Re: panic: ieee80211_set_link_state() calls rtm_80211info() from timeout context

Sun, 05 Dec 2021 09:43:32 -0800 

> On 5 Dec 2021, at 20:05, Scott Cheloha <[email protected]> wrote:
> 
> Suppose the ic_bgscan_timeout timeout is running at the moment we're
> running ieee80211_ifdetach().  Ignore the kernel lock for the moment,
> think about the future.
> 
> If we delete the task before we delete the timeout and the timeout
> then adds the task back onto the task queue, what happens?
> 
> My guess is you need to ensure the timeout is no longer running
> *before* you delete the task.  Can you do timeout_del_barrier()
> here?  See the attached patch.

This timeout_del_barrier(9) doesn’t make sense. You also need to
wait ieee80211_rtm_80211info_task() to be accomplished and
taskq_del_barrier(9) should be used instead of task_del(9).

I doubt this code will be the same when unlocking started.

> 
> $ dmesg | grep iwm0 | tail -n2
> iwm0 at pci1 dev 0 function 0 "Intel Dual Band Wireless-AC 8265" rev 0x78, msi
> iwm0: hw rev 0x230, fw ver 36.ca7b901d.0, address 98:3b:8f:ef:6b:ef
> 
> Unsure how `route monitor` exercises this path, but I've left it
> running, too.

You have at least one PF_ROUTE socket. Otherwise route_input()
performs drain run without any solock() call.

> 
> Index: ieee80211.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211.c,v
> retrieving revision 1.85
> diff -u -p -r1.85 ieee80211.c
> --- ieee80211.c       11 Oct 2021 09:01:06 -0000      1.85
> +++ ieee80211.c       5 Dec 2021 17:01:51 -0000
> @@ -193,6 +193,7 @@ ieee80211_ifattach(struct ifnet *ifp)
>       if_addgroup(ifp, "wlan");
>       ifp->if_priority = IF_WIRELESS_DEFAULT_PRIORITY;
> 
> +     task_set(&ic->ic_rtm_80211info_task, ieee80211_rtm_80211info_task, ic);
>       ieee80211_set_link_state(ic, LINK_STATE_DOWN);
> 
>       timeout_set(&ic->ic_bgscan_timeout, ieee80211_bgscan_timeout, ifp);
> @@ -203,7 +204,8 @@ ieee80211_ifdetach(struct ifnet *ifp)
> {
>       struct ieee80211com *ic = (void *)ifp;
> 
> -     timeout_del(&ic->ic_bgscan_timeout);
> +     timeout_del_barrier(&ic->ic_bgscan_timeout);
> +     task_del(systq, &ic->ic_rtm_80211info_task);
> 
>       /*
>        * Undo pseudo-driver changes. Pseudo-driver detach hooks could

Reply via email to