I have tried your "blind patch" and it works when the
interface is not associated. If the interface is
associated the problem is still. Have you tried this?
If I do "iwconfig ath0 essid XXXX key XXXXXX" and
then "ifconfig ath0 up;ifconfig ath0 down"
there are a memory leak yet.
I put a "printk(KERN_INFO "node counter: %d",
atomic_read(&ic->ic_node_counter))" in a several
functions and I have observed that when the
interface isn't associated the node counter is 1,
but when the interface is associated the node
counter increases all the time.
I think this behavior is produced because the
driver will enter into other functions that
call the ieee80211_ref_node and this increases
the ni_refcnt variable.
The functions that call ieee80211_ref_node function are:
When the interface is not associated the driver
enter into a SCAN state only at
"ifconfig ath0 up", and INIT state at
"ifconfig ath0 down".
When the interface is associated the driver
enter into a INIT, SCAN, AUTH, ASSOC and RUN states
at "ifconfig ath0 up", and INIT, RUN states at
"ifconfig ath0 down".
I've seen other differences. In the first case,
the driver enter into a lookup_node function
but doesn't call the ieee80211_ref_node function.
In the second case, the driver enter into a
lookup_node function also, but in this case
executes the ieee80211_ref_node function.
I have tried to commented this line
but produces a kernel panic. When should I
release this reference correctly?
Thanks for all,
Made a mess with the mailing-list again...
However I've try to assoc the sta and still
all nodes were freed, but I've understand
the difference between our tests: after the
create I wait 10/15 sec, if you do the same
you will see that ieee80211_timeout_stations
is called and the node is ureferenced
(ieee80211_node_leave do the trick). If you
complete the loop (with assoc) you'll see that
all the allocated nodes are freed.
To be more clear:
wlanconfig ath0 create...
<-- wait here for timeout_station!
iwconfig ath0 essid ...
wlanconfig ath0 destroy
On the other hand if I don't wait and timeout_station
is not called, the node is not unreferenced
and leak is still there.
Now, the problems since now are:
- ieee80211_reset_bss does not unref the node
- ieee80211_node_leave is not always called
when it's needed
The first one seems to be fixed with the unref
in ieee80211_reset_bss, the second one could
be avoided, but both needs a real solution.
Hope this was helpful.