net80211 race conditions seen in -HEAD
Adrian Chadd
adrian at freebsd.org
Wed Jan 25 21:47:09 UTC 2012
On 25 January 2012 06:43, PseudoCylon <moonlightakkiy at yahoo.ca> wrote:
> Here is my brain dump.
>
> While ago usb wifi drivers had the slimier issue (race in 80211
> stack). It's worth checking this rev.
> http://svnweb.freebsd.org/base?view=revision&revision=212127
>
> AK
>
Hi,
right, but that isn't at all completely _atomic_. It's quite possible that
the underlying node gets ripped out by thread B whilst the assignment is
happening in thread A.
Once you have that reference you're fine, but I can't see where the
guarantee is that vap->iv_bss is actually going to stay referenced for the
lifecycle of the call _to_ ieee80211_ref_node() (rather than the atomic
increment itself.)
The fundamental trouble there is that the assignment can and does occur
whilst the refcount i
Adrian
More information about the freebsd-wireless
mailing list