Sat Sep 20 18:28:29 2008 UTC ()
iwn_node_alloc(): Allocate 'iwn_node' in M_80211_NODE (which is what
    ieee80211_node:node_free() expects), not M_DEVBUF. Fixes DIAGNOSTIC
    crashes due to suspected double-free.


(freza)
diff -r1.18 -r1.19 src/sys/dev/pci/if_iwn.c
cvs diff -r1.18 -r1.19 src/sys/dev/pci/if_iwn.c (expand / switch to unified diff)

--- src/sys/dev/pci/if_iwn.c 2008/09/14 10:09:39 1.18
+++ src/sys/dev/pci/if_iwn.c 2008/09/20 18:28:28 1.19
@@ -1,34 +1,34 @@ @@ -1,34 +1,34 @@
1/* $NetBSD: if_iwn.c,v 1.18 2008/09/14 10:09:39 freza Exp $ */ 1/* $NetBSD: if_iwn.c,v 1.19 2008/09/20 18:28:28 freza Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2007 4 * Copyright (c) 2007
5 * Damien Bergamini <damien.bergamini@free.fr> 5 * Damien Bergamini <damien.bergamini@free.fr>
6 * 6 *
7 * Permission to use, copy, modify, and distribute this software for any 7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above 8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies. 9 * copyright notice and this permission notice appear in all copies.
10 * 10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */ 18 */
19 19
20#include <sys/cdefs.h> 20#include <sys/cdefs.h>
21__KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.18 2008/09/14 10:09:39 freza Exp $"); 21__KERNEL_RCSID(0, "$NetBSD: if_iwn.c,v 1.19 2008/09/20 18:28:28 freza Exp $");
22 22
23 23
24/* 24/*
25 * Driver for Intel Wireless WiFi Link 4965AGN 802.11 network adapters. 25 * Driver for Intel Wireless WiFi Link 4965AGN 802.11 network adapters.
26 */ 26 */
27 27
28#include "bpfilter.h" 28#include "bpfilter.h"
29 29
30#include <sys/param.h> 30#include <sys/param.h>
31#include <sys/sockio.h> 31#include <sys/sockio.h>
32#include <sys/sysctl.h> 32#include <sys/sysctl.h>
33#include <sys/mbuf.h> 33#include <sys/mbuf.h>
34#include <sys/kernel.h> 34#include <sys/kernel.h>
@@ -934,32 +934,29 @@ iwn_free_tx_ring(struct iwn_softc *sc, s @@ -934,32 +934,29 @@ iwn_free_tx_ring(struct iwn_softc *sc, s
934 m_freem(data->m); 934 m_freem(data->m);
935 } 935 }
936 } 936 }
937 free(ring->data, M_DEVBUF); 937 free(ring->data, M_DEVBUF);
938 } 938 }
939} 939}
940 940
941/*ARGUSED*/ 941/*ARGUSED*/
942struct ieee80211_node * 942struct ieee80211_node *
943iwn_node_alloc(struct ieee80211_node_table *nt __unused) 943iwn_node_alloc(struct ieee80211_node_table *nt __unused)
944{ 944{
945 struct iwn_node *wn; 945 struct iwn_node *wn;
946 946
947 wn = malloc(sizeof (struct iwn_node), M_DEVBUF, M_NOWAIT); 947 wn = malloc(sizeof (struct iwn_node), M_80211_NODE, M_NOWAIT | M_ZERO);
948 948
949 if (wn != NULL) 
950 memset(wn, 0, sizeof (struct iwn_node)); 
951 return (struct ieee80211_node *)wn; 949 return (struct ieee80211_node *)wn;
952 
953} 950}
954 951
955static void 952static void
956iwn_newassoc(struct ieee80211_node *ni, int isnew) 953iwn_newassoc(struct ieee80211_node *ni, int isnew)
957{ 954{
958 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc; 955 struct iwn_softc *sc = ni->ni_ic->ic_ifp->if_softc;
959 int i; 956 int i;
960 957
961 ieee80211_amrr_node_init(&sc->amrr, &((struct iwn_node *)ni)->amn); 958 ieee80211_amrr_node_init(&sc->amrr, &((struct iwn_node *)ni)->amn);
962 959
963 /* set rate to some reasonable initial value */ 960 /* set rate to some reasonable initial value */
964 for (i = ni->ni_rates.rs_nrates - 1; 961 for (i = ni->ni_rates.rs_nrates - 1;
965 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72; 962 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72;