* [PATCH] mac80211: fix IBSS teardown race
@ 2011-06-08 11:25 Johannes Berg
2011-06-08 11:27 ` [PATCH v2] " Johannes Berg
0 siblings, 1 reply; 2+ messages in thread
From: Johannes Berg @ 2011-06-08 11:25 UTC (permalink / raw)
To: John Linville; +Cc: linux-wireless, Ignacy Gawedzki
From: Johannes Berg <johannes.berg@intel.com>
Ignacy reports that sometimes after leaving an IBSS
joining a new one didn't work because there still
were stations on the list. He fixed it by flushing
stations when attempting to join a new IBSS, but
this shouldn't be happening in the first case. When
I looked into it I saw a race condition in teardown
that could cause stations to be added after flush,
and thus cause this situation. Ignacy confirms that
after applying my patch he hasn't seen this happen
again.
Reported-by: Ignacy Gawedzki <i@lri.fr>
Debugged-by: Ignacy Gawedzki <i@lri.fr>
Tested-by: Ignacy Gawedzki <i@lri.fr>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/ibss.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/mac80211/ibss.c 2011-06-08 07:55:21.000000000 +0200
+++ b/net/mac80211/ibss.c 2011-06-08 13:16:20.000000000 +0200
@@ -965,6 +965,10 @@ int ieee80211_ibss_leave(struct ieee8021
mutex_lock(&sdata->u.ibss.mtx);
+ sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
+ memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
+ sdata->u.ibss.ssid_len = 0;
+
active_ibss = ieee80211_sta_active_ibss(sdata);
if (!active_ibss && !is_zero_ether_addr(ifibss->bssid)) {
@@ -999,8 +1003,6 @@ int ieee80211_ibss_leave(struct ieee8021
kfree_skb(skb);
skb_queue_purge(&sdata->skb_queue);
- memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
- sdata->u.ibss.ssid_len = 0;
del_timer_sync(&sdata->u.ibss.timer);
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH v2] mac80211: fix IBSS teardown race
2011-06-08 11:25 [PATCH] mac80211: fix IBSS teardown race Johannes Berg
@ 2011-06-08 11:27 ` Johannes Berg
0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2011-06-08 11:27 UTC (permalink / raw)
To: John Linville; +Cc: linux-wireless, Ignacy Gawedzki
From: Johannes Berg <johannes.berg@intel.com>
Ignacy reports that sometimes after leaving an IBSS
joining a new one didn't work because there still
were stations on the list. He fixed it by flushing
stations when attempting to join a new IBSS, but
this shouldn't be happening in the first case. When
I looked into it I saw a race condition in teardown
that could cause stations to be added after flush,
and thus cause this situation. Ignacy confirms that
after applying my patch he hasn't seen this happen
again.
Reported-by: Ignacy Gawedzki <i@lri.fr>
Debugged-by: Ignacy Gawedzki <i@lri.fr>
Tested-by: Ignacy Gawedzki <i@lri.fr>
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
v2: cc stable
net/mac80211/ibss.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/mac80211/ibss.c 2011-06-08 07:55:21.000000000 +0200
+++ b/net/mac80211/ibss.c 2011-06-08 13:16:20.000000000 +0200
@@ -965,6 +965,10 @@ int ieee80211_ibss_leave(struct ieee8021
mutex_lock(&sdata->u.ibss.mtx);
+ sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
+ memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
+ sdata->u.ibss.ssid_len = 0;
+
active_ibss = ieee80211_sta_active_ibss(sdata);
if (!active_ibss && !is_zero_ether_addr(ifibss->bssid)) {
@@ -999,8 +1003,6 @@ int ieee80211_ibss_leave(struct ieee8021
kfree_skb(skb);
skb_queue_purge(&sdata->skb_queue);
- memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
- sdata->u.ibss.ssid_len = 0;
del_timer_sync(&sdata->u.ibss.timer);
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-06-08 11:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-06-08 11:25 [PATCH] mac80211: fix IBSS teardown race Johannes Berg
2011-06-08 11:27 ` [PATCH v2] " Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).