From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Nirav Shah <nirav.j2.shah@intel.com>,
Johannes Berg <johannes.berg@intel.com>,
"John W. Linville" <linville@tuxdriver.com>
Subject: [ 05/20] mac80211: clean up remain-on-channel on interface stop
Date: Thu, 14 Jun 2012 16:56:49 -0700 [thread overview]
Message-ID: <20120614235644.744223603@linuxfoundation.org> (raw)
In-Reply-To: <20120614235648.GA6552@kroah.com>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 71ecfa1893034eeb1c93e02e22ee2ad26d080858 upstream.
When any interface goes down, it could be the one that we
were doing a remain-on-channel with. We therefore need to
cancel the remain-on-channel and flush the related work
structs so they don't run after the interface has been
removed or even destroyed.
It's also possible in this case that an off-channel SKB
was never transmitted, so free it if this is the case.
Note that this can also happen if the driver finishes
the off-channel period without ever starting it.
Reported-by: Nirav Shah <nirav.j2.shah@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/iface.c | 12 ++++++++++++
net/mac80211/offchannel.c | 16 ++++++++++++++++
2 files changed, 28 insertions(+)
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -498,6 +498,18 @@ static void ieee80211_do_stop(struct iee
ieee80211_configure_filter(local);
break;
default:
+ mutex_lock(&local->mtx);
+ if (local->hw_roc_dev == sdata->dev &&
+ local->hw_roc_channel) {
+ /* ignore return value since this is racy */
+ drv_cancel_remain_on_channel(local);
+ ieee80211_queue_work(&local->hw, &local->hw_roc_done);
+ }
+ mutex_unlock(&local->mtx);
+
+ flush_work(&local->hw_roc_start);
+ flush_work(&local->hw_roc_done);
+
flush_work(&sdata->work);
/*
* When we get here, the interface is marked down.
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -251,6 +251,22 @@ static void ieee80211_hw_roc_done(struct
return;
}
+ /* was never transmitted */
+ if (local->hw_roc_skb) {
+ u64 cookie;
+
+ cookie = local->hw_roc_cookie ^ 2;
+
+ cfg80211_mgmt_tx_status(local->hw_roc_dev, cookie,
+ local->hw_roc_skb->data,
+ local->hw_roc_skb->len, false,
+ GFP_KERNEL);
+
+ kfree_skb(local->hw_roc_skb);
+ local->hw_roc_skb = NULL;
+ local->hw_roc_skb_for_status = NULL;
+ }
+
if (!local->hw_roc_for_tx)
cfg80211_remain_on_channel_expired(local->hw_roc_dev,
local->hw_roc_cookie,
next prev parent reply other threads:[~2012-06-14 23:56 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-14 23:56 [ 00/20] 3.0.35-stable review Greg KH
2012-06-14 23:56 ` [ 01/20] char/agp: add another Ironlake host bridge Greg KH
2012-06-14 23:56 ` [ 02/20] btree: fix tree corruption in btree_get_prev() Greg KH
2012-06-14 23:56 ` [ 03/20] powerpc: Fix kernel panic during kernel module load Greg KH
2012-06-14 23:56 ` [ 04/20] crypto: aesni-intel - fix unaligned cbc decrypt for x86-32 Greg KH
2012-06-14 23:56 ` Greg KH [this message]
2012-06-14 23:56 ` [ 06/20] cfg80211: fix interface combinations check Greg KH
2012-06-14 23:56 ` [ 07/20] net: sierra_net: device IDs for Aircard 320U++ Greg KH
2012-06-14 23:56 ` [ 08/20] can: c_can: fix "BUG! echo_skb is occupied!" during transmit Greg KH
2012-06-14 23:56 ` [ 09/20] can: c_can: fix an interrupt thrash issue with c_can driver Greg KH
2012-06-14 23:56 ` [ 10/20] can: c_can: fix race condition in c_can_open() Greg KH
2012-06-14 23:56 ` [ 11/20] hwmon: (fam15h_power) Increase output resolution Greg KH
2012-06-14 23:56 ` [ 12/20] acpi_video: fix leaking PCI references Greg KH
2012-06-14 23:56 ` [ 13/20] sched: Fix the relax_domain_level boot parameter Greg KH
2012-06-14 23:56 ` [ 14/20] iwlwifi: dont mess up the SCD when removing a key Greg KH
2012-06-14 23:56 ` [ 15/20] x86, MCE, AMD: Make APIC LVT thresholding interrupt optional Greg KH
2012-06-14 23:57 ` [ 16/20] fuse: fix stat call on 32 bit platforms Greg KH
2012-06-14 23:57 ` [ 17/20] e1000: save skb counts in TX to avoid cache misses Greg KH
2012-06-14 23:57 ` [ 18/20] mm/vmalloc.c: change void* into explict vm_struct* Greg KH
2012-06-14 23:57 ` [ 19/20] mm: fix faulty initialization in vmalloc_init() Greg KH
2012-06-14 23:57 ` [ 20/20] hugetlb: fix resv_map leak in error path Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120614235644.744223603@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=nirav.j2.shah@intel.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).