wlan

Andriy Voskoboinyk Wed, 07 Sep 2016 09:19:55 -0700

Author: avos
Date: Wed Sep  7 16:19:20 2016
New Revision: 305544
URL: https://svnweb.freebsd.org/changeset/base/305544


Log:
  rum: fix possible panic on device detach (similar to r302034).
  
  Tested with WUSB54GC, STA/AP modes.

Modified:
  head/sys/dev/usb/wlan/if_rum.c

Modified: head/sys/dev/usb/wlan/if_rum.c
==============================================================================
--- head/sys/dev/usb/wlan/if_rum.c      Wed Sep  7 16:08:36 2016        
(r305543)
+++ head/sys/dev/usb/wlan/if_rum.c      Wed Sep  7 16:19:20 2016        
(r305544)
@@ -165,6 +165,8 @@ static int          rum_cmd_sleepable(struct rum
                            size_t, uint8_t, CMD_FUNC_PROTO);
 static void            rum_tx_free(struct rum_tx_data *, int);
 static void            rum_setup_tx_list(struct rum_softc *);
+static void            rum_reset_tx_list(struct rum_softc *,
+                           struct ieee80211vap *);
 static void            rum_unsetup_tx_list(struct rum_softc *);
 static void            rum_beacon_miss(struct ieee80211vap *);
 static void            rum_sta_recv_mgmt(struct ieee80211_node *,
@@ -723,12 +725,22 @@ rum_vap_delete(struct ieee80211vap *vap)
 {
        struct rum_vap *rvp = RUM_VAP(vap);
        struct ieee80211com *ic = vap->iv_ic;
+       struct rum_softc *sc = ic->ic_softc;
+
+       /* Put vap into INIT state. */
+       ieee80211_new_state(vap, IEEE80211_S_INIT, -1);
+       ieee80211_draintask(ic, &vap->iv_nstate_task);
+
+       RUM_LOCK(sc);
+       /* Cancel any unfinished Tx. */
+       rum_reset_tx_list(sc, vap);
+       RUM_UNLOCK(sc);
 
-       m_freem(rvp->bcn_mbuf);
        usb_callout_drain(&rvp->ratectl_ch);
        ieee80211_draintask(ic, &rvp->ratectl_task);
        ieee80211_ratectl_deinit(vap);
        ieee80211_vap_detach(vap);
+       m_freem(rvp->bcn_mbuf);
        free(rvp, M_80211_VAP);
 }
 
@@ -816,6 +828,30 @@ rum_setup_tx_list(struct rum_softc *sc)
 }
 
 static void
+rum_reset_tx_list(struct rum_softc *sc, struct ieee80211vap *vap)
+{
+       struct rum_tx_data *data, *tmp;
+
+       KASSERT(vap != NULL, ("%s: vap is NULL\n", __func__));
+
+       STAILQ_FOREACH_SAFE(data, &sc->tx_q, next, tmp) {
+               if (data->ni != NULL && data->ni->ni_vap == vap) {
+                       ieee80211_free_node(data->ni);
+                       data->ni = NULL;
+
+                       KASSERT(data->m != NULL, ("%s: m is NULL\n",
+                           __func__));
+                       m_freem(data->m);
+                       data->m = NULL;
+
+                       STAILQ_REMOVE(&sc->tx_q, data, rum_tx_data, next);
+                       STAILQ_INSERT_TAIL(&sc->tx_free, data, next);
+                       sc->tx_nfree++;
+               }
+       }
+}
+
+static void
 rum_unsetup_tx_list(struct rum_softc *sc)
 {
        struct rum_tx_data *data;
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

svn commit: r305544 - head/sys/dev/usb/wlan

Reply via email to