Author: hselasky
Date: Sat Jun 2 09:10:51 2012
New Revision: 236439
URL: http://svn.freebsd.org/changeset/base/236439
Log:
Add appropriate checks for ic_bsschan being set to IEEE80211_CHAN_ANYC in
some of the USB WLAN drivers. This fixes a panic when using monitor mode.
MFC after: 1 week
Submitted by: PseudoCylon
Modified:
head/sys/dev/usb/wlan/if_rum.c
head/sys/dev/usb/wlan/if_run.c
head/sys/dev/usb/wlan/if_ural.c
Modified: head/sys/dev/usb/wlan/if_rum.c
==============================================================================
--- head/sys/dev/usb/wlan/if_rum.c Sat Jun 2 08:47:26 2012
(r236438)
+++ head/sys/dev/usb/wlan/if_rum.c Sat Jun 2 09:10:51 2012
(r236439)
@@ -726,6 +726,12 @@ rum_newstate(struct ieee80211vap *vap, e
ni = ieee80211_ref_node(vap->iv_bss);
if (vap->iv_opmode != IEEE80211_M_MONITOR) {
+ if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+ RUM_UNLOCK(sc);
+ IEEE80211_LOCK(ic);
+ ieee80211_free_node(ni);
+ return (-1);
+ }
rum_update_slot(ic->ic_ifp);
rum_enable_mrr(sc);
rum_set_txpreamble(sc);
@@ -2135,11 +2141,12 @@ rum_prepare_beacon(struct rum_softc *sc,
if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
return;
+ if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
+ return;
m0 = ieee80211_beacon_alloc(vap->iv_bss, &RUM_VAP(vap)->bo);
- if (m0 == NULL) {
+ if (m0 == NULL)
return;
- }
tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_bsschan)];
rum_setup_tx_desc(sc, &desc, RT2573_TX_TIMESTAMP, RT2573_TX_HWSEQ,
Modified: head/sys/dev/usb/wlan/if_run.c
==============================================================================
--- head/sys/dev/usb/wlan/if_run.c Sat Jun 2 08:47:26 2012
(r236438)
+++ head/sys/dev/usb/wlan/if_run.c Sat Jun 2 09:10:51 2012
(r236439)
@@ -1830,6 +1830,11 @@ run_newstate(struct ieee80211vap *vap, e
if (vap->iv_opmode != IEEE80211_M_MONITOR) {
struct ieee80211_node *ni;
+ if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+ RUN_UNLOCK(sc);
+ IEEE80211_LOCK(ic);
+ return (-1);
+ }
run_updateslot(ic->ic_ifp);
run_enable_mrr(sc);
run_set_txpreamble(sc);
@@ -2523,8 +2528,8 @@ run_rx_frame(struct run_softc *sc, struc
struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
tap->wr_flags = 0;
- tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq);
- tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags);
+ tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
+ tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
tap->wr_antsignal = rssi;
tap->wr_antenna = ant;
tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
@@ -2778,8 +2783,8 @@ tr_setup:
tap->wt_flags = 0;
tap->wt_rate = rt2860_rates[data->ridx].rate;
- tap->wt_chan_freq =
htole16(vap->iv_bss->ni_chan->ic_freq);
- tap->wt_chan_flags =
htole16(vap->iv_bss->ni_chan->ic_flags);
+ tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
+ tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
tap->wt_hwqueue = index;
if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
@@ -3967,6 +3972,8 @@ run_update_beacon_cb(void *arg)
if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
return;
+ if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
+ return;
/*
* No need to call ieee80211_beacon_update(), run_update_beacon()
Modified: head/sys/dev/usb/wlan/if_ural.c
==============================================================================
--- head/sys/dev/usb/wlan/if_ural.c Sat Jun 2 08:47:26 2012
(r236438)
+++ head/sys/dev/usb/wlan/if_ural.c Sat Jun 2 09:10:51 2012
(r236439)
@@ -713,6 +713,12 @@ ural_newstate(struct ieee80211vap *vap,
ni = ieee80211_ref_node(vap->iv_bss);
if (vap->iv_opmode != IEEE80211_M_MONITOR) {
+ if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+ RAL_UNLOCK(sc);
+ IEEE80211_LOCK(ic);
+ ieee80211_free_node(ni);
+ return (-1);
+ }
ural_update_slot(ic->ic_ifp);
ural_set_txpreamble(sc);
ural_set_basicrates(sc, ic->ic_bsschan);
@@ -1054,7 +1060,12 @@ ural_tx_bcn(struct ural_softc *sc, struc
ifp->if_drv_flags |= IFF_DRV_OACTIVE;
m_freem(m0);
ieee80211_free_node(ni);
- return EIO;
+ return (EIO);
+ }
+ if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+ m_freem(m0);
+ ieee80211_free_node(ni);
+ return (ENXIO);
}
data = STAILQ_FIRST(&sc->tx_free);
STAILQ_REMOVE_HEAD(&sc->tx_free, next);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
