[RFC 1/2] mac80211: Stop timer before deleting data structures.

[RFC 1/2] mac80211: Stop timer before deleting data structures.

[greearb]

From: Ben Greear <greearb@candelatech.com>

Not sure this matters, but it seems cleaner.

Signed-off-by: Ben Greear <greearb@candelatech.com>
---
 net/mac80211/mlme.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 732eda0..ebfa416 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -4379,11 +4379,11 @@ void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
 	cancel_work_sync(&ifmgd->chswitch_work);
 
 	mutex_lock(&ifmgd->mtx);
+	del_timer_sync(&ifmgd->timer);
 	if (ifmgd->assoc_data)
 		ieee80211_destroy_assoc_data(sdata, false, true);
 	if (ifmgd->auth_data)
 		ieee80211_destroy_auth_data(sdata, false);
-	del_timer_sync(&ifmgd->timer);
 	mutex_unlock(&ifmgd->mtx);
 }
 
-- 
1.7.3.4

[RFC 2/2] wireless: Make sure __cfg80211_connect_result always puts bss.

[greearb]

From: Ben Greear <greearb@candelatech.com>

Otherwise, we can leak a bss reference.

Signed-off-by: Ben Greear <greearb@candelatech.com>
---
 net/wireless/sme.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 6066720..ea2ce33 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -420,6 +420,7 @@ void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
 	schedule_work(&rdev->conn_work);
 }
 
+/** This method must consume bss one way or another */
 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 			       const u8 *req_ie, size_t req_ie_len,
 			       const u8 *resp_ie, size_t resp_ie_len,
@@ -435,11 +436,17 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 	ASSERT_WDEV_LOCK(wdev);
 
 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
-		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
+		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) {
+		if (bss)
+			cfg80211_put_bss(wdev->wiphy, bss);
 		return;
+	}
 
-	if (wdev->sme_state != CFG80211_SME_CONNECTING)
+	if (wdev->sme_state != CFG80211_SME_CONNECTING) {
+		if (bss)
+			cfg80211_put_bss(wdev->wiphy, bss);
 		return;
+	}
 
 	nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev,
 				    bssid, req_ie, req_ie_len,
-- 
1.7.3.4

Re: [RFC 1/2] mac80211: Stop timer before deleting data structures.

[Johannes Berg]

On Mon, 2013-06-17 at 17:28 -0700, greearb@candelatech.com wrote:
> From: Ben Greear <greearb@candelatech.com>
> 
> Not sure this matters, but it seems cleaner.

It really doesn't make a difference at all since it's all locked and the
timer just fires off the work struct.

johannes

Re: [RFC 2/2] wireless: Make sure __cfg80211_connect_result always puts bss.

[Johannes Berg]

On Mon, 2013-06-17 at 17:28 -0700, greearb@candelatech.com wrote:
> From: Ben Greear <greearb@candelatech.com>
> 
> Otherwise, we can leak a bss reference.
> 
> Signed-off-by: Ben Greear <greearb@candelatech.com>
> ---
>  net/wireless/sme.c |   11 +++++++++--
>  1 files changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> index 6066720..ea2ce33 100644
> --- a/net/wireless/sme.c
> +++ b/net/wireless/sme.c
> @@ -420,6 +420,7 @@ void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
>  	schedule_work(&rdev->conn_work);
>  }
>  
> +/** This method must consume bss one way or another */
>  void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
>  			       const u8 *req_ie, size_t req_ie_len,
>  			       const u8 *resp_ie, size_t resp_ie_len,
> @@ -435,11 +436,17 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
>  	ASSERT_WDEV_LOCK(wdev);
>  
>  	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
> -		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
> +		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) {
> +		if (bss)
> +			cfg80211_put_bss(wdev->wiphy, bss);
>  		return;
> +	}

This is reasonable, though it'd be stupid to call it in this case, I'm
not worried about leaking when the warning triggers.

> -	if (wdev->sme_state != CFG80211_SME_CONNECTING)
> +	if (wdev->sme_state != CFG80211_SME_CONNECTING) {
> +		if (bss)
> +			cfg80211_put_bss(wdev->wiphy, bss);
>  		return;
> +	}

This code doesn't exist any more.

johannes