LinucKPI: 802.11: further locking workarounds fro crypto updates
ClosedPublic
Actions

Authored by bz on Fri, Apr 11, 11:08 PM.

Details

Reviewers

Commits

rG9bd4391f4ce0: LinuxKPI: 802.11: further locking workarounds fro crypto updates
rGa6165709e3c8: LinuxKPI: 802.11: further locking workarounds fro crypto updates

Summary

There are cases when net80211 calls into crypto updates with the
ic lock held (not (just) the nt lock). We have to unlock that as
well and track the unlock like we do for the nt to avoid panics
when we later can sleep (on the wiphy [sx] lock).

Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reported by: rm
PR: 285729
Fixes: b8dfc3ecf703

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bz created this revision.Fri, Apr 11, 11:08 PM

Herald added subscribers: linuxkpi, emaste, imp. · View Herald TranscriptFri, Apr 11, 11:08 PM

bz requested review of this revision.Fri, Apr 11, 11:08 PM

Harbormaster completed remote builds in B63471: Diff 153557.Fri, Apr 11, 11:08 PM

bz added inline comments.Sat, Apr 12, 12:29 AM

sys/compat/linuxkpi/common/src/linux_80211.c
1509–1515	This is likely a LOR. Need to switch order.

Avoid a LOR I believe.

Harbormaster completed remote builds in B63473: Diff 153559.Sat, Apr 12, 1:20 AM

Hello Bjoern, looks like it works! I'm not seeing panic at shutdown anymore. Thank you! I applied your patch against 680d34896c

But, at first boot with this patch I got this panic at system startup:

> <118>Created wlan(4) interfaces: wlan0.
> <6>lo0: link state changed to UP
> <118>Starting wpa_supplicant.
> <118>Starting dhclient.
> <118>wlan0: no link ......
> <6>wlan0: link state changed to UP
> <118> got link
> <118>DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> <6>wlan0: link state changed to DOWN
> <118>DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> <118>wlan0 link state up -> down
> iwlwifi0: Not associated and the session protection is over already...
> iwlwifi0: linuxkpi_ieee80211_connection_loss: vif 0xfffffe0115d5cec0 vap 0xfffffe0115d5c010 state AUTH
> 
> 
> Fatal trap 9: general protection fault while in kernel mode
> cpuid = 0; apic id = 00
> instruction pointer	= 0x20:0xffffffff80cd64e0
> stack pointer	        = 0x28:0xfffffe01121409a8
> frame pointer	        = 0x28:0xfffffe0112140a30
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 389 (wpa_supplicant)
> rdi: c0dedeadc0dedead rsi: fffffe011611e2a5 rdx: 0000000000000001
> rcx: 0000000000000011  r8: dedeadc0dedeadc0  r9: c0dedeadc0dedead
> rax: fffffe011611e384 rbx: fffffe0115d5c010 rbp: fffffe0112140a30
> r10: c0dedeadc0dedead r11: 0000000000000001 r12: fffffe011611e068
> r13: fffffe011611e2a5 r14: fffffe0112621000 r15: 0000000000000001
> trap number		= 9
> panic: general protection fault
> cpuid = 0
> time = 1744471792
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0112140720
> vpanic() at vpanic+0x136/frame 0xfffffe0112140850
> panic() at panic+0x43/frame 0xfffffe01121408b0
> trap_fatal() at trap_fatal+0x68/frame 0xfffffe01121408d0
> calltrap() at calltrap+0x8/frame 0xfffffe01121408d0
> --- trap 0x9, rip = 0xffffffff80cd64e0, rsp = 0xfffffe01121409a8, rbp = 0xfffffe0112140a30 ---
> ieee80211_chan2mode() at ieee80211_chan2mode/frame 0xfffffe0112140a30
> ieee80211_sta_join() at ieee80211_sta_join+0x256/frame 0xfffffe0112140a80
> ieee80211_ioctl_setmlme() at ieee80211_ioctl_setmlme+0xfc/frame 0xfffffe0112140b10
> ieee80211_ioctl_set80211() at ieee80211_ioctl_set80211+0x9ad/frame 0xfffffe0112140b80
> ieee80211_ioctl() at ieee80211_ioctl+0x2de/frame 0xfffffe0112140be0
> ifioctl() at ifioctl+0x973/frame 0xfffffe0112140ce0
> kern_ioctl() at kern_ioctl+0x286/frame 0xfffffe0112140d40
> sys_ioctl() at sys_ioctl+0x12f/frame 0xfffffe0112140e00
> amd64_syscall() at amd64_syscall+0x15a/frame 0xfffffe0112140f30
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0112140f30
> --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x60c96590b0a, rsp = 0x60c8f6dbfd8, rbp = 0x60c8f6dc040 ---
> KDB: enter: panic
> 

I never seen this again at future reboots, so not sure what it was.

