ar9170usb crashes during iwconfig for ad-hoc mode

Message ID	200908031509.55277.chunkeey@web.de (mailing list archive)
State	Not Applicable, archived
Headers	show Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n73DA0x3019055 for <patchwork-linux-wireless@patchwork.kernel.org>; Mon, 3 Aug 2009 13:10:00 GMT From: Christian Lamparter <chunkeey@web.de> To: "Joerg Albert" <jal2@gmx.de> Subject: Re: ar9170usb crashes during iwconfig for ad-hoc mode Date: Mon, 3 Aug 2009 15:09:54 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.31-rc3-wl; KDE/4.2.4; x86_64; ; ) Cc: Johannes Berg <johannes@sipsolutions.net>, linux-wireless@vger.kernel.org References: <4A759341.1090006@gmx.de> <1249289274.4561.0.camel@johannes.local> <20090803123642.242160@gmx.net> In-Reply-To: <20090803123642.242160@gmx.net> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_jGudK0RXrett0jO" Message-Id: <200908031509.55277.chunkeey@web.de> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk

Message ID

200908031509.55277.chunkeey@web.de (mailing list archive)

State

Not Applicable, archived

Headers

From: Christian Lamparter <chunkeey@web.de>
To: "Joerg Albert" <jal2@gmx.de>
Subject: Re: ar9170usb crashes during iwconfig for ad-hoc mode
Date: Mon, 3 Aug 2009 15:09:54 +0200
User-Agent: KMail/1.11.4 (Linux/2.6.31-rc3-wl; KDE/4.2.4; x86_64; ; )
Cc: Johannes Berg <johannes@sipsolutions.net>, linux-wireless@vger.kernel.org
References: <4A759341.1090006@gmx.de>
	<1249289274.4561.0.camel@johannes.local>
	<20090803123642.242160@gmx.net>
In-Reply-To: <20090803123642.242160@gmx.net>
MIME-Version: 1.0
Content-Type: Multipart/Mixed;
  boundary="Boundary-00=_jGudK0RXrett0jO"
Message-Id: <200908031509.55277.chunkeey@web.de>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk

Commit Message

Christian Lamparter Aug. 3, 2009, 1:09 p.m. UTC

On Monday 03 August 2009 14:36:42 Joerg Albert wrote:
> 
> > On Mon, 2009-08-03 at 10:44 +0200, Johannes Berg wrote:
> > 
> > > > >     ifconfig wlan1 down
> > > > >     iwconfig wlan1 mode managed essid huhu
> > > > >     ifconfig wlan1 up
> > > > >     ifconfig wlan1 down
> > > > >     iwconfig wlan1 mode ad-hoc essid huhu_a channel 1
> > 
> > > No, it's a bug in cfg80211 :)
> > 
> > But it's not making sense to me. I'll have to try to reproduce it. In
> > any case, we shouldn't be calling in to mac80211 from cfg80211 while the
> > interface is down.
> 
> I guess this is caused by the call to __cfg80211_leave_ibss()
> in  net/wireless/ibss.c::cfg80211_ibss_wext_siwfreq() trying to
> disable the beacon via net/mac80211::ieee80211_ibss_leave().
what about this? (only compiled so far, don't have the device here...)

Regards,
	Chr

Comments

Joerg Albert Aug. 3, 2009, 8:46 p.m. UTC | #1

Hi Christian,

On 08/03/2009 03:09 PM, Christian Lamparter wrote:
> On Monday 03 August 2009 14:36:42 Joerg Albert wrote:
>>> On Mon, 2009-08-03 at 10:44 +0200, Johannes Berg wrote:
>>>
>>>>>>     ifconfig wlan1 down
>>>>>>     iwconfig wlan1 mode managed essid huhu
>>>>>>     ifconfig wlan1 up
>>>>>>     ifconfig wlan1 down
>>>>>>     iwconfig wlan1 mode ad-hoc essid huhu_a channel 1
>>>> No, it's a bug in cfg80211 :)
>>> But it's not making sense to me. I'll have to try to reproduce it. In
>>> any case, we shouldn't be calling in to mac80211 from cfg80211 while the
>>> interface is down.
>> I guess this is caused by the call to __cfg80211_leave_ibss()
>> in  net/wireless/ibss.c::cfg80211_ibss_wext_siwfreq() trying to
>> disable the beacon via net/mac80211::ieee80211_ibss_leave().

> what about this? (only compiled so far, don't have the device here...)

 > diff --git a/drivers/net/wireless/ath/ar9170/main.c b/drivers/net/wireless/ath/ar9170/main.c
 > index 099ed3c..9c97ad7 100644
 > --- a/drivers/net/wireless/ath/ar9170/main.c
 > +++ b/drivers/net/wireless/ath/ar9170/main.c
 > @@ -2177,7 +2177,7 @@ static void ar9170_op_bss_info_changed(struct ieee80211_hw *hw,
 >                         goto out;
 >         }
 >
 > -       if (changed & (BSS_CHANGED_BEACON | BSS_CHANGED_BEACON_ENABLED)) {
 > +       if (changed & BSS_CHANGED_BEACON_ENABLED) {
 >                 err = ar9170_update_beacon(ar);
 >               if (err)
 >                         goto out;

Thanks for the patch,  but I think it won't help. ar9170_op_bss_info_changed() is called
with BSS_CHANGED_BEACON_ENABLED set in changed, while ar->vif is NULL as _op_remove_interface() was called before
(by "ifconfig down"). This triggers the crash.

I've got a patch ready here, which uses the vif parameter of ar9170_op_bss_info_changed() instead of ar->vif.
I'll try Johannes' patch first.

Regards,
Joerg.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/net/wireless/ath/ar9170/main.c b/drivers/net/wireless/ath/ar9170/main.c
index 099ed3c..9c97ad7 100644
--- a/drivers/net/wireless/ath/ar9170/main.c
+++ b/drivers/net/wireless/ath/ar9170/main.c
@@ -2177,7 +2177,7 @@  static void ar9170_op_bss_info_changed(struct ieee80211_hw *hw,
 			goto out;
 	}
 
-	if (changed & (BSS_CHANGED_BEACON | BSS_CHANGED_BEACON_ENABLED)) {
+	if (changed & BSS_CHANGED_BEACON_ENABLED) {
 		err = ar9170_update_beacon(ar);
 		if (err)
 			goto out;

ar9170usb crashes during iwconfig for ad-hoc mode

Commit Message

Comments

Patch