From owner-freebsd-current@FreeBSD.ORG  Thu Dec 16 16:53:50 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B50B616A4CE
	for <current@freebsd.org>; Thu, 16 Dec 2004 16:53:50 +0000 (GMT)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 72C8343D2D
	for <current@freebsd.org>; Thu, 16 Dec 2004 16:53:50 +0000 (GMT)
	(envelope-from sam@errno.com)
Received: from [66.127.85.91] ([66.127.85.91])
	(authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.6) with ESMTP id iBGGrjWi071187
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 16 Dec 2004 08:53:47 -0800 (PST)
	(envelope-from sam@errno.com)
Message-ID: <41C1BFA7.7050602@errno.com>
Date: Thu, 16 Dec 2004 09:02:31 -0800
From: Sam Leffler <sam@errno.com>
User-Agent: Mozilla Thunderbird 1.0RC1 (X11/20041208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tai-hwa Liang <avatar@mmlab.cse.yzu.edu.tw>
References: <0412161600456.50987@www.mmlab.cse.yzu.edu.tw>
In-Reply-To: <0412161600456.50987@www.mmlab.cse.yzu.edu.tw>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: current@freebsd.org
Subject: Re: [net80211] if_wi crashed in adhoc mode
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Dec 2004 16:53:50 -0000

Tai-hwa Liang wrote:
> Thinkpad R40, builtin Prism2.5 WLAN mini PCI module. -CURRENT cvsup'ed
> on Dec-14-2004. SCHED_4BSD, without PREEMPTION. The crash never happened
> before recent net80211 update.
> 
> Steps to reproduce:
> 
>     ifconfig wi0 10.0.0.1 ssid ibsstest channel 3 mediaopt adhoc up
>     #
>     # if the kernel does not panic, proceed with following steps
>     #
>     wicontrol -L    # disaply IBSS information, join the IBSS
>     ping 10.0.0.3    # send something to the IBSS creator
>     #
>     # the kernel should panic after a couple of sendings
>     #
> 

Yech, the wi driver bypasses the net80211 state machine and violates 
some assumptions in the net80211 code.  In particular the node table for 
neighbor nodes in adhoc mode is now allocated when the BSS is set 
running but the wi driver doesn't do it so you blow up.

Unfortunately I've got no time to deal with this or the WEP 
complaint(s).  Various folks promised to help with collateral damage 
like the wi driver but have vapourized so unless someone deals with this 
it'll have to wait until I have free time.

	Sam