Bug 58881

Summary: ATH9K with gsm modem - HT AP is missing WMM params or HT capability/operation in AssocResp
Product: Drivers Reporter: manwe (kernel)
Component: network-wirelessAssignee: drivers_network-wireless (drivers_network-wireless)
Status: CLOSED CODE_FIX    
Severity: normal CC: ath9k-devel, johannes, kernel, linville, maze+kernel, sujith
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.9.4 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: config

Description manwe 2013-05-27 16:14:48 UTC
Created attachment 102681 [details]
config

I was redirected here after inspecting problem on Gentoo's Bugzilla (ticket #471344). 

I have "Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01)" supported by ATH9K driver. After switching from 3.7.10 to 3.9.4 card is no longer able to connect to mobile gsm2wifi router. Other networks seem to work fine. Kernel config in attachment.

Between 3.7.10 and 3.9.4 there were two commits affecting ATH9K dd5ee59bb005df38ca3ee00bc6ac349dc3370e4f and e1a0c6b3a4b27ed5f21291d0bbee2167ec201ef5 but only the first one was backported to 3.8 with commit ed359a3b7b6ade0071f378c0cf4392d252f7d334. So looks like it's caused by the second commit.


Dmesg info:
[   17.208931] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   17.227790] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   17.227830] wlan0: deauthenticating from f0:84:c9:ed:f6:3e by local choice (reason=3)
[   18.360453] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   18.385319] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   18.486990] wlan0: send auth to f0:84:c9:ed:f6:3e (try 2/3)
[   18.489046] wlan0: authenticated
[   18.489945] wlan0: associate with f0:84:c9:ed:f6:3e (try 1/3)
[   18.492982] wlan0: RX AssocResp from f0:84:c9:ed:f6:3e (capab=0x431 status=0 aid=1)
[   18.492987] wlan0: HT AP is missing WMM params or HT capability/operation in AssocResp
[   23.385843] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   23.404931] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   23.404965] wlan0: deauthenticating from f0:84:c9:ed:f6:3e by local choice (reason=3)
[   24.536935] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   24.562256] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   24.564214] wlan0: authenticated
[   24.565428] wlan0: associate with f0:84:c9:ed:f6:3e (try 1/3)
[   24.568389] wlan0: RX AssocResp from f0:84:c9:ed:f6:3e (capab=0x431 status=0 aid=1)
[   24.568395] wlan0: HT AP is missing WMM params or HT capability/operation in AssocResp
[   29.565516] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   29.584457] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   29.584491] wlan0: deauthenticating from f0:84:c9:ed:f6:3e by local choice (reason=3)
[   30.716151] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   30.741331] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   30.842554] wlan0: send auth to f0:84:c9:ed:f6:3e (try 2/3)
[   30.844582] wlan0: authenticated
[   30.845691] wlan0: associate with f0:84:c9:ed:f6:3e (try 1/3)
[   30.848679] wlan0: RX AssocResp from f0:84:c9:ed:f6:3e (capab=0x431 status=0 aid=1)
[   30.848686] wlan0: HT AP is missing WMM params or HT capability/operation in AssocResp

Post on Arch forum with the same problem: https://bbs.archlinux.org/viewtopic.php?pid=1277305

I hope this bug is clear enough, this is my first submit on kernel's bugzilla so sorry for any mistakes/missing things.
Comment 1 manwe 2013-05-27 16:18:17 UTC
I forgot to write one thing. I said only one commit was backported to 3.8 and I've tested 3.8.13 - works fine, connects without any problem.
Comment 2 Tom Wijsman 2013-05-27 21:03:57 UTC
Downstream bug is at https://bugs.gentoo.org/show_bug.cgi?id=471344

To clarify, we think that this is likely caused by the header change [3] in e1a0c6b3a4b27ed5f21291d0bbee2167ec201ef5 [1] which has not been backported to v3.8.13 [2]; we see that v3.8.13 works for him, whereas v3.9.4 doesn't. The other candidate commit we found by grepping the logs has been backported and therefore confirmed to work. More details on analysis are in the downstream bug linked above.

 [1]: http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e1a0c6b3a4b27ed5f21291d0bbee2167ec201ef5

 [2]: http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=v3.8.13&qt=grep&q=IEEE80211_HT_CAP_SUP_WIDTH_20_40

 [3]: http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/diff/include/net/mac80211.h?id=e1a0c6b3a4b27ed5f21291d0bbee2167ec201ef5
Comment 3 Johannes Berg 2013-05-28 07:45:39 UTC
That commit analysis you tried to do seems to have pretty much gone wrong completely. I'd say this validation was introduced by my commit 30eb1dc2c (git blame FTW!) :-)

Can you please attach the output of "iw event -t -f" to this bug? I strongly suspect that this AP is broken and advertising HT but "forgetting" to include it in the (Re)AssocResp frames.
Comment 4 Tom Wijsman 2013-05-28 08:28:23 UTC
(In reply to comment #3)
> That commit analysis you tried to do seems to have pretty much gone wrong
> completely. I'd say this validation was introduced by my commit 30eb1dc2c
> (git
> blame FTW!) :-)

Ah, should have considered looking for the error instead; I did grep for it but couldn't directly find it and suspecting it was concatenated in some way, I was working inside the driver folder... ^^

