Date: Sat, 11 Feb 2012 21:33:45 -0800 From: Adrian Chadd <adrian@freebsd.org> To: freebsd-wireless@freebsd.org Subject: [ath] patch: lock vap->iv_bss before using it in a few places Message-ID: <CAJ-Vmo=0u2_U_mY-QnPYo20MqK_ob6qiTRHTi3ruBFgW6=f0sA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi all,
This quick patch mirrors what was done in r212127 - it enforces
locking of whatever the vap->iv_bss node is before using it.
I'd appreciate some testing and feedback before I commit it. I'm going
to try and reproduce breaking it in sta/hostap mode but I won't be
able to until I'm back in the lab next week.
Thanks,
Adrian
[-- Attachment #2 --]
Index: sys/dev/ath/if_ath.c
===================================================================
--- sys/dev/ath/if_ath.c (revision 231541)
+++ sys/dev/ath/if_ath.c (working copy)
@@ -1669,6 +1669,7 @@
struct ath_softc *sc = ifp->if_softc;
u_int64_t lastrx = sc->sc_lastrx;
u_int64_t tsf = ath_hal_gettsf64(sc->sc_ah);
+ /* XXX should take a locked ref to iv_bss */
u_int bmisstimeout =
vap->iv_bmissthreshold * vap->iv_bss->ni_intval * 1024;
@@ -3245,7 +3246,7 @@
if (vap == NULL)
vap = TAILQ_FIRST(&ic->ic_vaps); /* XXX */
- ni = vap->iv_bss;
+ ni = ieee80211_ref_node(vap->iv_bss);
/* extract tstamp from last beacon and convert to TU */
nexttbtt = TSF_TO_TU(LE_READ_4(ni->ni_tstamp.data + 4),
@@ -3415,6 +3416,7 @@
ath_beacon_start_adhoc(sc, vap);
}
sc->sc_syncbeacon = 0;
+ ieee80211_free_node(ni);
#undef FUDGE
#undef TSF_TO_TU
}
@@ -3853,6 +3855,7 @@
switch (subtype) {
case IEEE80211_FC0_SUBTYPE_BEACON:
/* update rssi statistics for use by the hal */
+ /* XXX unlocked check against vap->iv_bss? */
ATH_RSSI_LPF(sc->sc_halstats.ns_avgbrssi, rssi);
if (sc->sc_syncbeacon &&
ni == vap->iv_bss && vap->iv_state == IEEE80211_S_RUN) {
@@ -5721,7 +5724,7 @@
taskqueue_unblock(sc->sc_tq);
}
- ni = vap->iv_bss;
+ ni = ieee80211_ref_node(vap->iv_bss);
rfilt = ath_calcrxfilter(sc);
stamode = (vap->iv_opmode == IEEE80211_M_STA ||
vap->iv_opmode == IEEE80211_M_AHDEMO ||
@@ -5752,7 +5755,8 @@
if (nstate == IEEE80211_S_RUN) {
/* NB: collect bss node again, it may have changed */
- ni = vap->iv_bss;
+ ieee80211_free_node(ni);
+ ni = ieee80211_ref_node(vap->iv_bss);
DPRINTF(sc, ATH_DEBUG_STATE,
"%s(RUN): iv_flags 0x%08x bintvl %d bssid %s "
@@ -5875,6 +5879,7 @@
#endif
}
bad:
+ ieee80211_free_node(ni);
return error;
}
@@ -5893,6 +5898,7 @@
struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
ieee80211_keyix keyix, rxkeyix;
+ /* XXX should take a locked ref to vap->iv_bss */
if (!ath_key_alloc(vap, &ni->ni_ucastkey, &keyix, &rxkeyix)) {
/*
* Key cache is full; we'll fall back to doing
@@ -6448,6 +6454,7 @@
return;
}
}
+ /* XXX should take a locked ref to iv_bss */
tp = vap->iv_bss->ni_txparms;
/*
* Calculate the guard time for each slot. This is the
@@ -6697,6 +6704,7 @@
* Record local TSF for our last send for use
* in arbitrating slot collisions.
*/
+ /* XXX should take a locked ref to iv_bss */
vap->iv_bss->ni_tstamp.tsf = ath_hal_gettsf64(ah);
}
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=0u2_U_mY-QnPYo20MqK_ob6qiTRHTi3ruBFgW6=f0sA>