Date: Thu, 2 Sep 2010 03:28:03 +0000 (UTC) From: Andrew Thompson <thompsa@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r212127 - head/sys/dev/usb/wlan Message-ID: <201009020328.o823S3pV090276@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: thompsa Date: Thu Sep 2 03:28:03 2010 New Revision: 212127 URL: http://svn.freebsd.org/changeset/base/212127 Log: We need to grab a node reference count to vap->iv_bss before using it as it is possible for the node to be replaced and freed at any time by ieee80211_sta_join1(). Modified: head/sys/dev/usb/wlan/if_rum.c head/sys/dev/usb/wlan/if_run.c head/sys/dev/usb/wlan/if_uath.c head/sys/dev/usb/wlan/if_upgt.c head/sys/dev/usb/wlan/if_ural.c head/sys/dev/usb/wlan/if_urtw.c head/sys/dev/usb/wlan/if_zyd.c Modified: head/sys/dev/usb/wlan/if_rum.c ============================================================================== --- head/sys/dev/usb/wlan/if_rum.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_rum.c Thu Sep 2 03:28:03 2010 (r212127) @@ -719,7 +719,7 @@ rum_newstate(struct ieee80211vap *vap, e break; case IEEE80211_S_RUN: - ni = vap->iv_bss; + ni = ieee80211_ref_node(vap->iv_bss); if (vap->iv_opmode != IEEE80211_M_MONITOR) { rum_update_slot(ic->ic_ifp); @@ -743,6 +743,7 @@ rum_newstate(struct ieee80211vap *vap, e tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) rum_ratectl_start(sc, ni); + ieee80211_free_node(ni); break; default: break; @@ -2223,7 +2224,7 @@ rum_ratectl_task(void *arg, int pending) struct ieee80211com *ic = vap->iv_ic; struct ifnet *ifp = ic->ic_ifp; struct rum_softc *sc = ifp->if_softc; - struct ieee80211_node *ni = vap->iv_bss; + struct ieee80211_node *ni; int ok, fail; int sum, retrycnt; @@ -2237,8 +2238,10 @@ rum_ratectl_task(void *arg, int pending) sum = ok+fail; retrycnt = (le32toh(sc->sta[5]) & 0xffff) + fail; + ni = ieee80211_ref_node(vap->iv_bss); ieee80211_ratectl_tx_update(vap, ni, &sum, &ok, &retrycnt); (void) ieee80211_ratectl_rate(ni, NULL, 0); + ieee80211_free_node(ni); ifp->if_oerrors += fail; /* count TX retry-fail as Tx errors */ Modified: head/sys/dev/usb/wlan/if_run.c ============================================================================== --- head/sys/dev/usb/wlan/if_run.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_run.c Thu Sep 2 03:28:03 2010 (r212127) @@ -1693,7 +1693,6 @@ run_media_change(struct ifnet *ifp) struct ieee80211com *ic = vap->iv_ic; const struct ieee80211_txparam *tp; struct run_softc *sc = ic->ic_ifp->if_softc; - struct run_node *rn = (void *)vap->iv_bss; uint8_t rate, ridx; int error; @@ -1707,13 +1706,19 @@ run_media_change(struct ifnet *ifp) tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { + struct ieee80211_node *ni; + struct run_node *rn; + rate = ic->ic_sup_rates[ic->ic_curmode]. rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) if (rt2860_rates[ridx].rate == rate) break; + ni = ieee80211_ref_node(vap->iv_bss); + rn = (struct run_node *)ni; rn->fix_ridx = ridx; DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); + ieee80211_free_node(ni); } #if 0 @@ -1736,7 +1741,6 @@ run_newstate(struct ieee80211vap *vap, e struct run_softc *sc = ic->ic_ifp->if_softc; struct run_vap *rvp = RUN_VAP(vap); enum ieee80211_state ostate; - struct ieee80211_node *ni; uint32_t sta[3]; uint32_t tmp; uint8_t ratectl; @@ -1781,7 +1785,6 @@ run_newstate(struct ieee80211vap *vap, e case IEEE80211_S_RUN: - ni = vap->iv_bss; if (!(sc->runbmap & bid)) { if(sc->running++) restart_ratectl = 1; @@ -1817,12 +1820,16 @@ run_newstate(struct ieee80211vap *vap, e } if (vap->iv_opmode != IEEE80211_M_MONITOR) { + struct ieee80211_node *ni; + run_updateslot(ic->ic_ifp); run_enable_mrr(sc); run_set_txpreamble(sc); run_set_basicrates(sc); + ni = ieee80211_ref_node(vap->iv_bss); IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); run_set_bssid(sc, ni->ni_bssid); + ieee80211_free_node(ni); run_enable_tsf_sync(sc); /* enable automatic rate adaptation */ Modified: head/sys/dev/usb/wlan/if_uath.c ============================================================================== --- head/sys/dev/usb/wlan/if_uath.