From nobody@FreeBSD.org  Mon Jul 23 22:27:59 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 777CC106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 23 Jul 2012 22:27:59 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 49D4D8FC16
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 23 Jul 2012 22:27:59 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q6NMRxMr014710
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 23 Jul 2012 22:27:59 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q6NMRxWG014709;
	Mon, 23 Jul 2012 22:27:59 GMT
	(envelope-from nobody)
Message-Id: <201207232227.q6NMRxWG014709@red.freebsd.org>
Date: Mon, 23 Jul 2012 22:27:59 GMT
From: Kim Culhan <w8hdkim@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: virtual access points with Atheros ath driver
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         170098
>Category:       kern
>Synopsis:       [ath] [net80211] VAPs (Virtual access points) with Atheros ath driver
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-wireless
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 23 22:30:12 UTC 2012
>Closed-Date:    
>Last-Modified:  Thu Aug 16 01:00:20 UTC 2012
>Originator:     Kim Culhan
>Release:        10-current
>Organization:
>Environment:
FreeBSD foo.bar.com 10.0-CURRENT FreeBSD 10.0-CURRENT #3 r238721M: Mon Jul 23 16:31:48 EDT 2012     felix@foo.bar.com:/usr/obj/usr/src/sys/foo  amd64
>Description:
At this time the maximum number of VAPs is 4, and the VAPs may be configured
for any combination of OPEN access and WPA2 controlled access/encrypted.

A configuration in /etc/rc.conf for 4 VAPs, 1 OPEN and 3 WPA2 could look like:

wlans_ath0="wlan0 wlan1 wlan2 wlan3"
ifconfig_wlan0="channel 6 ssid ap1"
ifconfig_wlan1="channel 6 ssid ap2"
ifconfig_wlan2="channel 6 ssid ap3"
ifconfig_wlan3="channel 6 ssid ap4"
create_args_wlan0="wlanmode hostap wlanaddr f8:d1:11:38:3c:e5"
create_args_wlan1="wlanmode hostap wlanaddr fa:d1:11:38:3c:e5"
create_args_wlan2="wlanmode hostap wlanaddr fc:d1:11:38:3c:e5"
create_args_wlan3="wlanmode hostap wlanaddr fe:d1:11:38:3c:e5"
hostapd1_enable="YES"
hostapd2_enable="YES"
hostapd3_enable="YES"

VAPs operating in WPA2 encrypted mode will require an instance of
hostapd with it's associated configuration file: hostapd1.conf 

interface=wlan1
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
dump_file=/tmp/hostapd1.dump
ctrl_interface=/var/run/hostapd1
ctrl_interface_group=wheel
ssid=ap2
ieee8021x=0
wpa=2
wpa_passphrase=supersecret
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP

For the other instances of hostapd, substitute the numbering for
interface, dump_file and ctrl_interface and ssid for each of
hostapd1.conf, hostapd2.conf etc.

>How-To-Repeat:
How to repeat the problem:

When the BSSID and MAC address and duplicated among VAPs the client machine
may not display some SSID's and and will be unable to connect to many of
the SSID's which are visible.

Recently is has been noted this situation appears to exacerbate problems with
ieee80211 Lock Order Reversal, although LOR's are still observed even
when there are no BSSID/MAC duplicates.

>Fix:


>Release-Note:
>Audit-Trail:
Class-Changed-From-To: doc-bug->sw-bug 
Class-Changed-By: adrian 
Class-Changed-When: Mon Jul 23 22:59:09 UTC 2012 
Class-Changed-Why:  
This is partially a docs and partially a kern problem. 



Responsible-Changed-From-To: freebsd-bugs->freebsd-wireless 
Responsible-Changed-By: adrian 
Responsible-Changed-When: Mon Jul 23 22:59:09 UTC 2012 
Responsible-Changed-Why:  
This is partially a docs and partially a kern problem. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=170098 

From: Kim Culhan <w8hdkim@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org
Cc:  
Subject: Re: conf/170098: virtual access points with Atheros ath driver
Date: Tue, 14 Aug 2012 19:55:11 -0400

 --14dae9cfcdf07b278c04c7428a2b
 Content-Type: text/plain; charset=ISO-8859-1
 
 This has been fixed by the attached 2 patches, which are applied
 to -HEAD in order.
 
