Author: thompsa
Date: Thu Sep 2 03:28:03 2010
New Revision: 212127
URL: http://svn.freebsd.org/changeset/base/212127
Log:
We need to grab a node reference count to vap->iv_bss before using it as it is
possible for the node to be replaced and freed at any time by
ieee80211_sta_join1().
Modified:
head/sys/dev/usb/wlan/if_rum.c
head/sys/dev/usb/wlan/if_run.c
head/sys/dev/usb/wlan/if_uath.c
head/sys/dev/usb/wlan/if_upgt.c
head/sys/dev/usb/wlan/if_ural.c
head/sys/dev/usb/wlan/if_urtw.c
head/sys/dev/usb/wlan/if_zyd.c
Modified: head/sys/dev/usb/wlan/if_rum.c
==============================================================================
--- head/sys/dev/usb/wlan/if_rum.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_rum.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -719,7 +719,7 @@ rum_newstate(struct ieee80211vap *vap, e
break;
case IEEE80211_S_RUN:
- ni = vap->iv_bss;
+ ni = ieee80211_ref_node(vap->iv_bss);
if (vap->iv_opmode != IEEE80211_M_MONITOR) {
rum_update_slot(ic->ic_ifp);
@@ -743,6 +743,7 @@ rum_newstate(struct ieee80211vap *vap, e
tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
rum_ratectl_start(sc, ni);
+ ieee80211_free_node(ni);
break;
default:
break;
@@ -2223,7 +2224,7 @@ rum_ratectl_task(void *arg, int pending)
struct ieee80211com *ic = vap->iv_ic;
struct ifnet *ifp = ic->ic_ifp;
struct rum_softc *sc = ifp->if_softc;
- struct ieee80211_node *ni = vap->iv_bss;
+ struct ieee80211_node *ni;
int ok, fail;
int sum, retrycnt;
@@ -2237,8 +2238,10 @@ rum_ratectl_task(void *arg, int pending)
sum = ok+fail;
retrycnt = (le32toh(sc->sta[5]) & 0xffff) + fail;
+ ni = ieee80211_ref_node(vap->iv_bss);
ieee80211_ratectl_tx_update(vap, ni, &sum, &ok, &retrycnt);
(void) ieee80211_ratectl_rate(ni, NULL, 0);
+ ieee80211_free_node(ni);
ifp->if_oerrors += fail; /* count TX retry-fail as Tx errors */
Modified: head/sys/dev/usb/wlan/if_run.c
==============================================================================
--- head/sys/dev/usb/wlan/if_run.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_run.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -1693,7 +1693,6 @@ run_media_change(struct ifnet *ifp)
struct ieee80211com *ic = vap->iv_ic;
const struct ieee80211_txparam *tp;
struct run_softc *sc = ic->ic_ifp->if_softc;
- struct run_node *rn = (void *)vap->iv_bss;
uint8_t rate, ridx;
int error;
@@ -1707,13 +1706,19 @@ run_media_change(struct ifnet *ifp)
tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
+ struct ieee80211_node *ni;
+ struct run_node *rn;
+
rate = ic->ic_sup_rates[ic->ic_curmode].
rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
if (rt2860_rates[ridx].rate == rate)
break;
+ ni = ieee80211_ref_node(vap->iv_bss);
+ rn = (struct run_node *)ni;
rn->fix_ridx = ridx;
DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
+ ieee80211_free_node(ni);
}
#if 0
@@ -1736,7 +1741,6 @@ run_newstate(struct ieee80211vap *vap, e
struct run_softc *sc = ic->ic_ifp->if_softc;
struct run_vap *rvp = RUN_VAP(vap);
enum ieee80211_state ostate;
- struct ieee80211_node *ni;
uint32_t sta[3];
uint32_t tmp;
uint8_t ratectl;
@@ -1781,7 +1785,6 @@ run_newstate(struct ieee80211vap *vap, e
case IEEE80211_S_RUN:
- ni = vap->iv_bss;
if (!(sc->runbmap & bid)) {
if(sc->running++)
restart_ratectl = 1;
@@ -1817,12 +1820,16 @@ run_newstate(struct ieee80211vap *vap, e
}
if (vap->iv_opmode != IEEE80211_M_MONITOR) {
+ struct ieee80211_node *ni;
+
run_updateslot(ic->ic_ifp);
run_enable_mrr(sc);
run_set_txpreamble(sc);
run_set_basicrates(sc);
+ ni = ieee80211_ref_node(vap->iv_bss);
IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
run_set_bssid(sc, ni->ni_bssid);
+ ieee80211_free_node(ni);
run_enable_tsf_sync(sc);
/* enable automatic rate adaptation */
