net80211 race conditions seen in -HEAD
Bernhard Schmidt
bschmidt at techwires.net
Thu Jan 26 16:35:23 UTC 2012
On Wed, Jan 25, 2012 at 22:47, Adrian Chadd <adrian at freebsd.org> wrote:
> .. whilst the refcount is 1, so ieee80211_ref_node() may not increment the
> counter before it's freed by another thread.
You know, that is an inline function, what "lifetime" are we taking about?
iv_bss has other issues, being overwritten while some task is using it
no matter how high the refcount is is once of those.
--
Bernhard
More information about the freebsd-wireless
mailing list