Thanks for looking into this.
Comment 5 Johannes Berg 2013-05-28 08:53:46 UTC
Try this patch: http://p.sipsolutions.net/fd1f5ad5eb85551c.txt
Comment 6 manwe 2013-05-28 22:00:05 UTC
Here's iw event when 3.8.13 connects to this AP:

# iw event -t -f
1369778166.132656: wlan0 (phy #0): scan started
1369778167.186286: wlan0 (phy #0): scan finished: 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472 2484, ""
1369778167.201691: wlan0: new station f0:84:c9:ed:f6:3e
1369778167.203841: wlan0 (phy #0): auth f0:84:c9:ed:f6:3e -> 48:5d:60:83:1e:14 status: 0: Successful [frame: b0 00 3a 01 48 5d 60 83 1e
14 f0 84 c9 ed f6 3e f0 84 c9 ed f6 3e 40 52 00 00 02 00 00 00]
1369778167.207280: wlan0 (phy #0): assoc f0:84:c9:ed:f6:3e -> 48:5d:60:83:1e:14 status: 0: Successful [frame: 10 00 3a 01 48 5d 60 83 1e
14 f0 84 c9 ed f6 3e f0 84 c9 ed f6 3e 50 52 31 04 00 00 01 c0 01 08 82 84 8b 0c 12 96 18 24 32 04 30 48 60 6c dd 18 00 50 f2 02 01 01 00
00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f 00]
1369778167.207338: wlan0 (phy #0): connected to f0:84:c9:ed:f6:3e
1369778167.209160: phy #0: regulatory domain change: set to NO by a country IE request on phy0

Patch doesn't compile:
# cd /usr/src/linux-3.9.4; patch -p1 < ~/fd1f5ad5eb85551c.txt
patching file net/mac80211/mlme.c
Hunk #1 succeeded at 2422 (offset -64 lines).
Hunk #2 succeeded at 2458 (offset -64 lines).
Hunk #3 succeeded at 2546 (offset -64 lines).
Hunk #4 succeeded at 2600 (offset -64 lines).
Hunk #5 succeeded at 2641 with fuzz 1 (offset -64 lines).
# make mrproper
# cp [...] .config
# make oldconfig
# make
....

net/mac80211/mlme.c: In function 'ieee80211_assoc_success':
net/mac80211/mlme.c:2483:12: warning: passing argument 1 of 'ieee802_11_parse_elems' discards 'const' qualifier from pointer target type
[enabled by default]
In file included from net/mac80211/mlme.c:28:0:
net/mac80211/ieee80211_i.h:1523:6: note: expected 'u8 *' but argument is of type 'const u8 *'
net/mac80211/mlme.c:2483:12: error: too many arguments to function 'ieee802_11_parse_elems'
In file included from net/mac80211/mlme.c:28:0:
net/mac80211/ieee80211_i.h:1523:6: note: declared here
  CC      net/mac80211/pm.o
make[2]: *** [net/mac80211/mlme.o] Error 1
Comment 7 Johannes Berg 2013-05-28 22:03:56 UTC
Thanks. Let me check the patch against 3.9.4, give me a minute.
Comment 8 Johannes Berg 2013-05-28 22:08:10 UTC
This shouild compile: http://p.sipsolutions.net/7dda2c56297cadc3.txt
Comment 9 Johannes Berg 2013-05-28 22:15:11 UTC
Ok the packet you pasted shows that the AP isn't including HT operation nor HT capability IEs in its association response ... oh well, buggy AP :-)
Comment 10 manwe 2013-05-28 22:27:50 UTC
I'm not suprised :) Cheap GSM AP - ZTE MF60. 

Second patch works. No offsets while applying and connects fine. Dmesg output:

[   23.850855] wlan0: authenticate with f0:84:c9:ed:f6:3e
[   23.875098] wlan0: send auth to f0:84:c9:ed:f6:3e (try 1/3)
[   23.877043] wlan0: authenticated
[   23.877919] wlan0: associate with f0:84:c9:ed:f6:3e (try 1/3)
[   23.880897] wlan0: RX AssocResp from f0:84:c9:ed:f6:3e (capab=0x431 status=0 aid=1)
[   23.880904] wlan0: AP bug: HT capability missing from AssocResp
[   23.880907] wlan0: AP bug: HT operation missing from AssocResp
[   23.880989] wlan0: associated


Thanks for your help.
Comment 11 Johannes Berg 2013-05-28 22:30:32 UTC
Thanks for the quick responses!

I'll apply the patch after I get some sleep (00:30 here). Do you want to be credited as "Reported-by"/"Tested-by" on a patch, like e.g. here:

http://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211.git/commit/?id=c815797663b72e3ac1736f1886538152bc48e4af

If yes let me know what you want to put there (here you only have a nickname, if you want just that it's ok too)
Comment 12 manwe 2013-05-28 22:33:39 UTC
Looks like we're on the same timezone :) Yup, I'd love to be mentioned in Linux. Please add "Michal Zajac". Thanks.
Comment 13 Sujith 2013-06-03 01:50:50 UTC
The fix has been merged in the mac80211 tree, so this bug can be closed.
https://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211.git/commit/?id=c2c15e215e860c99b86ddfc4be4bb25cf180fed0