Date: Wed, 30 Sep 2009 14:28:38 +0000 (UTC) From: Coleman Kane <cokane@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r197644 - head/sys/dev/if_ndis Message-ID: <200909301428.n8UEScWk017686@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cokane Date: Wed Sep 30 14:28:38 2009 New Revision: 197644 URL: http://svn.freebsd.org/changeset/base/197644 Log: Correct a bug that could lead to a kernel panic if a user attempted to perform 802.11 operations directly on the ndis0 interface before the first VAP (wlan0) had been created. This would lead to a NULL-pointer dereference in the kernel. Submitted by: Paul B. Mahol <onemda@gmail.com> MFC after: 3 days Modified: head/sys/dev/if_ndis/if_ndis.c Modified: head/sys/dev/if_ndis/if_ndis.c ============================================================================== --- head/sys/dev/if_ndis/if_ndis.c Wed Sep 30 13:26:31 2009 (r197643) +++ head/sys/dev/if_ndis/if_ndis.c Wed Sep 30 14:28:38 2009 (r197644) @@ -1534,7 +1534,7 @@ ndis_inputtask(dobj, arg) if (m == NULL) break; KeReleaseSpinLock(&sc->ndis_rxlock, irql); - if (sc->ndis_80211) + if (sc->ndis_80211 && vap) vap->iv_deliver_data(vap, vap->iv_bss, m); else (*ifp->if_input)(ifp, m); @@ -1746,7 +1746,7 @@ ndis_ticktask(d, xsc) sc->ndis_sts == NDIS_STATUS_MEDIA_CONNECT) { sc->ndis_link = 1; NDIS_UNLOCK(sc); - if (sc->ndis_80211) { + if (sc->ndis_80211 && vap) { ndis_getstate_80211(sc); ieee80211_new_state(vap, IEEE80211_S_RUN, -1); } @@ -1758,7 +1758,7 @@ ndis_ticktask(d, xsc) sc->ndis_sts == NDIS_STATUS_MEDIA_DISCONNECT) { sc->ndis_link = 0; NDIS_UNLOCK(sc); - if (sc->ndis_80211) + if (sc->ndis_80211 && vap) ieee80211_new_state(vap, IEEE80211_S_SCAN, 0); NDIS_LOCK(sc); if_link_state_change(sc->ifp, LINK_STATE_DOWN); @@ -2047,9 +2047,6 @@ ndis_init(xsc) /* Setup task offload. */ ndis_set_offload(sc); - if (sc->ndis_80211) - ndis_setstate_80211(sc); - NDIS_LOCK(sc); sc->ndis_txidx = 0; @@ -2297,8 +2294,6 @@ ndis_setstate_80211(sc) ifp = sc->ifp; ic = ifp->if_l2com; vap = TAILQ_FIRST(&ic->ic_vaps); - if (vap == NULL) - return; if (!NDIS_INITIALIZED(sc)) { DPRINTF(("%s: NDIS not initialized\n", __func__)); @@ -2730,8 +2725,6 @@ ndis_getstate_80211(sc) ifp = sc->ifp; ic = ifp->if_l2com; vap = TAILQ_FIRST(&ic->ic_vaps); - if (vap == NULL) - return; ni = vap->iv_bss; if (!NDIS_INITIALIZED(sc))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909301428.n8UEScWk017686>