NetBSD Problem Report #34118
From www@NetBSD.org Mon Jul 31 17:20:54 2006
Return-Path: <www@NetBSD.org>
Received: by narn.NetBSD.org (Postfix, from userid 31301)
id 2271663B8C1; Mon, 31 Jul 2006 17:20:54 +0000 (UTC)
Message-Id: <20060731172054.2271663B8C1@narn.NetBSD.org>
Date: Mon, 31 Jul 2006 17:20:54 +0000 (UTC)
From: groy@qnx.com
Reply-To: groy@qnx.com
To: gnats-bugs@NetBSD.org
Subject: Atheros driver in AP mode causes kernel panic when client moves in/out of range
X-Send-Pr-Version: www-1.0
>Number: 34118
>Category: kern
>Synopsis: Atheros driver in AP mode causes kernel panic when client moves in/out of range
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jul 31 17:25:00 +0000 2006
>Last-Modified: Tue Jun 08 10:15:02 +0000 2010
>Originator: Gilles Roy
>Release: current
>Organization:
>Environment:
NetBSD 3.99.23
>Description:
I am running an Atheros card in access point mode, bridging traffic to Ethernet. When a client who is currently connected moves out of range, then back in range, if there is traffic on the link the driver will hit a KASSERT statement and cause a kernel panic.
The appears to be a problem several other OS's (they all use the same code base)
FreeBSD:
http://tog.net/crashdumps/crashdump3
Linux MadWifi:
http://madwifi.org/ticket/162
>How-To-Repeat:
1) Set the atheros card in AP mode
2) Create a bridge interface
3) Add the ath0 and a wired Ethernet to the bridge
4) Bring up the ath0, the bridge and the wired Ethernet interface
5) Have a client (laptop) connect to the AP
6) Pingflood the client from a host on the LAN
7) Walk out of range with the client/laptop and then come back in range
>Fix:
>Audit-Trail:
From: Gilles Roy <groy@qnx.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/34118: Atheros driver in AP mode causes kernel panic when client moves in/out of range
Date: Mon, 31 Jul 2006 13:35:34 -0400
Forgot to mention the KASSERT statement is at line 353 of
athrate-sample.c. Before the panic it prints out "ndx is 0".
From: Roy Marples <roy@NetBSD.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/34118
Date: Tue, 08 Jun 2010 11:12:15 +0100
This is a multi-part message in MIME format.
--------------020907020506010203040809
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
According to comment #17 on http://madwifi-project.org/ticket/162
the attached patch should resolve this issue.
I'm testing it on my NetBSD-5 wireless router now as I've been bitten
by this a few times.
Thanks
Roy
--------------020907020506010203040809
Content-Type: text/plain;
name="ath-prevrix.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="ath-prevrix.diff"
Index: sys/dev/ic/ath.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/ath.c,v
retrieving revision 1.102.4.2
diff -u -p -r1.102.4.2 ath.c
--- sys/dev/ic/ath.c 7 Aug 2009 06:48:09 -0000 1.102.4.2
+++ sys/dev/ic/ath.c 8 Jun 2010 10:07:36 -0000
@@ -3789,6 +3789,13 @@ ath_tx_start(struct ath_softc *sc, struc
} else {
ath_rate_findrate(sc, an, shortPreamble, pktlen,
&rix, &try0, &txrate);
+ /* Ratecontrol sometimes returns invalid rate index */
+ if (rix != 0xff)
+ an->an_prevdatarix = rix;
+ else {
+ if_printf(ifp, "invalid rix 0xff\n");
+ rix = an->an_prevdatarix;
+ }
sc->sc_txrate = txrate; /* for LED blinking */
if (try0 != ATH_TXMAXTRY)
ismrr = 1;
Index: sys/dev/ic/athvar.h
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/athvar.h,v
retrieving revision 1.25.4.2
diff -u -p -r1.25.4.2 athvar.h
--- sys/dev/ic/athvar.h 7 Aug 2009 06:48:09 -0000 1.25.4.2
+++ sys/dev/ic/athvar.h 8 Jun 2010 10:07:36 -0000
@@ -90,6 +90,7 @@ typedef unsigned int ath_keyix_t;
struct ath_node {
struct ieee80211_node an_node; /* base class */
u_int32_t an_avgrssi; /* average rssi over all rx frames */
+ u_int8_t an_prevdatarix; /* rate ix of laste data frame */
/* variable-length rate control state follows */
};
#define ATH_NODE(ni) ((struct ath_node *)(ni))
--------------020907020506010203040809--
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.