CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	avos <avos@FreeBSD.org>
	Sun, 20 Jan 2019 13:39:18 +0000 (13:39 +0000)
committer	avos <avos@FreeBSD.org>
	Sun, 20 Jan 2019 13:39:18 +0000 (13:39 +0000)
commit	97b3b273d7ac138b701a1fe9d0caeebea50896ad
tree	ba639bb32d9f23e5b70f748a3de33d1b42f4f384	tree \| snapshot
parent	d62871964adb183e9210af66515c8bdd653a6032	commit \| diff

net80211: resolve ioctl <-> detach race for ieee80211com structure

Since r287197 ieee80211com is a part of drivers softc; as a result,
after detach all pointers to it (iv_ic, ni_ic) are invalid. Most
possible users (tasks, interrupt handlers) are blocked / removed
when device is stopped; however, ioctl handlers were not tracked
and may crash if ieee80211com structure is accessed.

Since ieee80211com pointer access from ieee80211vap structure is not
protected by lock (constant after interface creation) and used in
many other places just use reference counting for ioctl handlers;
on detach set 'detached' flag and wait until reference counter goes to 0.

For HEAD ieee80211vap size was changed (__FreeBSD_version bumped);
however, in stable branches I'm going to split / reuse the last
iv_spare field for KBI stability.

Tested with:
- rsu(4), SIOCSIFCAP (-rxcsum) ioctl;
- rtwn_pci(4), SIOCG80211 / IEEE80211_IOC_HTPROTMODE ioctl.

MFC after: 1 week

sys/net80211/ieee80211.c		diff \| blob \| history
sys/net80211/ieee80211_freebsd.c		diff \| blob \| history
sys/net80211/ieee80211_freebsd.h		diff \| blob \| history
sys/net80211/ieee80211_ioctl.c		diff \| blob \| history
sys/net80211/ieee80211_var.h		diff \| blob \| history
sys/sys/param.h		diff \| blob \| history