diff options
author | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2008-09-26 20:09:17 +0000 |
---|---|---|
committer | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2008-09-26 20:09:17 +0000 |
commit | 436d8ee7e0690fa1cb0fb0ba208b3e4fe4432338 (patch) | |
tree | 5b99f20f22e2e822f18d5341df5d13aff2d3db3c | |
parent | 151259743b7854bcf3ff9970a71ec26afd31a7e1 (diff) |
madwifi: fix some really evil noderef issues (fixes #3999)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12719 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | package/madwifi/patches/380-noderef_fix.patch | 58 | ||||
-rw-r--r-- | package/madwifi/patches/401-changeset_r3602.patch | 2 |
2 files changed, 59 insertions, 1 deletions
diff --git a/package/madwifi/patches/380-noderef_fix.patch b/package/madwifi/patches/380-noderef_fix.patch new file mode 100644 index 000000000..e3a6b4690 --- /dev/null +++ b/package/madwifi/patches/380-noderef_fix.patch @@ -0,0 +1,58 @@ +--- a/net80211/ieee80211_node.c ++++ b/net80211/ieee80211_node.c +@@ -316,7 +316,7 @@ + */ + ni = ieee80211_find_node(&ic->ic_sta, vap->iv_myaddr); + if (ni == NULL) { +- ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr); ++ ni = ieee80211_alloc_node(vap, vap->iv_myaddr); + IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, + "%s: ni:%p allocated for " MAC_FMT "\n", + __func__, ni, MAC_ADDR(vap->iv_myaddr)); +@@ -421,14 +421,14 @@ + /* XXX multi-bss wrong */ + ieee80211_reset_erp(ic, ic->ic_curmode); + +- ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr); ++ ni = ieee80211_alloc_node(vap, vap->iv_myaddr); + IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, + "%s: ni:%p allocated for " MAC_FMT "\n", + __func__, ni, MAC_ADDR(vap->iv_myaddr)); + KASSERT(ni != NULL, ("unable to setup inital BSS node")); + + vap->iv_bss = PASS_NODE(ni); +- KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 2), ++ KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 1), + ("wrong refcount for new node.")); + + if (obss != NULL) { +@@ -630,6 +630,7 @@ + ieee80211_fix_rate(selbs, IEEE80211_F_DODEL); + } + ++ IEEE80211_VAPS_LOCK_BH(ic); + /* + * Committed to selbs, setup state. + */ +@@ -642,8 +643,9 @@ + (vap->iv_state == IEEE80211_S_RUN) && bssid_equal(obss, selbs)); */ + vap->iv_bss = selbs; + IEEE80211_ADDR_COPY(vap->iv_bssid, selbs->ni_bssid); +- if (obss != NULL) ++ if ((obss != NULL) && (obss != selbs)) + ieee80211_unref_node(&obss); ++ IEEE80211_VAPS_UNLOCK_BH(ic); + ic->ic_bsschan = selbs->ni_chan; + ic->ic_curchan = ic->ic_bsschan; + ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); +--- a/net80211/ieee80211_input.c ++++ b/net80211/ieee80211_input.c +@@ -3110,7 +3110,7 @@ + u_int8_t qosinfo; + + if (ni_or_null == NULL) +- ni = vap->iv_bss; ++ ni = ieee80211_ref_node(vap->iv_bss); + + wh = (struct ieee80211_frame *) skb->data; + frm = (u_int8_t *)&wh[1]; diff --git a/package/madwifi/patches/401-changeset_r3602.patch b/package/madwifi/patches/401-changeset_r3602.patch index 64780da12..2693d7a36 100644 --- a/package/madwifi/patches/401-changeset_r3602.patch +++ b/package/madwifi/patches/401-changeset_r3602.patch @@ -1,6 +1,6 @@ --- a/net80211/ieee80211_linux.h +++ b/net80211/ieee80211_linux.h -@@ -353,6 +353,8 @@ +@@ -341,6 +341,8 @@ /* __skb_append got a third parameter in 2.6.14 */ #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14) #define __skb_append(a,b,c) __skb_append(a, b) |