23401900d3
The ieee80211_swbmiss() callout is not called with the ic lock held, so it's quite possible the scheduler will run the callout during a state change. This patch: * changes the swbmiss callout to be locked by the ic lock * enforces the ic lock being held across the beacon vap functions by grabbing it inside beacon_miss() and beacon_swmiss(). This ensures that the ic lock is held (and thus the VAP state stays constant) during beacon miss and software miss processing. Since the callout is removed whilst the ic lock is held, it also ensures that the ic lock can't be called during a state change or exhibit any race conditions seen above. Both Edgar and Joel report that this patch fixes the crash and doesn't introduce new issues. Reported by: Edgar Martinez <emartinez@kbcnetworks.com> Reported by: Joel Dahl <joel@vnode.se> Reported by: emaste