Date: Thu, 9 Aug 2012 03:32:28 -0600 From: PseudoCylon <moonlightakkiy@yahoo.ca> To: Kim Culhan <w8hdkim@gmail.com>, Adrian Chadd <adrian.chadd@gmail.com> Cc: freebsd-wireless@freebsd.org Subject: Re: (ANother) stall fixed, please update to HEAD Message-ID: <CAFZ_MYL%2BPJp=fZGY3HUuL%2BLtMGh1QaAMrEZsoig5sKoV=ESs=w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
> ------------------------------
>
> Message: 5
> Date: Tue, 7 Aug 2012 12:34:52 -0400
> From: Kim Culhan <w8hdkim@gmail.com>
> Subject: Re: (ANother) stall fixed, please update to HEAD
> To: Adrian Chadd <adrian.chadd@gmail.com>
> Cc: freebsd-wireless@freebsd.org
> Message-ID:
> <CAKZxVQVbKfW7WVuZjNFg5pGFu3Djzz=60FoSNTS83sz1zf72wQ@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
>> Yup. Would you be able to work with PseudoCylon and test his
>> ieee80211_iterate_nodes() patch? I'd like verification that it fixes
>> it for you before I tidy it up and commit it to -HEAD.
>
> iter.patch and iter2.patch cannot be applied in that order
> soo.. PseudoCylon could you please generate a diff
> against -HEAD from your present local source?
>
No it won't. Only one of them need to apply. I guess I didn't explain well.
iter.path only print outs debug message when the array overflowed
(most unlikely it will). At this moment, this is what we need.
iter2.patch does iter.patch + revert changes + abort iterating just
for piece of mind. Probably this is unnecessary. The code need to be
patched in the way the array won't overflow if it ever happens. (I
leave it to committers what to commit.)
The attached patch can be applied over iter.patch
Sorry for the confusion.
AK
[-- Attachment #2 --]
diff --git a/ieee80211_node.c b/ieee80211_node.c
index a609cb1..a15fc91 100644
--- a/ieee80211_node.c
+++ b/ieee80211_node.c
@@ -2160,18 +2160,19 @@ ieee80211_node_timeout(void *arg)
* May directly be called and do customized iterate functions.
* Only requirement is to decrement each node's ref count.
*/
-void
+int
ieee80211_iterate_nt(struct ieee80211_node_table *nt,
struct ieee80211_node **ni_arr, uint16_t max_aid)
{
struct ieee80211_node *ni;
u_int gen;
- int i = 0;
+ int i, ret;
IEEE80211_NODE_ITERATE_LOCK(nt);
IEEE80211_NODE_LOCK(nt);
gen = ++nt->nt_scangen;
+ i = ret = 0;
restart:
TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
@@ -2179,6 +2180,7 @@ restart:
continue;
if (i >= max_aid) {
+ ret = E2BIG;
if_printf(nt->nt_ic->ic_ifp,
"Node array overflow: max=%u", max_aid);
break;
@@ -2189,8 +2191,21 @@ restart:
goto restart;
}
+ if (ret) {
+ nt->nt_scangen--;
+ for (i = 0; i < max_aid; i++) {
+ ni = *(ni_arr + i);
+ ni->ni_scangen--;
+ /* node lock is recursive */
+ ieee80211_free_node(ni);
+ }
+ free(ni_arr, M_80211_NODE);
+ }
+
IEEE80211_NODE_UNLOCK(nt);
IEEE80211_NODE_ITERATE_UNLOCK(nt);
+
+ return (ret);
}
/*
@@ -2214,7 +2229,8 @@ ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
if (ni_arr == NULL)
return;
- ieee80211_iterate_nt(nt, ni_arr, max_aid);
+ if (!ieee80211_iterate_nt(nt, ni_arr, max_aid))
+ return;
for (i = 0; i < max_aid; i++) {
ni = *(ni_arr + i);
diff --git a/ieee80211_node.h b/ieee80211_node.h
index 1fbc892..48eae2d 100644
--- a/ieee80211_node.h
+++ b/ieee80211_node.h
@@ -438,7 +438,7 @@ int ieee80211_node_delucastkey(struct ieee80211_node *);
void ieee80211_node_timeout(void *arg);
typedef void ieee80211_iter_func(void *, struct ieee80211_node *);
-void ieee80211_iterate_nt(struct ieee80211_node_table *,
+int ieee80211_iterate_nt(struct ieee80211_node_table *,
struct ieee80211_node **, uint16_t);
void ieee80211_iterate_nodes(struct ieee80211_node_table *,
ieee80211_iter_func *, void *);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFZ_MYL%2BPJp=fZGY3HUuL%2BLtMGh1QaAMrEZsoig5sKoV=ESs=w>