142018 – [iwi] Possibly wrong interpretation of beacon->number in if_iwi.c

Bug 142018 - [iwi] Possibly wrong interpretation of beacon->number in if_iwi.c

Summary: [iwi] Possibly wrong interpretation of beacon->number in if_iwi.c

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	7.2-STABLE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-wireless (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-12-25 18:20 UTC by Andre.Albsmeier
Modified:	2025-02-25 07:16 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (795 bytes, patch) 2009-12-25 18:20 UTC, Andre.Albsmeier	no flags	Details \| Diff
if_iwi.c.diff (820 bytes, patch) 2025-02-25 07:14 UTC, Mark Linimon	no flags	Details \| Diff
if_iwi.c diff (816 bytes, patch) 2025-02-25 07:16 UTC, Mark Linimon	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andre.Albsmeier 2009-12-25 18:20:02 UTC

In WLAN environments where beacon misses may happen occasionally
iwi(4) might reassociate even if the set threshold (bmiss) is not
reached. sysctl debug.iwi=5 enables logging of beacon misses
which are ridiculous high even after an uptime of only a
few minutes:

Beacon state (1, 19006982)
Beacon miss: 19006982 >= 10
Beacon state (1, 19007496)
Beacon miss: 19007496 >= 10
Beacon state (1, 19269126)
Beacon miss: 19269126 >= 10

Adding code to if_iwi.c which prints out the hex values
leads us to this picture:

iwi0: Beacon miss: 19006982 1220606
iwi0: Beacon miss: 19006982 1220606
iwi0: Beacon miss: 19007239 1220707
iwi0: Beacon miss: 19007496 1220808
iwi0: Beacon miss: 19269126 1260606
iwi0: Beacon miss: 19269383 1260707
iwi0: Beacon miss: 19269640 1260808
iwi0: Beacon miss: 19269126 1260606
iwi0: Beacon miss: 19269383 1260707
iwi0: Beacon miss: 19269640 1260808
                            ^^^^^^^ hex values

It seems to be wrong to use all 32bits of beacon->number in if_iwi.c.
However, if_iwi.c in 7.2 is the same as in RELENG_6 where the problem
didn't show up under same conditions. It might depend on the contents
of other memory locations, stack, ...

Fix: I am currently using this patch to mask out only the lower
8 bits of beacon->number in if_iwi.c:
How-To-Repeat: 
Use iwi in a WLAN environments where beacon misses happen.
Use sysctl debug.iwi=5 to see debugging output. If numbers
are reasonably low, you might not have been hit bit the
problem for reasons mentioned above.

See also:

http://lists.freebsd.org/pipermail/freebsd-mobile/2009-December/011833.html

Comment 1 Mark Linimon freebsd_committer

2009-12-25 23:52:51 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-net


Over to maintainer(s).

Comment 2 bschmidt 2010-01-14 15:10:28 UTC

Hi,

It might be simple endianess related issue, does this patch make any 
difference?

Index: if_iwi.c
===================================================================
--- sys/dev/iwi/if_iwi.c	(revision 202285)
+++ sys/dev/iwi/if_iwi.c	(working copy)
@@ -1499,9 +1499,9 @@ iwi_notification_intr(struct iwi_softc *sc, struct
 		beacon = (struct iwi_notif_beacon_state *)(notif + 1);
 
 		DPRINTFN(5, ("Beacon state (%u, %u)\n",
-		    beacon->state, le32toh(beacon->number)));
+		    le32toh(beacon->state), le32toh(beacon->number)));
 
-		if (beacon->state == IWI_BEACON_MISS) {
+		if (le32toh(beacon->state) == IWI_BEACON_MISS) {
 			/*
 			 * The firmware notifies us of every beacon miss
 			 * so we need to track the count against the

-- 
Bernhard

Comment 3 Andre.Albsmeier 2010-01-15 07:07:40 UTC

On Thu, 14-Jan-2010 at 16:10:28 +0100, Bernhard Schmidt wrote:
> Hi,
> 
> It might be simple endianess related issue, does this patch make any 
> difference?

No, it doesn't (which is what I expected on an i386 machine).
And beacon->state is not the problem, it's beacon->number ;-)

If have associated the interface to a network with a weak
signal and results are the same:

