Date: Mon, 19 Feb 2024 08:09:20 +0000 From: bugzilla-noreply@freebsd.org To: wireless@FreeBSD.org Subject: [Bug 271979] bsdinstall(8): iwlwifi(4): system crash when authenticating for Wi-Fi: panic: lkpi_sta_auth_to_scan: lsta 0x... state not NONE: 0, nstate 1 arg 1 Message-ID: <bug-271979-21060-zKu1b0Jqnt@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-271979-21060@https.bugs.freebsd.org/bugzilla/> References: <bug-271979-21060@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271979 --- Comment #44 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Da7e1fc7f620d3341549c1380f550aaafb= db45622 commit a7e1fc7f620d3341549c1380f550aaafbdb45622 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2024-01-10 10:14:16 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2024-02-19 08:02:01 +0000 net80211: deal with lost state transitions Since 5efea30f039c4 we can possibly lose a state transition which can cause trouble further down the road. The reproducer from 643d6dce6c1e can trigger these for example. Drivers for firmware based wireless cards have worked around some of this (and other) problems in the past. Add an array of tasks rather than a single one as we would simply get npending > 1 and lose order with other tasks. Try to keep state changes updated as queued in case we end up with more than one at a time. While this is not ideal either (call it a hack) it will sort the problem for now. We will queue in ieee80211_new_state_locked() and do checks there and dequeue in ieee80211_newstate_cb(). If we still overrun the (currently) 8 slots we will drop the state change rather than overwrite the last one. When dequeing we will update iv_nstate and keep it around for historic reasons for the moment. The longer term we should make the callers of ieee80211_new_state[_locked]() actually use the returned errors and act appropriately but that will touch a lot more places and drivers (possibly incl. changed behaviour for ioctls). rtwn(4) and rum(4) should probably be revisted and net80211 internals removed (for rum(4) at least the current logic still seems prone to races). PR: 271979, 271988, 275255, 263613, 274003 Sponsored by: The FreeBSD Foundation (in 2023) Reviewed by: cc Differential Revision: https://reviews.freebsd.org/D43389 (cherry picked from commit 713db49d06deee90dd358b2e4b9ca05368a5eaf6) Given this changes the internal structure of 'struct ieee80211vap', which gets allocated by the drivers, and we do not have enough spares, all wireless drivers need to be recompiled. Given we are forced to do the update, we leave fields in the middle of the struct and add more spares at the same time. __FreeBSD_version gets updated to 1303501 to be able to detect this change. (cherry picked from commit a890a3a5ddf33acb0a4000885945b89156799b07) UPDATING | 6 ++ sys/dev/rtwn/if_rtwn.c | 4 +- sys/dev/usb/wlan/if_rum.c | 4 +- sys/net80211/ieee80211.c | 4 +- sys/net80211/ieee80211_ddb.c | 15 ++++- sys/net80211/ieee80211_proto.c | 124 ++++++++++++++++++++++++++++++++++---= ---- sys/net80211/ieee80211_var.h | 18 +++--- sys/sys/param.h | 2 +- 8 files changed, 143 insertions(+), 34 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271979-21060-zKu1b0Jqnt>