From nobody@FreeBSD.org  Thu Jun 13 09:40:45 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id E9943B8E
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Jun 2013 09:40:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	by mx1.freebsd.org (Postfix) with ESMTP id DB96C1276
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Jun 2013 09:40:45 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r5D9eiL7089869
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Jun 2013 09:40:44 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r5D9eiFx089862;
	Thu, 13 Jun 2013 09:40:44 GMT
	(envelope-from nobody)
Message-Id: <201306130940.r5D9eiFx089862@oldred.freebsd.org>
Date: Thu, 13 Jun 2013 09:40:44 GMT
From: Guillaume Bibaut <yom@iaelu.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: wireless networking on ARM
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         179532
>Category:       arm
>Synopsis:       wireless networking on ARM
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-arm
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 13 09:50:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Fri Jun 14 08:40:00 UTC 2013
>Originator:     Guillaume Bibaut
>Release:        FreeBSD 10-CURRENT r251405
>Organization:
-
>Environment:
FreeBSD iaelumx 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r251405M: Wed Jun 12 12:50:45 CEST 2013    root@bsd-current:/root/EfikaMX/obj/arm.armv6/root/EfikaMX/src/efika_mx/sys/EFIKA_MX  arm
>Description:
FreeBSD is crashing when wpa_supplicant is called upon boot on the Genesi Efika MX smartbook.

Since I can't copy and paste the result of the crash, I've taken pictures and put them here :
http://iaelu.net/~yom/efikamx/arm-eabi/

I got helped by @rayddteam ( ray@ ) on the EFNET IRC subnet, in the #bsdmips channel.

The Wireless network was a WPA Personal.

after some investigations with the help of ray@
we could at least gather this information with the addr2line command :
/root/EfikaMX/obj/arm.armv6/root/EfikaMX/src/efika_mx/tmp/usr/bin/addr2line -e /mnt/boot/kernel/kernel c035bc44
/root/EfikaMX/src/efika_mx/sys/net80211/ieee80211_radiotap.c:138

I hope these informations help you to fix the problem, if there is any solution.

>How-To-Repeat:
The r251405 revision of head sources do not enable the wireless adapter by default so ray@ gave me a patch to enable it.

You can find the diff here :
https://github.com/GuillaumeBibaut/EfikaMX

the file is named :
imx51_iomux.c.diff

which should be patched in
head/sys/arm/freescale/imx/

I also used the MAKE_EFIKA_MX.sh script to build FreeBSD, that I've modified a bit and is accessible in the github repo.
In the script you can find the configuration files.
This script is using the ARM EABI for testing, as asked by ray@.

>Fix:
Not known at the moment.

>Release-Note:
>Audit-Trail:

From: Daan Vreeken <Daan@vitsch.nl>
To: Guillaume Bibaut <yom@iaelu.net>
Cc: freebsd-arm@freebsd.org, freebsd-gnats-submit@freebsd.org,
        Adrian Chadd <adrian@freebsd.org>
Subject: Re: arm/179532: wireless networking on ARM
Date: Fri, 14 Jun 2013 10:02:54 +0200

 Hi Guillaume,
 
 On Thursday 13 June 2013 11:40:44 Guillaume Bibaut wrote:
 > >Number:         179532
 > >Category:       arm
 > >Synopsis:       wireless networking on ARM
 ..
 
 > >Environment:
 >
 > FreeBSD iaelumx 10.0-CURRENT FreeBSD 10.0-CURRENT #0 r251405M: Wed Jun 12
 > 12:50:45 CEST 2013   
 > root@bsd-current:/root/EfikaMX/obj/arm.armv6/root/EfikaMX/src/efika_mx/sys/
 >EFIKA_MX  arm
 >
 > >Description:
 >
 > FreeBSD is crashing when wpa_supplicant is called upon boot on the Genesi
 > Efika MX smartbook.
 >
 > Since I can't copy and paste the result of the crash, I've taken pictures
 > and put them here : http://iaelu.net/~yom/efikamx/arm-eabi/
 >
 > I got helped by @rayddteam ( ray@ ) on the EFNET IRC subnet, in the
 > #bsdmips channel.
 >
 > The Wireless network was a WPA Personal.
 >
 > after some investigations with the help of ray@
 > we could at least gather this information with the addr2line command :
 > /root/EfikaMX/obj/arm.armv6/root/EfikaMX/src/efika_mx/tmp/usr/bin/addr2line
 > -e /mnt/boot/kernel/kernel c035bc44
 > /root/EfikaMX/src/efika_mx/sys/net80211/ieee80211_radiotap.c:138
 >
 > I hope these informations help you to fix the problem, if there is any
 > solution.
 