Modified: head/sys/dev/usb/wlan/if_uath.c
==============================================================================
--- head/sys/dev/usb/wlan/if_uath.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_uath.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -1968,9 +1968,10 @@ uath_create_connection(struct uath_softc
const struct ieee80211_rateset *rs;
struct ieee80211com *ic = sc->sc_ifp->if_l2com;
struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
- struct ieee80211_node *ni = vap->iv_bss;
+ struct ieee80211_node *ni;
struct uath_cmd_create_connection create;
+ ni = ieee80211_ref_node(vap->iv_bss);
bzero(&create, sizeof create);
create.connid = htobe32(connid);
create.bssid = htobe32(0);
@@ -1989,6 +1990,7 @@ uath_create_connection(struct uath_softc
create.connattr.wlanmode = htobe32(WLAN_MODE_11g);
else
create.connattr.wlanmode = htobe32(WLAN_MODE_11b);
+ ieee80211_free_node(ni);
return uath_cmd_write(sc, WDCMSG_CREATE_CONNECTION, &create,
sizeof create, 0);
@@ -2017,14 +2019,16 @@ uath_write_associd(struct uath_softc *sc
{
struct ieee80211com *ic = sc->sc_ifp->if_l2com;
struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
- struct ieee80211_node *ni = vap->iv_bss;
+ struct ieee80211_node *ni;
struct uath_cmd_set_associd associd;
+ ni = ieee80211_ref_node(vap->iv_bss);
bzero(&associd, sizeof associd);
associd.defaultrateix = htobe32(1); /* XXX */
associd.associd = htobe32(ni->ni_associd);
associd.timoffset = htobe32(0x3b); /* XXX */
IEEE80211_ADDR_COPY(associd.bssid, ni->ni_bssid);
+ ieee80211_free_node(ni);
return uath_cmd_write(sc, WDCMSG_WRITE_ASSOCID, &associd,
sizeof associd, 0);
}
@@ -2065,7 +2069,7 @@ uath_newstate(struct ieee80211vap *vap,
{
enum ieee80211_state ostate = vap->iv_state;
int error;
- struct ieee80211_node *ni = vap->iv_bss;
+ struct ieee80211_node *ni;
struct ieee80211com *ic = vap->iv_ic;
struct uath_softc *sc = ic->ic_ifp->if_softc;
struct uath_vap *uvp = UATH_VAP(vap);
@@ -2078,6 +2082,7 @@ uath_newstate(struct ieee80211vap *vap,
UATH_LOCK(sc);
callout_stop(&sc->stat_ch);
callout_stop(&sc->watchdog_ch);
+ ni = ieee80211_ref_node(vap->iv_bss);
switch (nstate) {
case IEEE80211_S_INIT:
@@ -2150,6 +2155,7 @@ uath_newstate(struct ieee80211vap *vap,
default:
break;
}
+ ieee80211_free_node(ni);
UATH_UNLOCK(sc);
IEEE80211_LOCK(ic);
return (uvp->newstate(vap, nstate, arg));
Modified: head/sys/dev/usb/wlan/if_upgt.c
==============================================================================
--- head/sys/dev/usb/wlan/if_upgt.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_upgt.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -652,7 +652,6 @@ upgt_set_macfilter(struct upgt_softc *sc
struct ifnet *ifp = sc->sc_ifp;
struct ieee80211com *ic = ifp->if_l2com;
struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
- struct ieee80211_node *ni = vap->iv_bss;
struct upgt_data *data_cmd;
struct upgt_lmac_mem *mem;
struct upgt_lmac_filter *filter;
@@ -707,6 +706,9 @@ upgt_set_macfilter(struct upgt_softc *sc
filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3);
break;
case IEEE80211_S_RUN:
+ struct ieee80211_node *ni;
+
+ ni = ieee80211_ref_node(vap->iv_bss);
/* XXX monitor mode isn't tested yet. */
if (vap->iv_opmode == IEEE80211_M_MONITOR) {
filter->type = htole16(UPGT_FILTER_TYPE_MONITOR);
@@ -730,6 +732,7 @@ upgt_set_macfilter(struct upgt_softc *sc
filter->rxhw = htole32(sc->sc_eeprom_hwrx);
filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3);
}
+ ieee80211_free_node(ni);
break;
default:
device_printf(sc->sc_dev,
Modified: head/sys/dev/usb/wlan/if_ural.c
==============================================================================
