Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 May 2013 09:40:01 GMT
From:      dfilter@FreeBSD.ORG (dfilter service)
To:        freebsd-wireless@FreeBSD.org
Subject:   Re: kern/178470: commit references a PR
Message-ID:  <201305100940.r4A9e1fS086135@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/178470; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/178470: commit references a PR
Date: Fri, 10 May 2013 09:38:06 +0000 (UTC)

 Author: adrian
 Date: Fri May 10 09:37:58 2013
 New Revision: 250442
 URL: http://svnweb.freebsd.org/changeset/base/250442
 
 Log:
   Fix a VAP BSS node reference in the HT code to actually take a reference
   before using said node.
   
   The "blessed" way here is to take a node reference before referencing
   anything inside the node, otherwise the node can be freed between
   the time the pointer is copied/dereferenced and the time the node contents
   are used.
   
   This mirrors fixes that I've done elsewhere in the net80211/driver
   stack.
   
   PR:		kern/178470
 
 Modified:
   head/sys/net80211/ieee80211_ht.c
 
 Modified: head/sys/net80211/ieee80211_ht.c
 ==============================================================================
 --- head/sys/net80211/ieee80211_ht.c	Fri May 10 08:46:10 2013	(r250441)
 +++ head/sys/net80211/ieee80211_ht.c	Fri May 10 09:37:58 2013	(r250442)
 @@ -2773,11 +2773,15 @@ ieee80211_ht_update_beacon(struct ieee80
  	struct ieee80211_beacon_offsets *bo)
  {
  #define	PROTMODE	(IEEE80211_HTINFO_OPMODE|IEEE80211_HTINFO_NONHT_PRESENT)
 -	const struct ieee80211_channel *bsschan = vap->iv_bss->ni_chan;
 +	struct ieee80211_node *ni;
 +	const struct ieee80211_channel *bsschan;
  	struct ieee80211com *ic = vap->iv_ic;
  	struct ieee80211_ie_htinfo *ht =
  	   (struct ieee80211_ie_htinfo *) bo->bo_htinfo;
  
 +	ni = ieee80211_ref_node(vap->iv_bss);
 +	bsschan = ni->ni_chan;
 +
  	/* XXX only update on channel change */
  	ht->hi_ctrlchannel = ieee80211_chan2ieee(ic, bsschan);
  	if (vap->iv_flags_ht & IEEE80211_FHT_RIFS)
 @@ -2796,6 +2800,8 @@ ieee80211_ht_update_beacon(struct ieee80
  	/* protection mode */
  	ht->hi_byte2 = (ht->hi_byte2 &~ PROTMODE) | ic->ic_curhtprotmode;
  
 +	ieee80211_free_node(ni);
 +
  	/* XXX propagate to vendor ie's */
  #undef PROTMODE
  }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305100940.r4A9e1fS086135>