In D49791#1135266, @rm wrote:

Hello Bjoern, looks like it works! I'm not seeing panic at shutdown anymore. Thank you! I applied your patch against 680d34896c

Thanks for testing! I'll apply it to the tree.

But, at first boot with this patch I got this panic at system startup:

> <118>Created wlan(4) interfaces: wlan0.
> <6>lo0: link state changed to UP
> <118>Starting wpa_supplicant.
> <118>Starting dhclient.
> <118>wlan0: no link ......
> <6>wlan0: link state changed to UP
> <118> got link
> <118>DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> <6>wlan0: link state changed to DOWN
> <118>DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> <118>wlan0 link state up -> down
> iwlwifi0: Not associated and the session protection is over already...
> iwlwifi0: linuxkpi_ieee80211_connection_loss: vif 0xfffffe0115d5cec0 vap 0xfffffe0115d5c010 state AUTH
> 
> 
> Fatal trap 9: general protection fault while in kernel mode
> cpuid = 0; apic id = 00
> instruction pointer	= 0x20:0xffffffff80cd64e0
> stack pointer	        = 0x28:0xfffffe01121409a8
> frame pointer	        = 0x28:0xfffffe0112140a30
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags	= interrupt enabled, resume, IOPL = 0
> current process		= 389 (wpa_supplicant)
> rdi: c0dedeadc0dedead rsi: fffffe011611e2a5 rdx: 0000000000000001
> rcx: 0000000000000011  r8: dedeadc0dedeadc0  r9: c0dedeadc0dedead
> rax: fffffe011611e384 rbx: fffffe0115d5c010 rbp: fffffe0112140a30
> r10: c0dedeadc0dedead r11: 0000000000000001 r12: fffffe011611e068
> r13: fffffe011611e2a5 r14: fffffe0112621000 r15: 0000000000000001
> trap number		= 9
> panic: general protection fault
> cpuid = 0
> time = 1744471792
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0112140720
> vpanic() at vpanic+0x136/frame 0xfffffe0112140850
> panic() at panic+0x43/frame 0xfffffe01121408b0
> trap_fatal() at trap_fatal+0x68/frame 0xfffffe01121408d0
> calltrap() at calltrap+0x8/frame 0xfffffe01121408d0
> --- trap 0x9, rip = 0xffffffff80cd64e0, rsp = 0xfffffe01121409a8, rbp = 0xfffffe0112140a30 ---
> ieee80211_chan2mode() at ieee80211_chan2mode/frame 0xfffffe0112140a30
> ieee80211_sta_join() at ieee80211_sta_join+0x256/frame 0xfffffe0112140a80
> ieee80211_ioctl_setmlme() at ieee80211_ioctl_setmlme+0xfc/frame 0xfffffe0112140b10
> ieee80211_ioctl_set80211() at ieee80211_ioctl_set80211+0x9ad/frame 0xfffffe0112140b80
> ieee80211_ioctl() at ieee80211_ioctl+0x2de/frame 0xfffffe0112140be0
> ifioctl() at ifioctl+0x973/frame 0xfffffe0112140ce0
> kern_ioctl() at kern_ioctl+0x286/frame 0xfffffe0112140d40
> sys_ioctl() at sys_ioctl+0x12f/frame 0xfffffe0112140e00
> amd64_syscall() at amd64_syscall+0x15a/frame 0xfffffe0112140f30
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0112140f30
> --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x60c96590b0a, rsp = 0x60c8f6dbfd8, rbp = 0x60c8f6dc040 ---
> KDB: enter: panic
> 

I never seen this again at future reboots, so not sure what it was.

Can you file a PR for that Blocking PR 283171; I assume this isieee80211_sta_join() -> ieee80211_alloc_node() -> ieee80211_chan2mode() and ic->ic_curchan may not be set? If you can lookup ieee80211_sta_join+0x256 that would be helpful to add to the PR.

This revision was not accepted when it landed; it landed in state Needs Review.Sat, Apr 12, 4:45 PM

Closed by commit rGa6165709e3c8: LinuxKPI: 802.11: further locking workarounds fro crypto updates (authored by bz). · Explain Why

This revision was automatically updated to reflect the committed changes.

bz added a commit: rGa6165709e3c8: LinuxKPI: 802.11: further locking workarounds fro crypto updates.

bz added a commit: rG9bd4391f4ce0: LinuxKPI: 802.11: further locking workarounds fro crypto updates.Fri, Apr 18, 2:37 PM