diff options
author | sam <sam@FreeBSD.org> | 2007-01-08 18:23:43 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2007-01-08 18:23:43 +0000 |
commit | 12b187d03590cc37d2e30dc8b8e75d1f3128a86b (patch) | |
tree | 16f43e89d59db0da857e97f067440967345c42c3 /sys/net80211/ieee80211_proto.c | |
parent | c4c1a3359ab0fc711ab65651930ac7b11c785272 (diff) | |
download | FreeBSD-src-12b187d03590cc37d2e30dc8b8e75d1f3128a86b.zip FreeBSD-src-12b187d03590cc37d2e30dc8b8e75d1f3128a86b.tar.gz |
Fix potential node refcnt leak. If mbufs are q'd on ic_mgtq when
the state machine clocks to INIT, node references are not reclaimed.
Add a new routine ieee80211_drain_ifq that does this and use it
instead of IF_DRAIN.
Submitted by: Sepherosa Ziehau
Obtained from: DragonFly
MFC after: 1 month
Diffstat (limited to 'sys/net80211/ieee80211_proto.c')
-rw-r--r-- | sys/net80211/ieee80211_proto.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c index 590522f..4fa970b 100644 --- a/sys/net80211/ieee80211_proto.c +++ b/sys/net80211/ieee80211_proto.c @@ -129,7 +129,7 @@ ieee80211_proto_detach(struct ieee80211com *ic) if (ic->ic_auth->ia_detach) ic->ic_auth->ia_detach(ic); - IF_DRAIN(&ic->ic_mgtq); + ieee80211_drain_ifq(&ic->ic_mgtq); mtx_destroy(&ic->ic_mgtq.ifq_mtx); /* @@ -932,7 +932,7 @@ ieee80211_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg default: break; } - goto reset; + break; case IEEE80211_S_ASSOC: switch (ic->ic_opmode) { case IEEE80211_M_STA: @@ -947,16 +947,18 @@ ieee80211_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg default: break; } - goto reset; + break; case IEEE80211_S_SCAN: ieee80211_cancel_scan(ic); - goto reset; + break; case IEEE80211_S_AUTH: - reset: + break; + } + if (ostate != IEEE80211_S_INIT) { + /* NB: optimize INIT -> INIT case */ ic->ic_mgt_timer = 0; - IF_DRAIN(&ic->ic_mgtq); + ieee80211_drain_ifq(&ic->ic_mgtq); ieee80211_reset_bss(ic); - break; } if (ic->ic_auth->ia_detach != NULL) ic->ic_auth->ia_detach(ic); |