 I think we might have hit this same bug at work and have a local patch that 
 fixes it. I'll see if I can dust it off and post a patch here. I believe it 
 was only a 3-line patch to if_run.c
 
 
 Regards,
 -- 
 Ing. Daan Vreeken
 Vitsch Electronics
 http://Vitsch.nl/
 http://VitschVPN.nl/
 tel: +31-(0)40-7113051
 KvK nr: 17174380
 --
 Machines en netwerken op afstand beheren? Vitsch VPN oplossing!
 Kijk voor meer informatie op: http://www.VitschVPN.nl/

From: Daan Vreeken <Daan@vitsch.nl>
To: Guillaume Bibaut <yom@iaelu.net>
Cc: freebsd-arm@freebsd.org, freebsd-gnats-submit@freebsd.org,
        Adrian Chadd <adrian@freebsd.org>
Subject: Re: arm/179532: wireless networking on ARM
Date: Fri, 14 Jun 2013 10:33:51 +0200

 --Boundary-00=_vVtuRrItZym7Bc8
 Content-Type: text/plain;
   charset="iso-8859-1"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Hi again,
 
 On Friday 14 June 2013 10:02:54 Daan Vreeken wrote:
 > Hi Guillaume,
 >
 > On Thursday 13 June 2013 11:40:44 Guillaume Bibaut wrote:
 > > >Number:         179532
 > > >Category:       arm
 > > >Synopsis:       wireless networking on ARM
 ...
 > > >Description:
 > >
 > > FreeBSD is crashing when wpa_supplicant is called upon boot on the Genesi
 > > Efika MX smartbook.
 ...
 
 > I think we might have hit this same bug at work and have a local patch that
 > fixes it. I'll see if I can dust it off and post a patch here. I believe it
 > was only a 3-line patch to if_run.c
 
 See the attachments. These patches fix two bugs:
 o A crash in if_run when using VNET in the kernel.
 o The correctness of the information passed to the radiotap code in if_run.
 
 I think the last patch may fix the crash you are seeing with if_run and 
 wpa_supplicant. If you only want to test that part, you just have to patch 
 if_run.c with the file 'if_run_2013_01_19_radiotap_fix_only.diff' .
 
 In case the attachments get mangled in the email, you can also download these 
 files from : http://www.vitsch.nl/pub_diffs/
 The following files should be attached to this email :
 	if_run_2013_01_19_radiotap_fix_only.diff
 	if_run_2013_01_19_vnet_fix.diff
 	if_run_2013_01_19_vnet_plus_radiotap_fix.diff
 
 All patches are:
 Sponsored by: Vitsch Electronics
 
 
 Regards,
 -- 
 Ing. Daan Vreeken
 Vitsch Electronics
 http://Vitsch.nl/
 http://VitschVPN.nl/
 tel: +31-(0)40-7113051
 KvK nr: 17174380
 --
 Machines en netwerken op afstand beheren? Vitsch VPN oplossing!
 Kijk voor meer informatie op: http://www.VitschVPN.nl/
 
 --Boundary-00=_vVtuRrItZym7Bc8
 Content-Type: text/x-diff;
   charset="iso-8859-1";
   name="if_run_2013_01_19_radiotap_fix_only.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename="if_run_2013_01_19_radiotap_fix_only.diff"
 
 --- if_run.c.fix2_vnet_plus_radiotap	2013-06-14 10:15:34.890774314 +0200
 +++ if_run.c.fix1_vnet	2013-06-14 10:12:49.786774072 +0200
 @@ -2536,10 +2536,13 @@
  	m->m_pkthdr.rcvif = ifp;
  	m->m_pkthdr.len = m->m_len = len;
  
 -	/*
 -	 * DAAN: fill-in tap header BEFORE calling ieee80211_input*() so the
 -	 * user will see the actual data that belongs to THIS packet..
 -	 */
 +	if (ni != NULL) {
 +		(void)ieee80211_input(ni, m, rssi, nf);
 +		ieee80211_free_node(ni);
 +	} else {
 +		(void)ieee80211_input_all(ic, m, rssi, nf);
 +	}
 +
  	if (__predict_false(ieee80211_radiotap_active(ic))) {
  		struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
  
 @@ -2576,13 +2579,6 @@
  			break;
  		}
  	}
 -
 -	if (ni != NULL) {
 -		(void)ieee80211_input(ni, m, rssi, nf);
 -		ieee80211_free_node(ni);
 -	} else {
 -		(void)ieee80211_input_all(ic, m, rssi, nf);
 -	}
  }
  
  static void
 
 --Boundary-00=_vVtuRrItZym7Bc8
 Content-Type: text/x-diff;
   charset="iso 8859-15";
   name="if_run_2013_01_19_vnet_fix.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename="if_run_2013_01_19_vnet_fix.diff"
 