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_uath.c Thu Sep 2 03:28:03 2010 (r212127) @@ -1968,9 +1968,10 @@ uath_create_connection(struct uath_softc const struct ieee80211_rateset *rs; struct ieee80211com *ic = sc->sc_ifp->if_l2com; struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); - struct ieee80211_node *ni = vap->iv_bss; + struct ieee80211_node *ni; struct uath_cmd_create_connection create; + ni = ieee80211_ref_node(vap->iv_bss); bzero(&create, sizeof create); create.connid = htobe32(connid); create.bssid = htobe32(0); @@ -1989,6 +1990,7 @@ uath_create_connection(struct uath_softc create.connattr.wlanmode = htobe32(WLAN_MODE_11g); else create.connattr.wlanmode = htobe32(WLAN_MODE_11b); + ieee80211_free_node(ni); return uath_cmd_write(sc, WDCMSG_CREATE_CONNECTION, &create, sizeof create, 0); @@ -2017,14 +2019,16 @@ uath_write_associd(struct uath_softc *sc { struct ieee80211com *ic = sc->sc_ifp->if_l2com; struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); - struct ieee80211_node *ni = vap->iv_bss; + struct ieee80211_node *ni; struct uath_cmd_set_associd associd; + ni = ieee80211_ref_node(vap->iv_bss); bzero(&associd, sizeof associd); associd.defaultrateix = htobe32(1); /* XXX */ associd.associd = htobe32(ni->ni_associd); associd.timoffset = htobe32(0x3b); /* XXX */ IEEE80211_ADDR_COPY(associd.bssid, ni->ni_bssid); + ieee80211_free_node(ni); return uath_cmd_write(sc, WDCMSG_WRITE_ASSOCID, &associd, sizeof associd, 0); } @@ -2065,7 +2069,7 @@ uath_newstate(struct ieee80211vap *vap, { enum ieee80211_state ostate = vap->iv_state; int error; - struct ieee80211_node *ni = vap->iv_bss; + struct ieee80211_node *ni; struct ieee80211com *ic = vap->iv_ic; struct uath_softc *sc = ic->ic_ifp->if_softc; struct uath_vap *uvp = UATH_VAP(vap); @@ -2078,6 +2082,7 @@ uath_newstate(struct ieee80211vap *vap, UATH_LOCK(sc); callout_stop(&sc->stat_ch); callout_stop(&sc->watchdog_ch); + ni = ieee80211_ref_node(vap->iv_bss); switch (nstate) { case IEEE80211_S_INIT: @@ -2150,6 +2155,7 @@ uath_newstate(struct ieee80211vap *vap, default: break; } + ieee80211_free_node(ni); UATH_UNLOCK(sc); IEEE80211_LOCK(ic); return (uvp->newstate(vap, nstate, arg)); Modified: head/sys/dev/usb/wlan/if_upgt.c ============================================================================== --- head/sys/dev/usb/wlan/if_upgt.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_upgt.c Thu Sep 2 03:28:03 2010 (r212127) @@ -652,7 +652,6 @@ upgt_set_macfilter(struct upgt_softc *sc struct ifnet *ifp = sc->sc_ifp; struct ieee80211com *ic = ifp->if_l2com; struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); - struct ieee80211_node *ni = vap->iv_bss; struct upgt_data *data_cmd; struct upgt_lmac_mem *mem; struct upgt_lmac_filter *filter; @@ -707,6 +706,9 @@ upgt_set_macfilter(struct upgt_softc *sc filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); break; case IEEE80211_S_RUN: + struct ieee80211_node *ni; + + ni = ieee80211_ref_node(vap->iv_bss); /* XXX monitor mode isn't tested yet. */ if (vap->iv_opmode == IEEE80211_M_MONITOR) { filter->type = htole16(UPGT_FILTER_TYPE_MONITOR); @@ -730,6 +732,7 @@ upgt_set_macfilter(struct upgt_softc *sc filter->rxhw = htole32(sc->sc_eeprom_hwrx); filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); } + ieee80211_free_node(ni); break; default: device_printf(sc->sc_dev, Modified: head/sys/dev/usb/wlan/if_ural.c ============================================================================== --- head/sys/dev/usb/wlan/if_ural.