 Thanks muchly to PseudoCylon for his work, this has taken a while
 but the difficult solutions are that way.
 
 thanks
 
 -kim
 
 --14dae9cfcdf07b278c04c7428a2b
 Content-Type: application/octet-stream; name="addon.patch"
 Content-Disposition: attachment; filename="addon.patch"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_h5vncnol0
 
 ZGlmZiAtLWdpdCBhL2llZWU4MDIxMV9ub2RlLmMgYi9pZWVlODAyMTFfbm9kZS5jCmluZGV4IGE2
 MDljYjEuLmExNWZjOTEgMTAwNjQ0Ci0tLSBhL2llZWU4MDIxMV9ub2RlLmMKKysrIGIvaWVlZTgw
 MjExX25vZGUuYwpAQCAtMjE2MCwxOCArMjE2MCwxOSBAQCBpZWVlODAyMTFfbm9kZV90aW1lb3V0
 KHZvaWQgKmFyZykKICAqIE1heSBkaXJlY3RseSBiZSBjYWxsZWQgYW5kIGRvIGN1c3RvbWl6ZWQg
 aXRlcmF0ZSBmdW5jdGlvbnMuCiAgKiBPbmx5IHJlcXVpcmVtZW50IGlzIHRvIGRlY3JlbWVudCBl
 YWNoIG5vZGUncyByZWYgY291bnQuCiAgKi8KLXZvaWQKK2ludAogaWVlZTgwMjExX2l0ZXJhdGVf
 bnQoc3RydWN0IGllZWU4MDIxMV9ub2RlX3RhYmxlICpudCwKICAgICBzdHJ1Y3QgaWVlZTgwMjEx
 X25vZGUgKipuaV9hcnIsIHVpbnQxNl90IG1heF9haWQpCiB7CiAJc3RydWN0IGllZWU4MDIxMV9u
 b2RlICpuaTsKIAl1X2ludCBnZW47Ci0JaW50IGkgPSAwOworCWludCBpLCByZXQ7CiAKIAlJRUVF
 ODAyMTFfTk9ERV9JVEVSQVRFX0xPQ0sobnQpOwogCUlFRUU4MDIxMV9OT0RFX0xPQ0sobnQpOwog
 CiAJZ2VuID0gKytudC0+bnRfc2NhbmdlbjsKKwlpID0gcmV0ID0gMDsKIAogcmVzdGFydDoKIAlU
 QUlMUV9GT1JFQUNIKG5pLCAmbnQtPm50X25vZGUsIG5pX2xpc3QpIHsKQEAgLTIxNzksNiArMjE4
 MCw3IEBAIHJlc3RhcnQ6CiAJCQljb250aW51ZTsKIAogCQlpZiAoaSA+PSBtYXhfYWlkKSB7CisJ
 CQlyZXQgPSBFMkJJRzsKIAkJCWlmX3ByaW50ZihudC0+bnRfaWMtPmljX2lmcCwKIAkJCSAgICAi
 Tm9kZSBhcnJheSBvdmVyZmxvdzogbWF4PSV1IiwgbWF4X2FpZCk7CiAJCQlicmVhazsKQEAgLTIx
 ODksOCArMjE5MSwyMSBAQCByZXN0YXJ0OgogCQlnb3RvIHJlc3RhcnQ7CiAJfQogCisJaWYgKHJl
 dCkgeworCQludC0+bnRfc2Nhbmdlbi0tOworCQlmb3IgKGkgPSAwOyBpIDwgbWF4X2FpZDsgaSsr
