projects
/
openwrt
/
svn-archive
/
archive.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
7709998
)
madwifi: fix a noderef problem in the mbss vap cleanup
author
Felix Fietkau
<nbd@openwrt.org>
Mon, 26 Jan 2009 00:27:27 +0000
(
00:27
+0000)
committer
Felix Fietkau
<nbd@openwrt.org>
Mon, 26 Jan 2009 00:27:27 +0000
(
00:27
+0000)
SVN-Revision: 14191
package/madwifi/patches/393-mbss_vap_auth.patch
patch
|
blob
|
history
diff --git
a/package/madwifi/patches/393-mbss_vap_auth.patch
b/package/madwifi/patches/393-mbss_vap_auth.patch
index 48d3df3e1764828dd64dbc1f05fca23fb3fbc298..3b8a5224988e60d2bfb2c32f5afd7a7ce3b92ea5 100644
(file)
--- a/
package/madwifi/patches/393-mbss_vap_auth.patch
+++ b/
package/madwifi/patches/393-mbss_vap_auth.patch
@@
-98,7
+98,7
@@
const u_int8_t *addr;
if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/)
const u_int8_t *addr;
if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/)
-@@ -1426,32 +1475,2
1
@@ ieee80211_find_rxnode(struct ieee80211co
+@@ -1426,32 +1475,2
4
@@ ieee80211_find_rxnode(struct ieee80211co
/* XXX check ic_bss first in station mode */
/* XXX 4-address frames? */
/* XXX check ic_bss first in station mode */
/* XXX 4-address frames? */
@@
-119,8
+119,11
@@
- return NULL;
+ ni = ieee80211_ref_node(avp->iv_wdsnode);
}
- return NULL;
+ ni = ieee80211_ref_node(avp->iv_wdsnode);
}
++ if (!(vap->iv_flags_ext & IEEE80211_FEXT_WDS))
++ return NULL;
++ } else {
++ return NULL;
}
}
-+ return ni;
}
-#ifdef IEEE80211_DEBUG_REFCNT
}
-#ifdef IEEE80211_DEBUG_REFCNT
@@
-137,7
+140,7
@@
}
#ifdef IEEE80211_DEBUG_REFCNT
EXPORT_SYMBOL(ieee80211_find_rxnode_debug);
}
#ifdef IEEE80211_DEBUG_REFCNT
EXPORT_SYMBOL(ieee80211_find_rxnode_debug);
-@@ -1476,15 +151
4
,14 @@ ieee80211_find_txnode(struct ieee80211va
+@@ -1476,15 +151
7
,14 @@ ieee80211_find_txnode(struct ieee80211va
struct ieee80211com *ic = vap->iv_ic;
struct ieee80211_node_table *nt;
struct ieee80211_node *ni = NULL;
struct ieee80211com *ic = vap->iv_ic;
struct ieee80211_node_table *nt;
struct ieee80211_node *ni = NULL;
@@
-154,7
+157,7
@@
/*
* The destination address should be in the node table
/*
* The destination address should be in the node table
-@@ -1502,11 +15
39
,22 @@ ieee80211_find_txnode(struct ieee80211va
+@@ -1502,11 +15
42
,22 @@ ieee80211_find_txnode(struct ieee80211va
/* XXX: Can't hold lock across dup_bss due to recursive locking. */
nt = &vap->iv_ic->ic_sta;
IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
/* XXX: Can't hold lock across dup_bss due to recursive locking. */
nt = &vap->iv_ic->ic_sta;
IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
@@
-179,7
+182,7
@@
IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
if (ni == NULL) {
IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
if (ni == NULL) {
-@@ -1961,13 +20
09
,29 @@ remove_worse_nodes(void *arg, struct iee
+@@ -1961,13 +20
12
,29 @@ remove_worse_nodes(void *arg, struct iee
}
}
}
}
@@