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_ural.c Thu Sep 2 03:28:03 2010 (r212127) @@ -711,7 +711,7 @@ ural_newstate(struct ieee80211vap *vap, break; case IEEE80211_S_RUN: - ni = vap->iv_bss; + ni = ieee80211_ref_node(vap->iv_bss); if (vap->iv_opmode != IEEE80211_M_MONITOR) { ural_update_slot(ic->ic_ifp); @@ -729,6 +729,7 @@ ural_newstate(struct ieee80211vap *vap, "could not allocate beacon\n"); RAL_UNLOCK(sc); IEEE80211_LOCK(ic); + ieee80211_free_node(ni); return (-1); } ieee80211_ref_node(ni); @@ -737,6 +738,7 @@ ural_newstate(struct ieee80211vap *vap, "could not send beacon\n"); RAL_UNLOCK(sc); IEEE80211_LOCK(ic); + ieee80211_free_node(ni); return (-1); } } @@ -754,7 +756,7 @@ ural_newstate(struct ieee80211vap *vap, tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) ural_ratectl_start(sc, ni); - + ieee80211_free_node(ni); break; default: @@ -2237,10 +2239,11 @@ ural_ratectl_task(void *arg, int pending struct ieee80211com *ic = vap->iv_ic; struct ifnet *ifp = ic->ic_ifp; struct ural_softc *sc = ifp->if_softc; - struct ieee80211_node *ni = vap->iv_bss; + struct ieee80211_node *ni; int ok, fail; int sum, retrycnt; + ni = ieee80211_ref_node(vap->iv_bss); RAL_LOCK(sc); /* read and clear statistic registers (STA_CSR0 to STA_CSR10) */ ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof(sc->sta)); @@ -2258,6 +2261,7 @@ ural_ratectl_task(void *arg, int pending usb_callout_reset(&uvp->ratectl_ch, hz, ural_ratectl_timeout, uvp); RAL_UNLOCK(sc); + ieee80211_free_node(ni); } static int Modified: head/sys/dev/usb/wlan/if_urtw.c ============================================================================== --- head/sys/dev/usb/wlan/if_urtw.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_urtw.c Thu Sep 2 03:28:03 2010 (r212127) @@ -1830,7 +1830,6 @@ urtw_tx_start(struct urtw_softc *sc, str static int urtw_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) { - struct ieee80211_node *ni = vap->iv_bss; struct ieee80211com *ic = vap->iv_ic; struct urtw_softc *sc = ic->ic_ifp->if_softc; struct urtw_vap *uvp = URTW_VAP(vap); @@ -1854,6 +1853,9 @@ urtw_newstate(struct ieee80211vap *vap, case IEEE80211_S_ASSOC: break; case IEEE80211_S_RUN: + struct ieee80211_node *ni; + + ni = ieee80211_ref_node(vap->iv_bss); /* setting bssid. */ urtw_write32_m(sc, URTW_BSSID, ((uint32_t *)ni->ni_bssid)[0]); urtw_write16_m(sc, URTW_BSSID + 4, @@ -1868,6 +1870,7 @@ urtw_newstate(struct ieee80211vap *vap, if (error != 0) device_printf(sc->sc_dev, "could not control LED (%d)\n", error); + ieee80211_free_node(ni); break; default: break; Modified: head/sys/dev/usb/wlan/if_zyd.c ============================================================================== --- head/sys/dev/usb/wlan/if_zyd.c Thu Sep 2 01:05:10 2010 (r212126) +++ head/sys/dev/usb/wlan/if_zyd.c Thu Sep 2 03:28:03 2010 (r212127) @@ -572,7 +572,6 @@ zyd_newstate(struct ieee80211vap *vap, e struct zyd_vap *zvp = ZYD_VAP(vap); struct ieee80211com *ic = vap->iv_ic; struct zyd_softc *sc = ic->ic_ifp->if_softc; - struct ieee80211_node *ni; int error; DPRINTF(sc, ZYD_DEBUG_STATE, "%s: %s -> %s\n", __func__, @@ -586,7 +585,6 @@ zyd_newstate(struct ieee80211vap *vap, e zyd_set_chan(sc, ic->ic_curchan); break; case IEEE80211_S_RUN: - ni = vap->iv_bss; if (vap->iv_opmode == IEEE80211_M_MONITOR) break; @@ -598,7 +596,7 @@ zyd_newstate(struct ieee80211vap *vap, e /* make data LED blink upon Tx */ zyd_write32_m(sc, sc->sc_fwbase + ZYD_FW_LINK_STATUS, 1); - IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); + IEEE80211_ADDR_COPY(sc->sc_bssid, vap->iv_bss->ni_bssid); zyd_set_bssid(sc, sc->sc_bssid); break; default:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009020328.o823S3pV090276>