 KSB7CisJCQluaSA9ICoobmlfYXJyICsgaSk7CisJCQluaS0+bmlfc2Nhbmdlbi0tOworCQkJLyog
 bm9kZSBsb2NrIGlzIHJlY3Vyc2l2ZSAqLworCQkJaWVlZTgwMjExX2ZyZWVfbm9kZShuaSk7CisJ
 CX0KKwkJZnJlZShuaV9hcnIsIE1fODAyMTFfTk9ERSk7CisJfQorCiAJSUVFRTgwMjExX05PREVf
 VU5MT0NLKG50KTsKIAlJRUVFODAyMTFfTk9ERV9JVEVSQVRFX1VOTE9DSyhudCk7CisKKwlyZXR1
 cm4gKHJldCk7CiB9CiAKIC8qCkBAIC0yMjE0LDcgKzIyMjksOCBAQCBpZWVlODAyMTFfaXRlcmF0
 ZV9ub2RlcyhzdHJ1Y3QgaWVlZTgwMjExX25vZGVfdGFibGUgKm50LAogCWlmIChuaV9hcnIgPT0g
 TlVMTCkKIAkJcmV0dXJuOwogCi0JaWVlZTgwMjExX2l0ZXJhdGVfbnQobnQsIG5pX2FyciwgbWF4
 X2FpZCk7CisJaWYgKCFpZWVlODAyMTFfaXRlcmF0ZV9udChudCwgbmlfYXJyLCBtYXhfYWlkKSkK
 KwkJcmV0dXJuOwogCiAJZm9yIChpID0gMDsgaSA8IG1heF9haWQ7IGkrKykgewogCQluaSA9ICoo
 bmlfYXJyICsgaSk7CmRpZmYgLS1naXQgYS9pZWVlODAyMTFfbm9kZS5oIGIvaWVlZTgwMjExX25v
 ZGUuaAppbmRleCAxZmJjODkyLi40OGVhZTJkIDEwMDY0NAotLS0gYS9pZWVlODAyMTFfbm9kZS5o
 CisrKyBiL2llZWU4MDIxMV9ub2RlLmgKQEAgLTQzOCw3ICs0MzgsNyBAQCBpbnQJaWVlZTgwMjEx
 X25vZGVfZGVsdWNhc3RrZXkoc3RydWN0IGllZWU4MDIxMV9ub2RlICopOwogdm9pZAlpZWVlODAy
 MTFfbm9kZV90aW1lb3V0KHZvaWQgKmFyZyk7CiAKIHR5cGVkZWYgdm9pZCBpZWVlODAyMTFfaXRl
 cl9mdW5jKHZvaWQgKiwgc3RydWN0IGllZWU4MDIxMV9ub2RlICopOwotdm9pZAlpZWVlODAyMTFf
 aXRlcmF0ZV9udChzdHJ1Y3QgaWVlZTgwMjExX25vZGVfdGFibGUgKiwKK2ludAlpZWVlODAyMTFf
 aXRlcmF0ZV9udChzdHJ1Y3QgaWVlZTgwMjExX25vZGVfdGFibGUgKiwKIAkJc3RydWN0IGllZWU4
 MDIxMV9ub2RlICoqLCB1aW50MTZfdCk7CiB2b2lkCWllZWU4MDIxMV9pdGVyYXRlX25vZGVzKHN0
 cnVjdCBpZWVlODAyMTFfbm9kZV90YWJsZSAqLAogCQlpZWVlODAyMTFfaXRlcl9mdW5jICosIHZv
 aWQgKik7Cg==
 --14dae9cfcdf07b278c04c7428a2b
 Content-Type: application/octet-stream; name="iter.patch"
 Content-Disposition: attachment; filename="iter.patch"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_h5vnd44i1
 
