Ticket #146 (closed defect: fixed)

Opened 7 years ago

Last modified 6 years ago

Mode change during active scan causes infinite loop

Reported by: smr26@cs.waikato.ac.nz Assigned to:
Priority: major Milestone: version 1.0.0 - first stable release
Component: madwifi: 802.11 stack Version: trunk
Keywords: Cc: matt@crc.net.nz
Patch is attached: 1 Pending:

Description

Hi,

Changing modes using "iwpriv ath0 mode x" while the device is in active scan mode will cause the driver to get into an infinite loop, causing the system to become unresponsive.

Attached is a debug log of console output, using 80211debug +state +scan and athdebug +state +mode. You will see that the interface is brought up, and starts an active scan (in this case, the interface was in AP mode, but it also happens in other modes).

Some way through the scan I issue the command "iwpriv ath0 mode 1". At this point we see the driver do a SCAN -> SCAN transition, and check_scan says that an active scan is already in progress. However, there is now nothing in the scan list, and we see an inifinite loop of scan_next, scan_start, scan_end, ap_end messages, with no mode_init messages like there should be.

I've been hunting around the code for a while, but can't quite figure out where to fix it, as this is my first attempt at debugging driver code. I added a call to ieee80211_cancel_scan on a SCAN->SCAN transition in ieee80211_scan.c and this stops the infinite loop from occuring, but I'm not sure how to get it going again on the proper mode, with the proper scan list.

Thanks for your time,

Scott Raynel.

Attachments

error_log (4.4 kB) - added by smr26@cs.waikato.ac.nz on 11/10/05 03:23:16.
imr-mode-change-patch.diff (0.5 kB) - added by imr1@waikato.ac.nz on 12/12/05 22:51:59.
Patch to prevent infinite loop.

Change History

11/10/05 03:23:16 changed by smr26@cs.waikato.ac.nz

  • attachment error_log added.

11/10/05 06:28:46 changed by mrenzmann

  • milestone set to version 1.0.0 - first stable release.

11/29/05 19:16:11 changed by mrenzmann

  • version set to trunk.

12/01/05 21:53:23 changed by anonymous

  • cc set to matt@crc.net.nz.

12/12/05 22:50:10 changed by imr1@waikato.ac.nz

Added a call to ieee80211_cancel_scan() to ieee80211_ioctl_setmode() (which is in ieee80211_wireless.c). This allows the scan list to be repopulated and a new scan initiated rather than being stuck trying to perform the old scan with an empty scan list. Patch file is: imr-mode-change-patch.diff
Signed-off-by: Ian M. Rawley <imr1@waikato.ac.nz>

12/12/05 22:51:59 changed by imr1@waikato.ac.nz

  • attachment imr-mode-change-patch.diff added.

Patch to prevent infinite loop.

12/14/05 11:23:02 changed by mrenzmann

  • status changed from new to closed.
  • resolution set to fixed.

Patch committed in r1356. Thanks.

02/01/06 11:46:22 changed by kelmo

  • patch_attached set to 1.