From owner-svn-src-all@FreeBSD.ORG  Fri Jun  7 09:03:57 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 5C948F73;
 Fri,  7 Jun 2013 09:03:57 +0000 (UTC)
 (envelope-from adrian@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 4F7F511F9;
 Fri,  7 Jun 2013 09:03:57 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r5793vrs030952;
 Fri, 7 Jun 2013 09:03:57 GMT (envelope-from adrian@svn.freebsd.org)
Received: (from adrian@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id r5793vj7030951;
 Fri, 7 Jun 2013 09:03:57 GMT (envelope-from adrian@svn.freebsd.org)
Message-Id: <201306070903.r5793vj7030951@svn.freebsd.org>
From: Adrian Chadd <adrian@FreeBSD.org>
Date: Fri, 7 Jun 2013 09:03:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r251488 - head/sys/net80211
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2013 09:03:57 -0000

Author: adrian
Date: Fri Jun  7 09:03:56 2013
New Revision: 251488
URL: http://svnweb.freebsd.org/changeset/base/251488

Log:
  Don't hold the node lock over the iterator.
  
  The "find node" function call will increase the node reference anyway;
  so there's no reason to hold the node table lock during the MLME change.
  
  The only reason I could think of is to stop overlapping mlme ioctls
  from causing issues, but this should be fixed a different way.
  
  This fixes a whole class of LORs that creep up when nodes are being
  timed out or removed by hostapd.
  
  Tested:
  
  * AR5416, hostap, with nodes coming and going.  No LORs or stability
    issues were observed.

Modified:
  head/sys/net80211/ieee80211_ioctl.c

Modified: head/sys/net80211/ieee80211_ioctl.c
==============================================================================
--- head/sys/net80211/ieee80211_ioctl.c	Fri Jun  7 09:02:02 2013	(r251487)
+++ head/sys/net80211/ieee80211_ioctl.c	Fri Jun  7 09:03:56 2013	(r251488)
@@ -1340,12 +1340,17 @@ setmlme_dropsta(struct ieee80211vap *vap
 	if (!IEEE80211_ADDR_EQ(mac, ic->ic_ifp->if_broadcastaddr)) {
 		IEEE80211_NODE_LOCK(nt);
 		ni = ieee80211_find_node_locked(nt, mac);
+		IEEE80211_NODE_UNLOCK(nt);
+		/*
+		 * Don't do the node update inside the node
+		 * table lock.  This unfortunately causes LORs
+		 * with drivers and their TX paths.
+		 */
 		if (ni != NULL) {
 			domlme(mlmeop, ni);
 			ieee80211_free_node(ni);
 		} else
 			error = ENOENT;
-		IEEE80211_NODE_UNLOCK(nt);
 	} else {
 		ieee80211_iterate_nodes(nt, domlme, mlmeop);
 	}
@@ -1400,13 +1405,18 @@ setmlme_common(struct ieee80211vap *vap,
 		case IEEE80211_M_MBSS:
 			IEEE80211_NODE_LOCK(nt);
 			ni = ieee80211_find_node_locked(nt, mac);
+			/*
+			 * Don't do the node update inside the node
+			 * table lock.  This unfortunately causes LORs
+			 * with drivers and their TX paths.
+			 */
+			IEEE80211_NODE_UNLOCK(nt);
 			if (ni != NULL) {
 				ieee80211_node_leave(ni);
 				ieee80211_free_node(ni);
 			} else {
 				error = ENOENT;
 			}
-			IEEE80211_NODE_UNLOCK(nt);
 			break;
 		default:
 			error = EINVAL;
@@ -1422,6 +1432,12 @@ setmlme_common(struct ieee80211vap *vap,
 		}
 		IEEE80211_NODE_LOCK(nt);
 		ni = ieee80211_find_vap_node_locked(nt, vap, mac);
+		/*
+		 * Don't do the node update inside the node
+		 * table lock.  This unfortunately causes LORs
+		 * with drivers and their TX paths.
+		 */
+		IEEE80211_NODE_UNLOCK(nt);
 		if (ni != NULL) {
 			mlmedebug(vap, mac, op, reason);
 			if (op == IEEE80211_MLME_AUTHORIZE)
@@ -1431,7 +1447,6 @@ setmlme_common(struct ieee80211vap *vap,
 			ieee80211_free_node(ni);
 		} else
 			error = ENOENT;
-		IEEE80211_NODE_UNLOCK(nt);
 		break;
 	case IEEE80211_MLME_AUTH:
 		if (vap->iv_opmode != IEEE80211_M_HOSTAP) {
@@ -1440,6 +1455,12 @@ setmlme_common(struct ieee80211vap *vap,
 		}
 		IEEE80211_NODE_LOCK(nt);
 		ni = ieee80211_find_vap_node_locked(nt, vap, mac);
+		/*
+		 * Don't do the node update inside the node
+		 * table lock.  This unfortunately causes LORs
+		 * with drivers and their TX paths.
+		 */
+		IEEE80211_NODE_UNLOCK(nt);
 		if (ni != NULL) {
 			mlmedebug(vap, mac, op, reason);
 			if (reason == IEEE80211_STATUS_SUCCESS) {
@@ -1463,7 +1484,6 @@ setmlme_common(struct ieee80211vap *vap,
 			ieee80211_free_node(ni);
 		} else
 			error = ENOENT;
-		IEEE80211_NODE_UNLOCK(nt);
 		break;
 	default:
 		error = EINVAL;