 ZGlmZiAtLWdpdCBhL2llZWU4MDIxMV9ub2RlLmMgYi9pZWVlODAyMTFfbm9kZS5jCmluZGV4IDg2
 MWZhODUuLmE2MDljYjEgMTAwNjQ0Ci0tLSBhL2llZWU4MDIxMV9ub2RlLmMKKysrIGIvaWVlZTgw
 MjExX25vZGUuYwpAQCAtMjE1NiwzMiArMjE1Niw3OSBAQCBpZWVlODAyMTFfbm9kZV90aW1lb3V0
 KHZvaWQgKmFyZykKIAkJaWVlZTgwMjExX25vZGVfdGltZW91dCwgaWMpOwogfQogCisvKgorICog
 TWF5IGRpcmVjdGx5IGJlIGNhbGxlZCBhbmQgZG8gY3VzdG9taXplZCBpdGVyYXRlIGZ1bmN0aW9u
 cy4KKyAqIE9ubHkgcmVxdWlyZW1lbnQgaXMgdG8gZGVjcmVtZW50IGVhY2ggbm9kZSdzIHJlZiBj
 b3VudC4KKyAqLwogdm9pZAotaWVlZTgwMjExX2l0ZXJhdGVfbm9kZXMoc3RydWN0IGllZWU4MDIx
 MV9ub2RlX3RhYmxlICpudCwKLQlpZWVlODAyMTFfaXRlcl9mdW5jICpmLCB2b2lkICphcmcpCitp
 ZWVlODAyMTFfaXRlcmF0ZV9udChzdHJ1Y3QgaWVlZTgwMjExX25vZGVfdGFibGUgKm50LAorICAg
 IHN0cnVjdCBpZWVlODAyMTFfbm9kZSAqKm5pX2FyciwgdWludDE2X3QgbWF4X2FpZCkKIHsKIAlz
 dHJ1Y3QgaWVlZTgwMjExX25vZGUgKm5pOwogCXVfaW50IGdlbjsKKwlpbnQgaSA9IDA7CiAKIAlJ
 RUVFODAyMTFfTk9ERV9JVEVSQVRFX0xPQ0sobnQpOworCUlFRUU4MDIxMV9OT0RFX0xPQ0sobnQp
 OworCiAJZ2VuID0gKytudC0+bnRfc2NhbmdlbjsKKwogcmVzdGFydDoKLQlJRUVFODAyMTFfTk9E
 RV9MT0NLKG50KTsKIAlUQUlMUV9GT1JFQUNIKG5pLCAmbnQtPm50X25vZGUsIG5pX2xpc3QpIHsK
 LQkJaWYgKG5pLT5uaV9zY2FuZ2VuICE9IGdlbikgewotCQkJbmktPm5pX3NjYW5nZW4gPSBnZW47
 Ci0JCQkodm9pZCkgaWVlZTgwMjExX3JlZl9ub2RlKG5pKTsKLQkJCUlFRUU4MDIxMV9OT0RFX1VO
 TE9DSyhudCk7Ci0JCQkoKmYpKGFyZywgbmkpOwotCQkJaWVlZTgwMjExX2ZyZWVfbm9kZShuaSk7
 Ci0JCQlnb3RvIHJlc3RhcnQ7CisJCWlmIChuaS0+bmlfc2NhbmdlbiA9PSBnZW4pCisJCQljb250
 aW51ZTsKKworCQlpZiAoaSA+PSBtYXhfYWlkKSB7CisJCQlpZl9wcmludGYobnQtPm50X2ljLT5p
 Y19pZnAsCisJCQkgICAgIk5vZGUgYXJyYXkgb3ZlcmZsb3c6IG1heD0ldSIsIG1heF9haWQpOwor
 CQkJYnJlYWs7CiAJCX0KKworCQluaS0+bmlfc2NhbmdlbiA9IGdlbjsKKwkJKCoobmlfYXJyICsg
 aSsrKSkgPSBpZWVlODAyMTFfcmVmX25vZGUobmkpOworCQlnb3RvIHJlc3RhcnQ7CiAJfQotCUlF
 RUU4MDIxMV9OT0RFX1VOTE9DSyhudCk7CiAKKwlJRUVFODAyMTFfTk9ERV9VTkxPQ0sobnQpOwog
 CUlFRUU4MDIxMV9OT0RFX0lURVJBVEVfVU5MT0NLKG50KTsKIH0KIAorLyoKKyAqIEp1c3QgYSB3
 cmFwcGVyLCBzbyB3ZSBkb24ndCBoYXZlIHRvIGNoYW5nZSBldmVyeSBpZWVlODAyMTFfaXRlcmF0