--- head/sys/dev/usb/wlan/if_ural.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_ural.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -711,7 +711,7 @@ ural_newstate(struct ieee80211vap *vap,
break;
case IEEE80211_S_RUN:
- ni = vap->iv_bss;
+ ni = ieee80211_ref_node(vap->iv_bss);
if (vap->iv_opmode != IEEE80211_M_MONITOR) {
ural_update_slot(ic->ic_ifp);
@@ -729,6 +729,7 @@ ural_newstate(struct ieee80211vap *vap,
"could not allocate beacon\n");
RAL_UNLOCK(sc);
IEEE80211_LOCK(ic);
+ ieee80211_free_node(ni);
return (-1);
}
ieee80211_ref_node(ni);
@@ -737,6 +738,7 @@ ural_newstate(struct ieee80211vap *vap,
"could not send beacon\n");
RAL_UNLOCK(sc);
IEEE80211_LOCK(ic);
+ ieee80211_free_node(ni);
return (-1);
}
}
@@ -754,7 +756,7 @@ ural_newstate(struct ieee80211vap *vap,
tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
ural_ratectl_start(sc, ni);
-
+ ieee80211_free_node(ni);
break;
default:
@@ -2237,10 +2239,11 @@ ural_ratectl_task(void *arg, int pending
struct ieee80211com *ic = vap->iv_ic;
struct ifnet *ifp = ic->ic_ifp;
struct ural_softc *sc = ifp->if_softc;
- struct ieee80211_node *ni = vap->iv_bss;
+ struct ieee80211_node *ni;
int ok, fail;
int sum, retrycnt;
+ ni = ieee80211_ref_node(vap->iv_bss);
RAL_LOCK(sc);
/* read and clear statistic registers (STA_CSR0 to STA_CSR10) */
ural_read_multi(sc, RAL_STA_CSR0, sc->sta, sizeof(sc->sta));
@@ -2258,6 +2261,7 @@ ural_ratectl_task(void *arg, int pending
usb_callout_reset(&uvp->ratectl_ch, hz, ural_ratectl_timeout, uvp);
RAL_UNLOCK(sc);
+ ieee80211_free_node(ni);
}
static int
Modified: head/sys/dev/usb/wlan/if_urtw.c
==============================================================================
--- head/sys/dev/usb/wlan/if_urtw.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_urtw.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -1830,7 +1830,6 @@ urtw_tx_start(struct urtw_softc *sc, str
static int
urtw_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
{
- struct ieee80211_node *ni = vap->iv_bss;
struct ieee80211com *ic = vap->iv_ic;
struct urtw_softc *sc = ic->ic_ifp->if_softc;
struct urtw_vap *uvp = URTW_VAP(vap);
@@ -1854,6 +1853,9 @@ urtw_newstate(struct ieee80211vap *vap,
case IEEE80211_S_ASSOC:
break;
case IEEE80211_S_RUN:
+ struct ieee80211_node *ni;
+
+ ni = ieee80211_ref_node(vap->iv_bss);
/* setting bssid. */
urtw_write32_m(sc, URTW_BSSID, ((uint32_t *)ni->ni_bssid)[0]);
urtw_write16_m(sc, URTW_BSSID + 4,
@@ -1868,6 +1870,7 @@ urtw_newstate(struct ieee80211vap *vap,
if (error != 0)
device_printf(sc->sc_dev,
"could not control LED (%d)\n", error);
+ ieee80211_free_node(ni);
break;
default:
break;
Modified: head/sys/dev/usb/wlan/if_zyd.c
==============================================================================
--- head/sys/dev/usb/wlan/if_zyd.c Thu Sep 2 01:05:10 2010
(r212126)
+++ head/sys/dev/usb/wlan/if_zyd.c Thu Sep 2 03:28:03 2010
(r212127)
@@ -572,7 +572,6 @@ zyd_newstate(struct ieee80211vap *vap, e
struct zyd_vap *zvp = ZYD_VAP(vap);
struct ieee80211com *ic = vap->iv_ic;
struct zyd_softc *sc = ic->ic_ifp->if_softc;
- struct ieee80211_node *ni;
int error;
DPRINTF(sc, ZYD_DEBUG_STATE, "%s: %s -> %s\n", __func__,
@@ -586,7 +585,6 @@ zyd_newstate(struct ieee80211vap *vap, e
zyd_set_chan(sc, ic->ic_curchan);
break;
case IEEE80211_S_RUN:
- ni = vap->iv_bss;
if (vap->iv_opmode == IEEE80211_M_MONITOR)
break;
@@ -598,7 +596,7 @@ zyd_newstate(struct ieee80211vap *vap, e
/* make data LED blink upon Tx */
zyd_write32_m(sc, sc->sc_fwbase + ZYD_FW_LINK_STATUS, 1);
- IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
+ IEEE80211_ADDR_COPY(sc->sc_bssid, vap->iv_bss->ni_bssid);
zyd_set_bssid(sc, sc->sc_bssid);
break;
default:
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