 Index: if_run.c
 ===================================================================
 --- if_run.c	(revision 251736)
 +++ if_run.c	(working copy)
 @@ -52,6 +52,7 @@
  #include <net/if_dl.h>
  #include <net/if_media.h>
  #include <net/if_types.h>
 +#include <net/vnet.h>
  
  #include <netinet/in.h>
  #include <netinet/in_systm.h>
 @@ -606,9 +607,12 @@
  
  	RUN_UNLOCK(sc);
  
 +	CURVNET_SET(vnet0);
 +
  	ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
  	if (ifp == NULL) {
  		device_printf(sc->sc_dev, "can not if_alloc()\n");
 +		CURVNET_RESTORE();
  		goto detach;
  	}
  	ic = ifp->if_l2com;
 @@ -702,6 +706,8 @@
  	if (bootverbose)
  		ieee80211_announce(ic);
  
 +	CURVNET_RESTORE();
 +
  	return (0);
  
  detach:
 @@ -739,8 +745,10 @@
  		usb_callout_drain(&sc->ratectl_ch);
  		ieee80211_draintask(ic, &sc->cmdq_task);
  		ieee80211_draintask(ic, &sc->ratectl_task);
 +		CURVNET_SET(ifp->if_vnet);
  		ieee80211_ifdetach(ic);
  		if_free(ifp);
 +		CURVNET_RESTORE();
  	}
  
  	mtx_destroy(&sc->sc_mtx);
 
 --Boundary-00=_vVtuRrItZym7Bc8
 Content-Type: text/x-diff;
   charset="iso 8859-15";
   name="if_run_2013_01_19_vnet_plus_radiotap_fix.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename="if_run_2013_01_19_vnet_plus_radiotap_fix.diff"
 
 Index: if_run.c
 ===================================================================
 --- if_run.c	(revision 251736)
 +++ if_run.c	(working copy)
 @@ -52,6 +52,7 @@
  #include <net/if_dl.h>
  #include <net/if_media.h>
  #include <net/if_types.h>
 +#include <net/vnet.h>
  
  #include <netinet/in.h>
  #include <netinet/in_systm.h>
 @@ -606,9 +607,12 @@
  
  	RUN_UNLOCK(sc);
  
 +	CURVNET_SET(vnet0);
 +
  	ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
  	if (ifp == NULL) {
  		device_printf(sc->sc_dev, "can not if_alloc()\n");
 +		CURVNET_RESTORE();
  		goto detach;
  	}
  	ic = ifp->if_l2com;
 @@ -702,6 +706,8 @@
  	if (bootverbose)
  		ieee80211_announce(ic);
  
 +	CURVNET_RESTORE();
 +
  	return (0);
  
  detach:
 @@ -739,8 +745,10 @@
  		usb_callout_drain(&sc->ratectl_ch);
  		ieee80211_draintask(ic, &sc->cmdq_task);
  		ieee80211_draintask(ic, &sc->ratectl_task);
 +		CURVNET_SET(ifp->if_vnet);
  		ieee80211_ifdetach(ic);
  		if_free(ifp);
 +		CURVNET_RESTORE();
  	}
  
  	mtx_destroy(&sc->sc_mtx);
 @@ -2528,13 +2536,10 @@
  	m->m_pkthdr.rcvif = ifp;
  	m->m_pkthdr.len = m->m_len = len;
  
 -	if (ni != NULL) {
 -		(void)ieee80211_input(ni, m, rssi, nf);
 -		ieee80211_free_node(ni);
 -	} else {
 -		(void)ieee80211_input_all(ic, m, rssi, nf);
 -	}
 -
 +	/*
 +	 * DAAN: fill-in tap header BEFORE calling ieee80211_input*() so the
 +	 * user will see the actual data that belongs to THIS packet..
 +	 */
  	if (__predict_false(ieee80211_radiotap_active(ic))) {
  		struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
  
 @@ -2571,6 +2576,13 @@
  			break;
  		}
  	}
 +
 +	if (ni != NULL) {
 +		(void)ieee80211_input(ni, m, rssi, nf);
 +		ieee80211_free_node(ni);
 +	} else {
 +		(void)ieee80211_input_all(ic, m, rssi, nf);
 +	}
  }
  
  static void
 
 --Boundary-00=_vVtuRrItZym7Bc8--
>Unformatted:
