Date: Thu, 26 Jan 2012 10:56:11 -0800 From: Adrian Chadd <adrian@freebsd.org> To: Bernhard Schmidt <bschmidt@techwires.net> Cc: PseudoCylon <moonlightakkiy@yahoo.ca>, freebsd-wireless@freebsd.org Subject: Re: net80211 race conditions seen in -HEAD Message-ID: <CAJ-VmokeXQSPGXgRjHvOgCAwbG_Z6mcxp1t6EGCZWXF5fJcoNA@mail.gmail.com> In-Reply-To: <CAAgh0_Z9P_Gy20F%2B8EgpRQtp3hs5BNUVUiqbeHnbqb%2BxpQJu%2BQ@mail.gmail.com> References: <CAFZ_MY%2BifiXc3iPfDEuWNHyr7JvhuG55uzp3BTmCO2Ek2G1LOg@mail.gmail.com> <CAJ-VmomReMTTDQ3KYjbRTb4%2BLY%2BKVtkba_T0fwM49oHakW_XSg@mail.gmail.com> <CAJ-Vmo=tv0oHrsG834YdS32j%2B6%2BAe-Co9142Diox6SS6usL24w@mail.gmail.com> <CAAgh0_Z9P_Gy20F%2B8EgpRQtp3hs5BNUVUiqbeHnbqb%2BxpQJu%2BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26 January 2012 08:35, Bernhard Schmidt <bschmidt@techwires.net> wrote: > On Wed, Jan 25, 2012 at 22:47, Adrian Chadd <adrian@freebsd.org> wrote: > > .. whilst the refcount is 1, so ieee80211_ref_node() may not increment > the > > counter before it's freed by another thread. > > You know, that is an inline function, what "lifetime" are we taking about? > > Although the 4 byte pointer assignment _should_ be atomic on i386 architectures, I haven't gone and verified that there are no places where inconsistencies can occur. Except that they are occuring. I wonder if it's the debugging.. > iv_bss has other issues, being overwritten while some task is using it > no matter how high the refcount is is once of those. Yeah. Ew. Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmokeXQSPGXgRjHvOgCAwbG_Z6mcxp1t6EGCZWXF5fJcoNA>