diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2024-01-19 14:52:03 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2024-02-19 16:07:13 +0000 |
| commit | eecf453c0e56c179539756212977456c9561c71c (patch) | |
| tree | 8502d21ebb65af752ab6b9a3419fedee047d40ad | |
| parent | f7c8d5448446a470baaca560f91c884e5ceeecc7 (diff) | |
| download | src-eecf453c0e56c179539756212977456c9561c71c.tar.gz src-eecf453c0e56c179539756212977456c9561c71c.zip | |
net80211: make sure calls to (*iv_update_bss)() are locked
It turned out thare various calls into (*iv_update_bss)(), that is
direct changes to vap->iv_bss in the old days, happened without
synchronisation.
Use locking assertions to document the requirement or status quo
at some callers given ic locking will eventually have to be dealt
with.
Approved by: re (cperciva)
Reviewed by: cc
Differential Revision: https://reviews.freebsd.org/D43512
(cherry picked from commit 49619f73151aeaca4cef5adf631253da04a46e19)
(cherry picked from commit f8ec0379435745d800ec149f9289401c792e61bb)
| -rw-r--r-- | sys/net80211/ieee80211_node.c | 15 | ||||
| -rw-r--r-- | sys/net80211/ieee80211_proto.c | 2 |
2 files changed, 17 insertions, 0 deletions
diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c index 0f0ecf37fe94..c851d83d8d47 100644 --- a/sys/net80211/ieee80211_node.c +++ b/sys/net80211/ieee80211_node.c @@ -171,6 +171,10 @@ ieee80211_node_vattach(struct ieee80211vap *vap) void ieee80211_node_latevattach(struct ieee80211vap *vap) { + + /* XXX should ieee80211_vap_attach(), our only caller hold the lock? */ + IEEE80211_UNLOCK_ASSERT(vap->iv_ic); + if (vap->iv_opmode == IEEE80211_M_HOSTAP) { /* XXX should we allow max aid to be zero? */ if (vap->iv_max_aid < IEEE80211_AID_MIN) { @@ -191,7 +195,9 @@ ieee80211_node_latevattach(struct ieee80211vap *vap) } } + IEEE80211_LOCK(vap->iv_ic); ieee80211_reset_bss(vap); + IEEE80211_UNLOCK(vap->iv_ic); vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); } @@ -201,11 +207,16 @@ ieee80211_node_vdetach(struct ieee80211vap *vap) { struct ieee80211com *ic = vap->iv_ic; + /* XXX should ieee80211_vap_detach(), our only caller hold the lock? */ + IEEE80211_UNLOCK_ASSERT(vap->iv_ic); + ieee80211_node_table_reset(&ic->ic_sta, vap); + IEEE80211_LOCK(ic); if (vap->iv_bss != NULL) { ieee80211_free_node(vap->iv_bss); vap->iv_update_bss(vap, NULL); } + IEEE80211_UNLOCK(ic); if (vap->iv_aid_bitmap != NULL) { IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE); vap->iv_aid_bitmap = NULL; @@ -455,6 +466,8 @@ ieee80211_reset_bss(struct ieee80211vap *vap) struct ieee80211com *ic = vap->iv_ic; struct ieee80211_node *ni, *obss; + IEEE80211_LOCK_ASSERT(ic); + ieee80211_node_table_reset(&ic->ic_sta, vap); /* XXX multi-bss: wrong */ ieee80211_vap_reset_erp(vap); @@ -854,7 +867,9 @@ ieee80211_sta_join1(struct ieee80211_node *selbs) /* * Committed to selbs, setup state. */ + IEEE80211_LOCK(ic); /* XXX may recurse here, check callers. */ obss = vap->iv_update_bss(vap, selbs); /* NB: caller assumed to bump refcnt */ + IEEE80211_UNLOCK(ic); /* * Check if old+new node have the same address in which * case we can reassociate when operating in sta mode. diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c index cf467c08462c..5ed9f2e3f50e 100644 --- a/sys/net80211/ieee80211_proto.c +++ b/sys/net80211/ieee80211_proto.c @@ -830,6 +830,8 @@ vap_update_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) { struct ieee80211_node *obss; + IEEE80211_LOCK_ASSERT(vap->iv_ic); + obss = vap->iv_bss; vap->iv_bss = ni; |