[PATCH] mac80211: fix direct probe loop on ieee80211_work_purge

[PATCH] mac80211: fix direct probe loop on ieee80211_work_purge

[Juuso Oikarinen]

If authentication has already been performed when the WLAN interface is
stopped, (sometimes) the ieee80211_work_purge would corrupt some
ieee80211_work-structures. The outcome is this (cleaned up):

[ 2252.398681] WARNING: at net/mac80211/work.c:995 ieee80211_work_purge
[ 2252.466430] Backtrace:
[ 2252.529266] (ieee80211_work_purge+0x0/0xcc [mac80211])
[ 2252.546875] (ieee80211_stop+0x0/0x4c0 [mac80211])

Additionally, one would get this, going on regarless of the WLAN interface
state, going on forever:

[ 2252.859985] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717525)
[ 2253.055419] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717524)
[ 2253.250610] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717523)
[ 2253.446014] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717522)
[ 2253.641357] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717521)

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
---
 net/mac80211/work.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index 7e708d5..1e1ea30 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -869,6 +869,7 @@ static void ieee80211_work_work(struct work_struct *work)
 			break;
 		case IEEE80211_WORK_ABORT:
 			rma = WORK_ACT_TIMEOUT;
+			break;
 		case IEEE80211_WORK_DIRECT_PROBE:
 			rma = ieee80211_direct_probe(wk);
 			break;
-- 
1.6.3.3

Re: [PATCH] mac80211: fix direct probe loop on ieee80211_work_purge

[Johannes Berg]

On Thu, 2010-02-25 at 15:05 +0200, Juuso Oikarinen wrote:
> If authentication has already been performed when the WLAN interface is
> stopped, (sometimes) the ieee80211_work_purge would corrupt some
> ieee80211_work-structures. The outcome is this (cleaned up):
> 
> [ 2252.398681] WARNING: at net/mac80211/work.c:995 ieee80211_work_purge
> [ 2252.466430] Backtrace:
> [ 2252.529266] (ieee80211_work_purge+0x0/0xcc [mac80211])
> [ 2252.546875] (ieee80211_stop+0x0/0x4c0 [mac80211])
> 
> Additionally, one would get this, going on regarless of the WLAN interface
> state, going on forever:
> 
> [ 2252.859985] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717525)
> [ 2253.055419] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717524)
> [ 2253.250610] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717523)
> [ 2253.446014] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717522)
> [ 2253.641357] wlan0: direct probe to 00:90:4c:60:04:00 (try -996717521)
> 
> Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
> ---
>  net/mac80211/work.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/net/mac80211/work.c b/net/mac80211/work.c
> index 7e708d5..1e1ea30 100644
> --- a/net/mac80211/work.c
> +++ b/net/mac80211/work.c
> @@ -869,6 +869,7 @@ static void ieee80211_work_work(struct work_struct *work)
>  			break;
>  		case IEEE80211_WORK_ABORT:
>  			rma = WORK_ACT_TIMEOUT;
> +			break;
>  		case IEEE80211_WORK_DIRECT_PROBE:
>  			rma = ieee80211_direct_probe(wk);
>  			break;

Wow, thanks. I had been looking for this bug but never found it and then
it stopped happening for me ...

Reviewed-by: Johannes Berg <johannes@sipsolutions.net>

johannes