summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2012-06-20 20:11:33 +0200
committerJohannes Berg <johannes.berg@intel.com>2012-06-20 20:12:12 +0200
commit0f6b3f597daab2254614e2773e322e73fb1b6f4b (patch)
tree88a4d19016a1564598e9e083444d1948dae5c99d
parent3bfda62c50b0a4b118dcfce36686508ca2892292 (diff)
downloadlwn-0f6b3f597daab2254614e2773e322e73fb1b6f4b.tar.gz
lwn-0f6b3f597daab2254614e2773e322e73fb1b6f4b.zip
mac80211: fix double-start of remain-on-channel
When a remain-on-channel item is deleted, we remove it from the list and then start the next item. However, if it wasn't actually the first item then calling ieee80211_start_next_roc() is wrong as it will start the first item -- even if that was already started. Fix the two places that do this and add a warning to prevent the problem from reoccurring. Reported-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r--net/mac80211/cfg.c3
-rw-r--r--net/mac80211/offchannel.c6
2 files changed, 7 insertions, 2 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index a6abcd473434..03aff23c70fd 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2362,7 +2362,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
list_del(&found->list);
- ieee80211_start_next_roc(local);
+ if (found->started)
+ ieee80211_start_next_roc(local);
mutex_unlock(&local->mtx);
ieee80211_roc_notify_destroy(found);
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index febce7fb7bb1..7f93626ddc61 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -262,6 +262,9 @@ void ieee80211_start_next_roc(struct ieee80211_local *local)
roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
list);
+ if (WARN_ON_ONCE(roc->started))
+ return;
+
if (local->ops->remain_on_channel) {
int ret, duration = roc->duration;
@@ -377,7 +380,8 @@ void ieee80211_sw_roc_work(struct work_struct *work)
ieee80211_recalc_idle(local);
- ieee80211_start_next_roc(local);
+ if (roc->started)
+ ieee80211_start_next_roc(local);
}
out_unlock: