diff options
author | Johannes Berg <johannes.berg@intel.com> | 2012-06-20 20:11:33 +0200 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2012-06-20 20:12:12 +0200 |
commit | 0f6b3f597daab2254614e2773e322e73fb1b6f4b (patch) | |
tree | 88a4d19016a1564598e9e083444d1948dae5c99d | |
parent | 3bfda62c50b0a4b118dcfce36686508ca2892292 (diff) | |
download | op-kernel-dev-0f6b3f597daab2254614e2773e322e73fb1b6f4b.zip op-kernel-dev-0f6b3f597daab2254614e2773e322e73fb1b6f4b.tar.gz |
mac80211: fix double-start of remain-on-channel
When a remain-on-channel item is deleted, we remove it
from the list and then start the next item. However,
if it wasn't actually the first item then calling
ieee80211_start_next_roc() is wrong as it will start
the first item -- even if that was already started.
Fix the two places that do this and add a warning to
prevent the problem from reoccurring.
Reported-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r-- | net/mac80211/cfg.c | 3 | ||||
-rw-r--r-- | net/mac80211/offchannel.c | 6 |
2 files changed, 7 insertions, 2 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index a6abcd4..03aff23 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2362,7 +2362,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, list_del(&found->list); - ieee80211_start_next_roc(local); + if (found->started) + ieee80211_start_next_roc(local); mutex_unlock(&local->mtx); ieee80211_roc_notify_destroy(found); diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index febce7f..7f93626 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c @@ -262,6 +262,9 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, list); + if (WARN_ON_ONCE(roc->started)) + return; + if (local->ops->remain_on_channel) { int ret, duration = roc->duration; @@ -377,7 +380,8 @@ void ieee80211_sw_roc_work(struct work_struct *work) ieee80211_recalc_idle(local); - ieee80211_start_next_roc(local); + if (roc->started) + ieee80211_start_next_roc(local); } out_unlock: |