 ZV9ub2RlcygpCisgKiByZWZlcmVuY2UgaW4gdGhlIHNvdXJjZS4KKyAqLwordm9pZAoraWVlZTgw
 MjExX2l0ZXJhdGVfbm9kZXMoc3RydWN0IGllZWU4MDIxMV9ub2RlX3RhYmxlICpudCwKKwlpZWVl
 ODAyMTFfaXRlcl9mdW5jICpmLCB2b2lkICphcmcpCit7CisJc3RydWN0IGllZWU4MDIxMV9ub2Rl
 ICoqbmlfYXJyOworCXN0cnVjdCBpZWVlODAyMTFfbm9kZSAqbmk7CisJdW5zaWduZWQgbG9uZyBz
 aXplOworCWludCBpOworCXVpbnQxNl90IG1heF9haWQ7CisKKwltYXhfYWlkID0gVEFJTFFfRklS
 U1QoJm50LT5udF9pYy0+aWNfdmFwcyktPml2X21heF9haWQ7CisJc2l6ZSA9IG1heF9haWQgKiBz
 aXplb2YoKm5pX2Fycik7CisJbmlfYXJyID0gKHN0cnVjdCBpZWVlODAyMTFfbm9kZSAqKiltYWxs
 b2Moc2l6ZSwgTV84MDIxMV9OT0RFLAorCSAgICBNX05PV0FJVCB8IE1fWkVSTyk7CisJaWYgKG5p
 X2FyciA9PSBOVUxMKQorCQlyZXR1cm47CisKKwlpZWVlODAyMTFfaXRlcmF0ZV9udChudCwgbmlf
 YXJyLCBtYXhfYWlkKTsKKworCWZvciAoaSA9IDA7IGkgPCBtYXhfYWlkOyBpKyspIHsKKwkJbmkg
 PSAqKG5pX2FyciArIGkpOworCQlpZiAobmkgPT0gTlVMTCkJLyogZW5kIG9mIHRoZSBsaXN0ICov
 CisJCQlicmVhazsKKworCQkoKmYpKGFyZywgbmkpOworCQkvKiBpZWVlODAyMTFfZnJlZV9ub2Rl
 KCkgbG9ja3MgYnkgaXRzZWxmICovCisJCWllZWU4MDIxMV9mcmVlX25vZGUobmkpOworCX0KKwor
 CWZyZWUobmlfYXJyLCBNXzgwMjExX05PREUpOworfQorCiB2b2lkCiBpZWVlODAyMTFfZHVtcF9u
 b2RlKHN0cnVjdCBpZWVlODAyMTFfbm9kZV90YWJsZSAqbnQsIHN0cnVjdCBpZWVlODAyMTFfbm9k
 ZSAqbmkpCiB7CmRpZmYgLS1naXQgYS9pZWVlODAyMTFfbm9kZS5oIGIvaWVlZTgwMjExX25vZGUu
 aAppbmRleCA4M2IxMDhiLi4xZmJjODkyIDEwMDY0NAotLS0gYS9pZWVlODAyMTFfbm9kZS5oCisr
 KyBiL2llZWU4MDIxMV9ub2RlLmgKQEAgLTQzOCw2ICs0MzgsOCBAQCBpbnQJaWVlZTgwMjExX25v
 ZGVfZGVsdWNhc3RrZXkoc3RydWN0IGllZWU4MDIxMV9ub2RlICopOwogdm9pZAlpZWVlODAyMTFf
 bm9kZV90aW1lb3V0KHZvaWQgKmFyZyk7CiAKIHR5cGVkZWYgdm9pZCBpZWVlODAyMTFfaXRlcl9m
 dW5jKHZvaWQgKiwgc3RydWN0IGllZWU4MDIxMV9ub2RlICopOwordm9pZAlpZWVlODAyMTFfaXRl
 cmF0ZV9udChzdHJ1Y3QgaWVlZTgwMjExX25vZGVfdGFibGUgKiwKKwkJc3RydWN0IGllZWU4MDIx
 MV9ub2RlICoqLCB1aW50MTZfdCk7CiB2b2lkCWllZWU4MDIxMV9pdGVyYXRlX25vZGVzKHN0cnVj
 dCBpZWVlODAyMTFfbm9kZV90YWJsZSAqLAogCQlpZWVlODAyMTFfaXRlcl9mdW5jICosIHZvaWQg
 Kik7CiAK
 --14dae9cfcdf07b278c04c7428a2b--

From: Adrian Chadd <adrian@freebsd.org>
To: Kim Culhan <w8hdkim@gmail.com>, PseudoCylon <moonlightakkiy@yahoo.ca>
Cc: bug-followup@freebsd.org
Subject: Re: conf/170098: virtual access points with Atheros ath driver
Date: Wed, 15 Aug 2012 09:50:53 -0700

 Hi,
 
 I'm just testing out the patch(es) now. The basic spirit of them
 works, but there are some improvements to be made.
 
 * The node generation count doesn't have to be checked. We know the
 node table is locked; the reason the node generation is there is
 because in the older way of doing it, the node table lock is released
 each trip through the loop.
 * 'goto restart' on each successful addition to the node table turns
 an O(n) operation into an O(n^2) operation. That's just plain going to
 suck.
 * It's always good practice to alloc and free memory in the same
 function or module and doing it consistently. The patch allocates it
 in iterate_nodes() but frees it in iterate_nt() if there's an error.
 That kind of inconsistent handling could cause problems.
 * There's no need to decrement the node scan generation on error. It's
 fine the way it is.
 * .. which means if you don't decrement the scangen in each node, you
 can release the node table / node iteration table locks earlier,
 avoiding any LOR with ieee80211_node_free().
 
 I have a replacement patch which I'm currently testing out. I'll push
 it into -HEAD today.
 
 Thanks again to Kim and PseudoCylon for finding and fixing the problem!
 
 
 
 Adrian

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/170098: commit references a PR
Date: Wed, 15 Aug 2012 20:01:39 +0000 (UTC)

 Author: adrian
 Date: Wed Aug 15 20:01:28 2012
 New Revision: 239312
 URL: http://svn.freebsd.org/changeset/base/239312
 
 Log:
   Don't call the node iteration function inside the node table / node
   iterate lock.
   
   This causes LORs and deadlocks as some code paths will have the com lock
   held when calling ieee80211_iterate_nodes().
   
   Here, the comlock isn't held during the node table and node iteration
   locks; and the callback isn't called with any (extra) lock held.
   
   PR:		kern/170098
   Submitted by:	moonlightakkiy@yahoo.ca
   MFC after:	4 weeks
 
 Modified:
   head/sys/net80211/ieee80211_node.c
   head/sys/net80211/ieee80211_node.h
 
 Modified: head/sys/net80211/ieee80211_node.c
 ==============================================================================
 --- head/sys/net80211/ieee80211_node.c	Wed Aug 15 19:59:13 2012	(r239311)
 +++ head/sys/net80211/ieee80211_node.c	Wed Aug 15 20:01:28 2012	(r239312)
 @@ -2156,30 +2156,124 @@ ieee80211_node_timeout(void *arg)
  		ieee80211_node_timeout, ic);
  }
  
 -void
 -ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
 -	ieee80211_iter_func *f, void *arg)
 +/*
 + * Iterate over the node table and return an array of ref'ed nodes.
 + *
 + * This is separated out from calling the actual node function so that
 + * no LORs will occur.
 + *
 + * If there are too many nodes (ie, the number of nodes doesn't fit
 + * within 'max_aid' entries) then the node references will be freed
 + * and an error will be returned.
 + *
 + * The responsibility of allocating and freeing "ni_arr" is up to
 + * the caller.
 + */
 +int
 +ieee80211_iterate_nt(struct ieee80211_node_table *nt,
 +    struct ieee80211_node **ni_arr, uint16_t max_aid)
  {
 -	struct ieee80211_node *ni;
  	u_int gen;
 +	int i, j, ret;
 +	struct ieee80211_node *ni;
  
  	IEEE80211_NODE_ITERATE_LOCK(nt);
 -	gen = ++nt->nt_scangen;
 -restart:
  	IEEE80211_NODE_LOCK(nt);
 +
 +	gen = ++nt->nt_scangen;
 +	i = ret = 0;
 +
 +	/*
 +	 * We simply assume here that since the node
 +	 * scan generation doesn't change (as
 +	 * we are holding both the node table and
 +	 * node table iteration locks), we can simply
 +	 * assign it to the node here.
 +	 */
  	TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
 -		if (ni->ni_scangen != gen) {
 -			ni->ni_scangen = gen;
 -			(void) ieee80211_ref_node(ni);
 -			IEEE80211_NODE_UNLOCK(nt);
 -			(*f)(arg, ni);
 -			ieee80211_free_node(ni);
 -			goto restart;
 +		if (i >= max_aid) {
 +			ret = E2BIG;
 +			if_printf(nt->nt_ic->ic_ifp,
 +			    "Node array overflow: max=%u", max_aid);
 +			break;
  		}
 +		ni_arr[i] = ieee80211_ref_node(ni);
 +		ni_arr[i]->ni_scangen = gen;
 +		i++;
  	}
 -	IEEE80211_NODE_UNLOCK(nt);
  
 +	/*
 +	 * It's safe to unlock here.
 +	 *
 +	 * If we're successful, the list is returned.
 +	 * If we're unsuccessful, the list is ignored
 +	 * and we remove our references.
 +	 *
 +	 * This avoids any potential LOR with
 +	 * ieee80211_free_node().
 +	 */
 +	IEEE80211_NODE_UNLOCK(nt);
  	IEEE80211_NODE_ITERATE_UNLOCK(nt);
 +
 +	/*
 +	 * If ret is non-zero, we hit some kind of error.
 +	 * Rather than walking some nodes, we'll walk none
 +	 * of them.
 +	 */
 +	if (ret) {
 +		for (j = 0; j < i; j++) {
 +			/* ieee80211_free_node() locks by itself */
 +			ieee80211_free_node(ni_arr[j]);
 +		}
 +	}
 +
 +	return (ret);
 +}
 +
 +/*
 + * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes()
 + * reference in the source.
 + *
 + * Note that this fetches 'max_aid' from the first VAP, rather than finding
 + * the largest max_aid from all VAPs.
 + */
 +void
 +ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
 +	ieee80211_iter_func *f, void *arg)
 +{
 +	struct ieee80211_node **ni_arr;
 +	unsigned long size;
 +	int i;
 +	uint16_t max_aid;
 +
 +	max_aid = TAILQ_FIRST(&nt->nt_ic->ic_vaps)->iv_max_aid;
 +	size = max_aid * sizeof(struct ieee80211_node *);
 +	ni_arr = (struct ieee80211_node **) malloc(size, M_80211_NODE,
 +	    M_NOWAIT | M_ZERO);
 +	if (ni_arr == NULL)
 +		return;
 +
 +	/*
 +	 * If this fails, the node table won't have any
 +	 * valid entries - ieee80211_iterate_nt() frees
 +	 * the references to them.  So don't try walking
 +	 * the table; just skip to the end and free the
 +	 * temporary memory.
 +	 */
 +	if (!ieee80211_iterate_nt(nt, ni_arr, max_aid))
 +		goto done;
 +
 +	for (i = 0; i < max_aid; i++) {
 +		if (ni_arr[i] == NULL)	/* end of the list */
 +			break;
 +
 +		(*f)(arg, ni_arr[i]);
 +		/* ieee80211_free_node() locks by itself */
 +		ieee80211_free_node(ni_arr[i]);
 +	}
 +
 +done:
 +	free(ni_arr, M_80211_NODE);
  }
  
  void
 
 Modified: head/sys/net80211/ieee80211_node.h
 ==============================================================================
 --- head/sys/net80211/ieee80211_node.h	Wed Aug 15 19:59:13 2012	(r239311)
 +++ head/sys/net80211/ieee80211_node.h	Wed Aug 15 20:01:28 2012	(r239312)
 @@ -438,6 +438,8 @@ int	ieee80211_node_delucastkey(struct ie
  void	ieee80211_node_timeout(void *arg);
  
  typedef void ieee80211_iter_func(void *, struct ieee80211_node *);
 +int	ieee80211_iterate_nt(struct ieee80211_node_table *,
 +		struct ieee80211_node **, uint16_t);
  void	ieee80211_iterate_nodes(struct ieee80211_node_table *,
  		ieee80211_iter_func *, void *);
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/170098: commit references a PR
Date: Thu, 16 Aug 2012 00:53:40 +0000 (UTC)

 Author: adrian
 Date: Thu Aug 16 00:53:23 2012
 New Revision: 239319
 URL: http://svn.freebsd.org/changeset/base/239319
 
 Log:
   Fix an incorrect comparison.
   
   PR:		kern/170098
 
 Modified:
   head/sys/net80211/ieee80211_node.c
 
 Modified: head/sys/net80211/ieee80211_node.c
 ==============================================================================
 --- head/sys/net80211/ieee80211_node.c	Thu Aug 16 00:51:50 2012	(r239318)
 +++ head/sys/net80211/ieee80211_node.c	Thu Aug 16 00:53:23 2012	(r239319)
 @@ -2242,7 +2242,7 @@ ieee80211_iterate_nodes(struct ieee80211
  	ieee80211_iter_func *f, void *arg)
  {
  	struct ieee80211_node **ni_arr;
 -	unsigned long size;
 +	size_t size;
  	int i;
  	uint16_t max_aid;
  
 @@ -2260,13 +2260,12 @@ ieee80211_iterate_nodes(struct ieee80211
  	 * the table; just skip to the end and free the
  	 * temporary memory.
  	 */
 -	if (!ieee80211_iterate_nt(nt, ni_arr, max_aid))
 +	if (ieee80211_iterate_nt(nt, ni_arr, max_aid) != 0)
  		goto done;
  
  	for (i = 0; i < max_aid; i++) {
  		if (ni_arr[i] == NULL)	/* end of the list */
  			break;
 -
  		(*f)(arg, ni_arr[i]);
  		/* ieee80211_free_node() locks by itself */
  		ieee80211_free_node(ni_arr[i]);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
