svn commit: r236439 - head/sys/dev/usb/wlan

Hans Petter Selasky hselasky at FreeBSD.org
Sat Jun 2 09:10:52 UTC 2012 

Author: hselasky
Date: Sat Jun  2 09:10:51 2012
New Revision: 236439
URL: http://svn.freebsd.org/changeset/base/236439

Log:
  Add appropriate checks for ic_bsschan being set to IEEE80211_CHAN_ANYC in
  some of the USB WLAN drivers. This fixes a panic when using monitor mode.
  
  MFC after:	1 week
  Submitted by:	PseudoCylon

Modified:
  head/sys/dev/usb/wlan/if_rum.c
  head/sys/dev/usb/wlan/if_run.c
  head/sys/dev/usb/wlan/if_ural.c

Modified: head/sys/dev/usb/wlan/if_rum.c
==============================================================================
--- head/sys/dev/usb/wlan/if_rum.c	Sat Jun  2 08:47:26 2012	(r236438)
+++ head/sys/dev/usb/wlan/if_rum.c	Sat Jun  2 09:10:51 2012	(r236439)
@@ -726,6 +726,12 @@ rum_newstate(struct ieee80211vap *vap, e
 		ni = ieee80211_ref_node(vap->iv_bss);
 
 		if (vap->iv_opmode != IEEE80211_M_MONITOR) {
+			if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+				RUM_UNLOCK(sc);
+				IEEE80211_LOCK(ic);
+				ieee80211_free_node(ni);
+				return (-1);
+			}
 			rum_update_slot(ic->ic_ifp);
 			rum_enable_mrr(sc);
 			rum_set_txpreamble(sc);
@@ -2135,11 +2141,12 @@ rum_prepare_beacon(struct rum_softc *sc,
 
 	if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
 		return;
+	if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
+		return;
 
 	m0 = ieee80211_beacon_alloc(vap->iv_bss, &RUM_VAP(vap)->bo);
-	if (m0 == NULL) {
+	if (m0 == NULL)
 		return;
-	}
 
 	tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_bsschan)];
 	rum_setup_tx_desc(sc, &desc, RT2573_TX_TIMESTAMP, RT2573_TX_HWSEQ,

Modified: head/sys/dev/usb/wlan/if_run.c
==============================================================================
--- head/sys/dev/usb/wlan/if_run.c	Sat Jun  2 08:47:26 2012	(r236438)
+++ head/sys/dev/usb/wlan/if_run.c	Sat Jun  2 09:10:51 2012	(r236439)
@@ -1830,6 +1830,11 @@ run_newstate(struct ieee80211vap *vap, e
 		if (vap->iv_opmode != IEEE80211_M_MONITOR) {
 			struct ieee80211_node *ni;
 
+			if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+				RUN_UNLOCK(sc);
+				IEEE80211_LOCK(ic);
+				return (-1);
+			}
 			run_updateslot(ic->ic_ifp);
 			run_enable_mrr(sc);
 			run_set_txpreamble(sc);
@@ -2523,8 +2528,8 @@ run_rx_frame(struct run_softc *sc, struc
 		struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
 
 		tap->wr_flags = 0;
-		tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq);
-		tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags);
+		tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
+		tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
 		tap->wr_antsignal = rssi;
 		tap->wr_antenna = ant;
 		tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
@@ -2778,8 +2783,8 @@ tr_setup:
 
 			tap->wt_flags = 0;
 			tap->wt_rate = rt2860_rates[data->ridx].rate;
-			tap->wt_chan_freq = htole16(vap->iv_bss->ni_chan->ic_freq);
-			tap->wt_chan_flags = htole16(vap->iv_bss->ni_chan->ic_flags);
+			tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
+			tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
 			tap->wt_hwqueue = index;
 			if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
 				tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
@@ -3967,6 +3972,8 @@ run_update_beacon_cb(void *arg)
 
 	if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
 		return;
+	if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
+		return;
 
 	/*
 	 * No need to call ieee80211_beacon_update(), run_update_beacon()

Modified: head/sys/dev/usb/wlan/if_ural.c
==============================================================================
--- head/sys/dev/usb/wlan/if_ural.c	Sat Jun  2 08:47:26 2012	(r236438)
+++ head/sys/dev/usb/wlan/if_ural.c	Sat Jun  2 09:10:51 2012	(r236439)
@@ -713,6 +713,12 @@ ural_newstate(struct ieee80211vap *vap, 
 		ni = ieee80211_ref_node(vap->iv_bss);
 
 		if (vap->iv_opmode != IEEE80211_M_MONITOR) {
+			if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+				RAL_UNLOCK(sc);
+				IEEE80211_LOCK(ic);
+				ieee80211_free_node(ni);
+				return (-1);
+			}
 			ural_update_slot(ic->ic_ifp);
 			ural_set_txpreamble(sc);
 			ural_set_basicrates(sc, ic->ic_bsschan);
@@ -1054,7 +1060,12 @@ ural_tx_bcn(struct ural_softc *sc, struc
 		ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 		m_freem(m0);
 		ieee80211_free_node(ni);
-		return EIO;
+		return (EIO);
+	}
+	if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
+		m_freem(m0);
+		ieee80211_free_node(ni);
+		return (ENXIO);
 	}
 	data = STAILQ_FIRST(&sc->tx_free);
 	STAILQ_REMOVE_HEAD(&sc->tx_free, next);

More information about the svn-src-head mailing list