-211,19
+214,29
@@
--- a/net80211/ieee80211_input.c
+++ b/net80211/ieee80211_input.c
--- a/net80211/ieee80211_input.c
+++ b/net80211/ieee80211_input.c
-@@ -227,15 +227,22 @@ ieee80211_input(struct ieee80211vap * va
- if (!dev)
- goto out;
+@@ -216,16 +216,14 @@ ieee80211_input(struct ieee80211vap * va
-+ if ((vap->iv_dev->flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING))
-+ goto out;
-+
-+ if (!vap->iv_bss)
-+ goto out;
+ type = -1; /* undefined */
+
+- if (!vap)
+- goto out;
++ if (!vap || !vap->iv_bss || !vap->iv_dev || !vap->iv_ic)
++ goto discard;
+
+ ic = vap->iv_ic;
+- if (!ic)
+- goto out;
+-
+ dev = vap->iv_dev;
+- if (!dev)
+- goto out;
+
+
++ if ((vap->iv_dev->flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING))
++ goto discard;
+
/* initialize ni as in the previous API */
if (ni_or_null == NULL) {
/* initialize ni as in the previous API */
if (ni_or_null == NULL) {
- /* This function does not 'own' vap->iv_bss, so we cannot
+@@ -233,9 +231,10 @@ ieee80211_input(struct ieee80211vap * va
* guarantee its existence during the following call, hence
* briefly grab our own reference. */
ni = ieee80211_ref_node(vap->iv_bss);
* guarantee its existence during the following call, hence
* briefly grab our own reference. */
ni = ieee80211_ref_node(vap->iv_bss);
@@
-236,7
+249,21
@@
KASSERT(skb->len >= sizeof(struct ieee80211_frame_min),
("frame length too short: %u", skb->len));
KASSERT(skb->len >= sizeof(struct ieee80211_frame_min),
("frame length too short: %u", skb->len));
-@@ -933,16 +940,23 @@ int
+@@ -848,10 +847,11 @@ ieee80211_input(struct ieee80211vap * va
+ err:
+ vap->iv_devstats.rx_errors++;
+ out:
+- if (skb != NULL)
+- ieee80211_dev_kfree_skb(&skb);
+ if (ni_or_null == NULL)
+ ieee80211_unref_node(&ni);
++discard:
++ if (skb != NULL)
++ ieee80211_dev_kfree_skb(&skb);
+ return type;
+ #undef HAS_SEQ
+ }
+@@ -933,16 +933,23 @@ int
ieee80211_input_all(struct ieee80211com *ic,
struct sk_buff *skb, int rssi, u_int64_t rtsf)
{
ieee80211_input_all(struct ieee80211com *ic,
struct sk_buff *skb, int rssi, u_int64_t rtsf)
{
@@
-260,7
+287,7
@@
if (TAILQ_NEXT(vap, iv_next) != NULL) {
skb1 = skb_copy(skb, GFP_ATOMIC);
if (skb1 == NULL) {
if (TAILQ_NEXT(vap, iv_next) != NULL) {
skb1 = skb_copy(skb, GFP_ATOMIC);
if (skb1 == NULL) {
-@@ -954,8 +96
8
,10 @@ ieee80211_input_all(struct ieee80211com
+@@ -954,8 +96
1
,10 @@ ieee80211_input_all(struct ieee80211com
skb1 = skb;
skb = NULL;
}
skb1 = skb;
skb = NULL;
}
@@
-272,7
+299,7
@@
if (skb != NULL) /* no vaps, reclaim skb */
ieee80211_dev_kfree_skb(&skb);
return type;
if (skb != NULL) /* no vaps, reclaim skb */
ieee80211_dev_kfree_skb(&skb);
return type;
-@@ -1146,11 +11
62
,9 @@ ieee80211_deliver_data(struct ieee80211_
+@@ -1146,11 +11
55
,9 @@ ieee80211_deliver_data(struct ieee80211_
* sending it will not work; just let it be
* delivered normally.
*/
* sending it will not work; just let it be
* delivered normally.
*/