Skip to content

Commit ad8f010

Browse files
fichtnerfichtner
committed
ath: prevent panic in ieee80211_beacon_update() #190 
1 parent b47b740 commit ad8f010

File tree

1 file changed

+22
-12
lines changed

1 file changed

+22
-12
lines changed

sys/dev/ath/if_ath_beacon.c

+22-12
Original file line numberDiff line numberDiff line change
@@ -701,7 +701,6 @@ ath_beacon_generate(struct ath_softc *sc, struct ieee80211vap *vap)
701701
struct ath_vap *avp = ATH_VAP(vap);
702702
struct ath_txq *cabq = sc->sc_cabq;
703703
struct ath_buf *bf;
704-
struct mbuf *m;
705704
int nmcastq, error;
706705

707706
KASSERT(vap->iv_state >= IEEE80211_S_RUN,
@@ -715,16 +714,22 @@ ath_beacon_generate(struct ath_softc *sc, struct ieee80211vap *vap)
715714
* of the TIM bitmap).
716715
*/
717716
bf = avp->av_bcbuf;
718-
m = bf->bf_m;
717+
718+
if (bf->bf_m == NULL) {
719+
bf->bf_m = ieee80211_beacon_alloc(bf->bf_node);
720+
if (bf->bf_m == NULL) {
721+
return NULL;
722+
}
723+
}
724+
719725
/* XXX lock mcastq? */
720726
nmcastq = avp->av_mcastq.axq_depth;
721727

722-
if (ieee80211_beacon_update(bf->bf_node, m, nmcastq)) {
728+
if (ieee80211_beacon_update(bf->bf_node, bf->bf_m, nmcastq)) {
723729
/* XXX too conservative? */
724730
bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
725-
error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m,
726-
bf->bf_segs, &bf->bf_nseg,
727-
BUS_DMA_NOWAIT);
731+
error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap,
732+
bf->bf_m, bf->bf_segs, &bf->bf_nseg, BUS_DMA_NOWAIT);
728733
if (error != 0) {
729734
if_printf(vap->iv_ifp,
730735
"%s: bus_dmamap_load_mbuf_sg failed, error %u\n",
@@ -827,7 +832,6 @@ ath_beacon_start_adhoc(struct ath_softc *sc, struct ieee80211vap *vap)
827832
struct ath_vap *avp = ATH_VAP(vap);
828833
struct ath_hal *ah = sc->sc_ah;
829834
struct ath_buf *bf;
830-
struct mbuf *m;
831835
int error;
832836

833837
KASSERT(avp->av_bcbuf != NULL, ("no beacon buffer"));
@@ -839,13 +843,19 @@ ath_beacon_start_adhoc(struct ath_softc *sc, struct ieee80211vap *vap)
839843
* of the TIM bitmap).
840844
*/
841845
bf = avp->av_bcbuf;
842-
m = bf->bf_m;
843-
if (ieee80211_beacon_update(bf->bf_node, m, 0)) {
846+
847+
if (bf->bf_m == NULL) {
848+
bf->bf_m = ieee80211_beacon_alloc(bf->bf_node);
849+
if (bf->bf_m == NULL) {
850+
return;
851+
}
852+
}
853+
854+
if (ieee80211_beacon_update(bf->bf_node, bf->bf_m, 0)) {
844855
/* XXX too conservative? */
845856
bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
846-
error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m,
847-
bf->bf_segs, &bf->bf_nseg,
848-
BUS_DMA_NOWAIT);
857+
error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap,
858+
bf->bf_m, bf->bf_segs, &bf->bf_nseg, BUS_DMA_NOWAIT);
849859
if (error != 0) {
850860
if_printf(vap->iv_ifp,
851861
"%s: bus_dmamap_load_mbuf_sg failed, error %u\n",

0 commit comments

Comments
 (0)