Hard(?) lock when reassociating ath with wpa_supplicant on RELENG_7

Sam Leffler sam at freebsd.org
Sat Jul 12 16:57:03 UTC 2008

Alexandre "Sunny" Kovalenko wrote:
> On Fri, 2008-07-11 at 20:29 -0700, Sam Leffler wrote:
>> Alexandre "Sunny" Kovalenko wrote:
>>> On Fri, 2008-05-16 at 12:23 -0400, Sam Leffler wrote:
>>>> Alexandre "Sunny" Kovalenko wrote:
>>>>> On Mon, 2008-05-12 at 19:33 -0700, Sam Leffler wrote: 
>>>>>> Alexandre "Sunny" Kovalenko wrote:
>>>>>>> I seem to be able to lock my machine by going into wpa_cli and asking it
>>>>>>> to 'reassoc'. The reason for question mark after "hard" is that debug
>>>>>>> information (caused by wlandebug and athdebug) is being printed on the
>>>>>>> console. The only way to get machine's attention is to hold power button
>>>>>>> for 8 seconds.
>>>>>> So this is just livelock due to console debug msgs.
>>>>> I am not sure, I have parsed this well enough, so I will try to clarify:
>>>>> machine becomes unresponsive *without* any debugging turned on, to an
>>>>> extent that pressing the power button twice *does not* generate ACPI
>>>>> console message (something to the tune of "going into S5 already --
>>>>> gimme a break"). If I turn ath debugging on, I do see those messages,
>>>>> and only them, scrolling on the console.
>>>> Guess I misunderstood you.
>>> I have finally got enough time and equipment to investigate this
>>> further. Here are some conclusions:
>>> -- at this point (RELENG_7 as of July 9th around 15:30 EST) it is indeed
>>> a livelock.
>>> -- all system does, is executing ath_intr (if_ath.c) in the tight loop
>>> with the same status -- 0x1000 AKA HAL_INT_MIB. In order to eliminate
>>> possibility that I have caused livelock with the debug messages, I have
>>> put conditional panic() into ath_intr, as soon as sc->sc_stats.ast_mib
>>> reaches 10,000. Without any kind of the debug messages, it will be
>>> triggered within 40-60 seconds after starting of wpa_supplicant.
>>> -- I suspect that comment below, might not hold true on my equipment
>>> if (status & HAL_INT_MIB) {
>>>    sc->sc_stats.ast_mib++;
>>>    /*
>>>     * Disable interrupts until we service the MIB
>>>     * interrupt; otherwise it will continue to fire.
>>>     */
>>>    ath_hal_intrset(ah, 0);
>>>    /*
>>>     * Let the hal handle the event.  We assume it will <============
>>>     * clear whatever condition caused the interrupt.   <============
>>>     */
>>>     ath_hal_mibevent(ah, &sc->sc_halstats);
>>>     ath_hal_intrset(ah, sc->sc_imask);
>>> }
>>> My hardware is:
>>> ath_hal: (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413,
>>> RF5413)
>>> ath0: <Atheros 5212> mem 0xedf00000-0xedf0ffff irq 17 at device 0.0 on
>>> pci3
>>> ath0: [ITHREAD]
>>> ath0: using obsoleted if_watchdog interface
>>> ath0: Ethernet address: 00:16:cf:26:2f:3f
>>> ath0: mac 10.3 phy 6.1 radio 10.2
>>> My wpa_supplicant.conf is:
>>> ctrl_interface=/var/run/wpa_supplicant
>>> ctrl_interface_group=wheel
>>> eapol_version=2
>>> network={
>>>   ssid="XXXXXXXXXXX"
>>>   scan_ssid=1
>>>   priority=1
>>>   proto=WPA
>>>   pairwise=TKIP
>>>   group=TKIP
>>>   key_mgmt=WPA-PSK
>>>   psk="xxxxxxxxxxxxxxxxxxxxxx"
>>> }
>>> Access point is Netgear WNDR3300-1B with 11N and 11G SSID set up to
>>> different values. Only 11G SSID is configured in wpa_supplicant.conf. In
>>> the test setup, AP is with 10' (3m) from the laptop.
>>> AP is successfully used by handful of Windows clients (including this
>>> same laptop) and iBook G4.
>>> Neither wpa_supplicant with '-d -d' nor wlandebug 0xFFFFFFFF show
>>> anything but normal scan. 
>>> athdebug 0xFFFFFFFF loops with ath_intr: status 0x1000 until I power
>>> down my laptop.
>>> I would appreciate any suggestion on what I can investigate further --
>>> at this point I have comfortable console setup and should be able to
>>> field requests for further information much better.
>> Are you running powerd?
> I do. And I just tried disabling it, and I could not reproduce the
> problem any more. Is there any way to reconcile if_ath with powerd?

Don't know.  There appear to be two issues.  When the MIB interrupts 
arrive the kernel may service them w/ the cpu at a reduced clock 
frequency.  Since powered is currently the only mechanism for increasing 
the frequency and it runs in user space it can take a while to bump the 
clock rate leading to livelock (because the logic to reduce the _cause_ 
of the MIB interrupt takes a long time to run).  John Baldwin suggested 
raising the clock frequency when handling interrupts in the kernel but 
nothing has been done to make that happen.

Separately there is a question as to why the MIB interrupts are 
happening at all.  This is possibly due to misprogramming of the 
baseband h/w in the ath card.  Unfortunately I've been trying to get 
Atheros to help understand/resolve this question for a very long time 
(as their code also exhibits this behaviour) but they've been 
unresponsive.  I have some experimental code to address this in new hal 
versions (such as available in http://www.freebsd.org/~sam) but 
apparently it does not entirely fix the problem.


More information about the freebsd-stable mailing list