aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2008-09-26 20:09:17 +0000
committerFelix Fietkau <nbd@openwrt.org>2008-09-26 20:09:17 +0000
commit0bbf0d442697fd8bd02b3b65d4dcb1c40b3827b2 (patch)
tree5b99f20f22e2e822f18d5341df5d13aff2d3db3c
parentd5da0a6f1c99f328277b0277a762a8188e25b09e (diff)
downloadupstream-0bbf0d442697fd8bd02b3b65d4dcb1c40b3827b2.tar.gz
upstream-0bbf0d442697fd8bd02b3b65d4dcb1c40b3827b2.tar.bz2
upstream-0bbf0d442697fd8bd02b3b65d4dcb1c40b3827b2.zip
madwifi: fix some really evil noderef issues (fixes #3999)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12719 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/madwifi/patches/380-noderef_fix.patch58
-rw-r--r--package/madwifi/patches/401-changeset_r3602.patch2
2 files changed, 59 insertions, 1 deletions
diff --git a/package/madwifi/patches/380-noderef_fix.patch b/package/madwifi/patches/380-noderef_fix.patch
new file mode 100644
index 0000000000..e3a6b4690a
--- /dev/null
+++ b/package/madwifi/patches/380-noderef_fix.patch
@@ -0,0 +1,58 @@
+--- a/net80211/ieee80211_node.c
++++ b/net80211/ieee80211_node.c
+@@ -316,7 +316,7 @@
+ */
+ ni = ieee80211_find_node(&ic->ic_sta, vap->iv_myaddr);
+ if (ni == NULL) {
+- ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr);
++ ni = ieee80211_alloc_node(vap, vap->iv_myaddr);
+ IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
+ "%s: ni:%p allocated for " MAC_FMT "\n",
+ __func__, ni, MAC_ADDR(vap->iv_myaddr));
+@@ -421,14 +421,14 @@
+ /* XXX multi-bss wrong */
+ ieee80211_reset_erp(ic, ic->ic_curmode);
+
+- ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr);
++ ni = ieee80211_alloc_node(vap, vap->iv_myaddr);
+ IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
+ "%s: ni:%p allocated for " MAC_FMT "\n",
+ __func__, ni, MAC_ADDR(vap->iv_myaddr));
+ KASSERT(ni != NULL, ("unable to setup inital BSS node"));
+
+ vap->iv_bss = PASS_NODE(ni);
+- KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 2),
++ KASSERT((atomic_read(&vap->iv_bss->ni_refcnt) == 1),
+ ("wrong refcount for new node."));
+
+ if (obss != NULL) {
+@@ -630,6 +630,7 @@
+ ieee80211_fix_rate(selbs, IEEE80211_F_DODEL);
+ }
+
++ IEEE80211_VAPS_LOCK_BH(ic);
+ /*
+ * Committed to selbs, setup state.
+ */
+@@ -642,8 +643,9 @@
+ (vap->iv_state == IEEE80211_S_RUN) && bssid_equal(obss, selbs)); */
+ vap->iv_bss = selbs;
+ IEEE80211_ADDR_COPY(vap->iv_bssid, selbs->ni_bssid);
+- if (obss != NULL)
++ if ((obss != NULL) && (obss != selbs))
+ ieee80211_unref_node(&obss);
++ IEEE80211_VAPS_UNLOCK_BH(ic);
+ ic->ic_bsschan = selbs->ni_chan;
+ ic->ic_curchan = ic->ic_bsschan;
+ ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
+--- a/net80211/ieee80211_input.c
++++ b/net80211/ieee80211_input.c
+@@ -3110,7 +3110,7 @@
+ u_int8_t qosinfo;
+
+ if (ni_or_null == NULL)
+- ni = vap->iv_bss;
++ ni = ieee80211_ref_node(vap->iv_bss);
+
+ wh = (struct ieee80211_frame *) skb->data;
+ frm = (u_int8_t *)&wh[1];
diff --git a/package/madwifi/patches/401-changeset_r3602.patch b/package/madwifi/patches/401-changeset_r3602.patch
index 64780da120..2693d7a368 100644
--- a/package/madwifi/patches/401-changeset_r3602.patch
+++ b/package/madwifi/patches/401-changeset_r3602.patch
@@ -1,6 +1,6 @@
--- a/net80211/ieee80211_linux.h
+++ b/net80211/ieee80211_linux.h
-@@ -353,6 +353,8 @@
+@@ -341,6 +341,8 @@
/* __skb_append got a third parameter in 2.6.14 */
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14)
#define __skb_append(a,b,c) __skb_append(a, b)