From 9d9d3e6003bbc132c6ea5089cf960ea566d26e9f Mon Sep 17 00:00:00 2001 From: adrian Date: Fri, 2 Mar 2012 02:57:10 +0000 Subject: Wrap the scan code state change stuff behind ATH_LOCK and the PCU fiddling behind the PCU lock. sc_scanning is being checked without ATH_LOCK behind held and could in theory run from multiple threads. --- sys/dev/ath/if_ath.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'sys/dev/ath/if_ath.c') diff --git a/sys/dev/ath/if_ath.c b/sys/dev/ath/if_ath.c index c6556cb..1b02f6a 100644 --- a/sys/dev/ath/if_ath.c +++ b/sys/dev/ath/if_ath.c @@ -5637,11 +5637,16 @@ ath_scan_start(struct ieee80211com *ic) /* XXX calibration timer? */ + ATH_LOCK(sc); sc->sc_scanning = 1; sc->sc_syncbeacon = 0; rfilt = ath_calcrxfilter(sc); + ATH_UNLOCK(sc); + + ATH_PCU_LOCK(sc); ath_hal_setrxfilter(ah, rfilt); ath_hal_setassocid(ah, ifp->if_broadcastaddr, 0); + ATH_PCU_UNLOCK(sc); DPRINTF(sc, ATH_DEBUG_STATE, "%s: RX filter 0x%x bssid %s aid 0\n", __func__, rfilt, ether_sprintf(ifp->if_broadcastaddr)); @@ -5655,12 +5660,17 @@ ath_scan_end(struct ieee80211com *ic) struct ath_hal *ah = sc->sc_ah; u_int32_t rfilt; + ATH_LOCK(sc); sc->sc_scanning = 0; rfilt = ath_calcrxfilter(sc); + ATH_UNLOCK(sc); + + ATH_PCU_LOCK(sc); ath_hal_setrxfilter(ah, rfilt); ath_hal_setassocid(ah, sc->sc_curbssid, sc->sc_curaid); ath_hal_process_noisefloor(ah); + ATH_PCU_UNLOCK(sc); DPRINTF(sc, ATH_DEBUG_STATE, "%s: RX filter 0x%x bssid %s aid 0x%x\n", __func__, rfilt, ether_sprintf(sc->sc_curbssid), -- cgit v1.1