From owner-svn-src-all@FreeBSD.ORG Fri Mar 2 02:53:44 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7AAD1065670; Fri, 2 Mar 2012 02:53:44 +0000 (UTC) (envelope-from adrian@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id A6D8E8FC15; Fri, 2 Mar 2012 02:53:44 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q222riEl010126; Fri, 2 Mar 2012 02:53:44 GMT (envelope-from adrian@svn.freebsd.org) Received: (from adrian@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q222riIG010124; Fri, 2 Mar 2012 02:53:44 GMT (envelope-from adrian@svn.freebsd.org) Message-Id: <201203020253.q222riIG010124@svn.freebsd.org> From: Adrian Chadd Date: Fri, 2 Mar 2012 02:53:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r232373 - head/sys/net80211 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2012 02:53:44 -0000 Author: adrian Date: Fri Mar 2 02:53:43 2012 New Revision: 232373 URL: http://svn.freebsd.org/changeset/base/232373 Log: Attempt to catch scan cancellations at exactly the wrong time from occuring. The scan code unlocks the comlock and calls into the driver. It then assumes the state hasn't changed from underneath it. Although I haven't seen this particular condition trigger, I'd like to be informed if I or anyone else sees it. What I'm thinking may occur: * A cancellation comes in during the scan_end call; * the cancel flag is set; * but it's never checked, so scandone isn't updated; * .. and the interface stays in the STA power save mode. It's a subtle race, if it even exists. PR: kern/163318 Modified: head/sys/net80211/ieee80211_scan.c Modified: head/sys/net80211/ieee80211_scan.c ============================================================================== --- head/sys/net80211/ieee80211_scan.c Fri Mar 2 00:21:07 2012 (r232372) +++ head/sys/net80211/ieee80211_scan.c Fri Mar 2 02:53:43 2012 (r232373) @@ -960,6 +960,19 @@ scan_task(void *arg, int pending) IEEE80211_LOCK(ic); /* + * Since a cancellation may have occured during one of the + * driver calls (whilst unlocked), update scandone. + */ + if (scandone == 0 && + ((SCAN_PRIVATE(ss)->ss_iflags & ISCAN_CANCEL) != 0)) { + /* XXX printf? */ + if_printf(vap->iv_ifp, + "%s: OOPS! scan cancelled during driver call!\n", + __func__); + } + scandone |= ((SCAN_PRIVATE(ss)->ss_iflags & ISCAN_CANCEL) != 0); + + /* * Record scan complete time. Note that we also do * this when canceled so any background scan will * not be restarted for a while.