Date: Mon, 12 Jul 2010 22:01:11 +0200 From: Hans Petter Selasky <hselasky@c2i.net> To: freebsd-current@freebsd.org Cc: Sam Leffler <sam@freebsd.org>, PseudoCylon <moonlightakkiy@yahoo.ca>, freebsd-usb@freebsd.org Subject: Re: [panic] Race in IEEE802.11 layer towards device drivers Message-ID: <201007122201.11534.hselasky@c2i.net> In-Reply-To: <AANLkTim-2GbC0fOKnZkyV_c_LzIy2hPdeC_jnNaBFXza@mail.gmail.com> References: <201007072113.16320.hselasky@c2i.net> <AANLkTim-2GbC0fOKnZkyV_c_LzIy2hPdeC_jnNaBFXza@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Andrew, Your patch appears to be working. Can you fix this issue in the other WLAN drivers aswell? Then send an e-mail to request testing? I had a go at it here: http://p4web.freebsd.org/@@180844?ac=10 I found another panic issue: ifconfig wlan0 delete ifconfig wlan0 destroy When not associate or associated. Backtrace (AMD64 - 9-current): node_free() + 0x2c rum_tx_free() + 0x3b which is called from the bulk tx callback Another thread is running an IOCTL -> rum_stop(), which causes the CANCELLED event to be passed to USB. Can't we free any nodes at this point? --HPS > This turned out to be refcounting of the ieee80211_node struct which > was causing this panic. vap->iv_bss can be freed at any time so all > users of it need to bump the refcount to use it safely. > > This patch should fix the panic in the rum driver. > http://people.freebsd.org/~thompsa/rum_node_refcnt.diff > > There are other places where it is still an issue such as the > ieee80211_tx_mgt_timeout callout which havnt been addressed yet, and > of course all other ieee80211 drivers. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007122201.11534.hselasky>