI/uK2b53NZbhuLi6Q4Rc=
=VQlv
-----END PGP SIGNATURE-----

--nextPart2099711.ZZajPHy2dM--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612042257.12597.max>