From owner-freebsd-wireless@FreeBSD.ORG  Thu Jan 26 18:56:12 2012
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: freebsd-wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AA7991065677
	for <freebsd-wireless@freebsd.org>;
	Thu, 26 Jan 2012 18:56:12 +0000 (UTC)
	(envelope-from adrian.chadd@gmail.com)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 5EDE78FC18
	for <freebsd-wireless@freebsd.org>;
	Thu, 26 Jan 2012 18:56:12 +0000 (UTC)
Received: by vcmm1 with SMTP id m1so1040501vcm.13
	for <freebsd-wireless@freebsd.org>;
	Thu, 26 Jan 2012 10:56:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:cc:content-type;
	bh=4sWh5zx79JO/qqbowiFFW/YMwDMxrxXGUaTsgHV7g1s=;
	b=yCQ3U58kBf1Zc5J8QoVuKtv+nzdN15LWSbiFiF4C8BOFbmUJLclGtAKdmEj/EUhAZ+
	mx4frJf+wsGnlM9rd+vv0DtqmH1EEejBPtj4SOTum70OIT2LGxABvq5EC/fYIW27Wh9n
	eFxgwK7cZRIRjjufGmcmgRPnVwXVukucCT2Os=
MIME-Version: 1.0
Received: by 10.220.231.129 with SMTP id jq1mr1827512vcb.59.1327604171596;
	Thu, 26 Jan 2012 10:56:11 -0800 (PST)
Sender: adrian.chadd@gmail.com
Received: by 10.52.73.228 with HTTP; Thu, 26 Jan 2012 10:56:11 -0800 (PST)
In-Reply-To: <CAAgh0_Z9P_Gy20F+8EgpRQtp3hs5BNUVUiqbeHnbqb+xpQJu+Q@mail.gmail.com>
References: <CAFZ_MY+ifiXc3iPfDEuWNHyr7JvhuG55uzp3BTmCO2Ek2G1LOg@mail.gmail.com>
	<CAJ-VmomReMTTDQ3KYjbRTb4+LY+KVtkba_T0fwM49oHakW_XSg@mail.gmail.com>
	<CAJ-Vmo=tv0oHrsG834YdS32j+6+Ae-Co9142Diox6SS6usL24w@mail.gmail.com>
	<CAAgh0_Z9P_Gy20F+8EgpRQtp3hs5BNUVUiqbeHnbqb+xpQJu+Q@mail.gmail.com>
Date: Thu, 26 Jan 2012 10:56:11 -0800
X-Google-Sender-Auth: UxKzGN_2nOHFaWFJ0fMs2gz08wA
Message-ID: <CAJ-VmokeXQSPGXgRjHvOgCAwbG_Z6mcxp1t6EGCZWXF5fJcoNA@mail.gmail.com>
From: Adrian Chadd <adrian@freebsd.org>
To: Bernhard Schmidt <bschmidt@techwires.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: PseudoCylon <moonlightakkiy@yahoo.ca>, freebsd-wireless@freebsd.org
Subject: Re: net80211 race conditions seen in -HEAD
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussions of 802.11 stack,
	tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
	<mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
	<mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2012 18:56:12 -0000

On 26 January 2012 08:35, Bernhard Schmidt <bschmidt@techwires.net> wrote:

> On Wed, Jan 25, 2012 at 22:47, Adrian Chadd <adrian@freebsd.org> wrote:
> > .. whilst the refcount is 1, so ieee80211_ref_node() may not increment
> the
> > counter before it's freed by another thread.
>
> You know, that is an inline function, what "lifetime" are we taking about?
>
>
Although the 4 byte pointer assignment _should_ be atomic on i386
architectures, I haven't gone and verified that there are no places where
inconsistencies can occur.
Except that they are occuring.

I wonder if it's the debugging..


> iv_bss has other issues, being overwritten while some task is using it
> no matter how high the refcount is is once of those.


Yeah. Ew.

Adrian