Re: iwn 2

To: tech-kern%netbsd.org@localhost
Subject: Re: iwn 2
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 17 Aug 2011 16:52:24 +0000 (UTC)

In article <20110817163028.GE27079%mrao.cam.ac.uk@localhost>,
Patrick Welche  <prlw1%cam.ac.uk@localhost> wrote:
>I'm just reading if_iwn.c, and I don't see how iwn_iter_func can be legal:
>
>static void     
>iwn_iter_func(void *arg, struct ieee80211_node *ni)
>{
>        struct iwn_softc *sc = arg;
>        struct iwn_node *wn = (struct iwn_node *)ni;
>
>        ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn);
>}
>
>iwn_node is bigger than ieee80211_node, as it starts with an ieee80211_node:
>
>struct iwn_node {       
>        struct  ieee80211_node          ni;     /* must be the first */
>        struct  ieee80211_amrr_node     amn;
>        uint16_t                        disable_tid;
>        uint8_t                         id;
>        uint8_t                         ridx[IEEE80211_RATE_MAXSIZE];
>};
>
>Then, the call to ieee80211_amrr_choose uses amn, which is after the
>struct the iwn_node was initalised with. ieee80211_amrr_choose then starts
>by dereferencing bits of the amn. Isn't that pointing at garbage?
>
>I haven't used iwn as an "infrastructure station", so have never run into
>trouble, but is the C analysis right?

It allocates enough space because the 80211 code uses iwn_node_alloc to
allocate ieee80211_nodes, so that is fine.

christos

Follow-Ups:
- Re: iwn 2
  - From: Patrick Welche

References:
- iwn 2
  - From: Patrick Welche

Prev by Date: Re: iwn 2
Next by Date: Re: iwn 2
Previous by Thread: Re: iwn 2
Next by Thread: Re: iwn 2
Indexes:

Home | Main Index | Thread Index | Old Index