Jan 15 08:00:08 <kern.crit> box kernel: Beacon state (1, 0x1260606)
Jan 15 08:00:09 <kern.crit> box kernel: Beacon state (1, 0x1260707)
Jan 15 08:00:09 <kern.crit> box kernel: Beacon state (1, 0x1260808)
Jan 15 08:00:09 <kern.crit> box kernel: Beacon state (1, 0x1260606)
Jan 15 08:00:10 <kern.crit> box kernel: Beacon state (1, 0x1260707)
Jan 15 08:00:10 <kern.crit> box kernel: Beacon state (1, 0x1260808)
Jan 15 08:00:10 <kern.crit> box kernel: Beacon state (1, 0x1260909)
Jan 15 08:00:10 <kern.crit> box kernel: Beacon state (1, 0x1260a0a)
Jan 15 08:00:10 <kern.crit> box kernel: Beacon state (1, 0x1260b0b)
Jan 15 08:00:12 <kern.crit> box kernel: Beacon state (1, 0x1260606)
Jan 15 08:00:12 <kern.crit> box kernel: Beacon state (1, 0x1260707)
Jan 15 08:00:12 <kern.crit> box kernel: Beacon state (1, 0x1260808)
Jan 15 08:00:12 <kern.crit> box kernel: Beacon state (1, 0x1260909)
Jan 15 08:00:13 <kern.crit> box kernel: Beacon state (1, 0x1260a0a)
Jan 15 08:00:13 <kern.crit> box kernel: Beacon state (1, 0x1260b0b)
Jan 15 08:00:15 <kern.crit> box kernel: Beacon state (1, 0x210606)
Jan 15 08:00:15 <kern.crit> box kernel: Beacon state (1, 0x210707)
Jan 15 08:00:15 <kern.crit> box kernel: Beacon state (1, 0x210808)
Jan 15 08:00:15 <kern.crit> box kernel: Beacon state (1, 0x210909)
Jan 15 08:00:15 <kern.crit> box kernel: Beacon state (1, 0x210a0a)
Jan 15 08:00:15 <kern.crit> box kernel: Beacon state (1, 0x210b0b)
Jan 15 08:00:18 <kern.crit> box kernel: Beacon state (1, 0x606)
Jan 15 08:00:18 <kern.crit> box kernel: Beacon state (1, 0x707)
Jan 15 08:00:18 <kern.crit> box kernel: Beacon state (1, 0x808)
Jan 15 08:00:18 <kern.crit> box kernel: Beacon state (1, 0x909)
Jan 15 08:00:18 <kern.crit> box kernel: Beacon state (1, 0xa0a)
Jan 15 08:00:18 <kern.crit> box kernel: Beacon state (1, 0xb0b)
Jan 15 08:00:21 <kern.crit> box kernel: Beacon state (1, 0x606)
Jan 15 08:00:21 <kern.crit> box kernel: Beacon state (1, 0x707)
Jan 15 08:00:21 <kern.crit> box kernel: Beacon state (1, 0x808)
Jan 15 08:00:21 <kern.crit> box kernel: Beacon state (1, 0x909)
Jan 15 08:00:21 <kern.crit> box kernel: Beacon state (1, 0xa0a)
Jan 15 08:00:21 <kern.crit> box kernel: Beacon state (1, 0xb0b)
Jan 15 08:00:24 <kern.crit> box kernel: Beacon state (1, 0x606)
Jan 15 08:00:25 <kern.crit> box kernel: Beacon state (1, 0x707)
Jan 15 08:00:25 <kern.crit> box kernel: Beacon state (1, 0x808)
Jan 15 08:00:25 <kern.crit> box kernel: Beacon state (1, 0x909)
Jan 15 08:00:25 <kern.crit> box kernel: Beacon state (1, 0xa0a)
Jan 15 08:00:25 <kern.crit> box kernel: Beacon state (1, 0xb0b)
Jan 15 08:00:27 <kern.crit> box kernel: Beacon state (1, 0x606)
Jan 15 08:00:27 <kern.crit> box kernel: Beacon state (1, 0x707)
Jan 15 08:00:28 <kern.crit> box kernel: Beacon state (1, 0x808)
Jan 15 08:00:29 <kern.crit> box kernel: Beacon state (1, 0x1220606)
Jan 15 08:00:29 <kern.crit> box kernel: Beacon state (1, 0x1220707)
Jan 15 08:00:30 <kern.crit> box kernel: Beacon state (1, 0x1220808)
Jan 15 08:00:30 <kern.crit> box kernel: Beacon state (1, 0x1220909)
Jan 15 08:00:30 <kern.crit> box kernel: Beacon state (1, 0x1220a0a)
Jan 15 08:00:30 <kern.crit> box kernel: Beacon state (1, 0x1220b0b)

	-Andre

> 
> Index: if_iwi.c
> ===================================================================
> --- sys/dev/iwi/if_iwi.c	(revision 202285)
> +++ sys/dev/iwi/if_iwi.c	(working copy)
> @@ -1499,9 +1499,9 @@ iwi_notification_intr(struct iwi_softc *sc, struct
>  		beacon = (struct iwi_notif_beacon_state *)(notif + 1);
>  
>  		DPRINTFN(5, ("Beacon state (%u, %u)\n",
> -		    beacon->state, le32toh(beacon->number)));
> +		    le32toh(beacon->state), le32toh(beacon->number)));
>  
> -		if (beacon->state == IWI_BEACON_MISS) {
> +		if (le32toh(beacon->state) == IWI_BEACON_MISS) {
>  			/*
>  			 * The firmware notifies us of every beacon miss
>  			 * so we need to track the count against the
> 
> -- 
> Bernhard

Comment 4 Eitan Adler freebsd_committer

2017-12-31 08:00:40 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 5 Andriy Voskoboinyk freebsd_committer

2019-01-25 13:51:31 UTC

Reassign to wireless mailing list

Comment 6 Graham Perrin freebsd_committer

2022-10-17 12:37:08 UTC

Keyword: 

    patch
or  patch-ready

– in lieu of summary line prefix: 

    [patch]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>

Comment 7 Mark Linimon freebsd_committer

2025-02-25 07:14:58 UTC

Created attachment 257893 [details]
if_iwi.c.diff

^Triage: rebase patch.

Comment 8 Mark Linimon freebsd_committer

2025-02-25 07:16:40 UTC

Created attachment 257894 [details]
if_iwi.c diff

^Triage: rebase patch.