mac80211: fix scan race, simplify code
The scan code has a race that Michael reported he ran into, but it's easy to fix while at the same time simplifying the code. The race resulted in the following warning: ------------[ cut here ]------------ WARNING: at net/mac80211/scan.c:310 ieee80211_rx_bss_free+0x20c/0x4b8 [mac80211]() Modules linked in: [...] [<c0033edc>] (unwind_backtrace+0x0/0xe0) from [<c004f2a4>] (warn_slowpath_common+0x4c/0x64) [... backtrace wasn't useful ...] Reported-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Johannes Berg
John W. Linville
parent
2a6672f2c4
commit
d07bfd8b6f
@ -258,10 +258,12 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
|
static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
|
||||||
bool was_hw_scan)
|
bool was_hw_scan)
|
||||||
{
|
{
|
||||||
struct ieee80211_local *local = hw_to_local(hw);
|
struct ieee80211_local *local = hw_to_local(hw);
|
||||||
|
bool on_oper_chan;
|
||||||
|
bool enable_beacons = false;
|
||||||
|
|
||||||
lockdep_assert_held(&local->mtx);
|
lockdep_assert_held(&local->mtx);
|
||||||
|
|
||||||
@ -275,12 +277,12 @@ static bool __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
|
|||||||
aborted = true;
|
aborted = true;
|
||||||
|
|
||||||
if (WARN_ON(!local->scan_req))
|
if (WARN_ON(!local->scan_req))
|
||||||
return false;
|
return;
|
||||||
|
|
||||||
if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
|
if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
|
||||||
int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req);
|
int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req);
|
||||||
if (rc == 0)
|
if (rc == 0)
|
||||||
return false;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
kfree(local->hw_scan_req);
|
kfree(local->hw_scan_req);
|
||||||
@ -294,26 +296,11 @@ static bool __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
|
|||||||
local->scanning = 0;
|
local->scanning = 0;
|
||||||
local->scan_channel = NULL;
|
local->scan_channel = NULL;
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void __ieee80211_scan_completed_finish(struct ieee80211_hw *hw,
|
|
||||||
bool was_hw_scan)
|
|
||||||
{
|
|
||||||
struct ieee80211_local *local = hw_to_local(hw);
|
|
||||||
bool on_oper_chan;
|
|
||||||
bool enable_beacons = false;
|
|
||||||
|
|
||||||
mutex_lock(&local->mtx);
|
|
||||||
on_oper_chan = ieee80211_cfg_on_oper_channel(local);
|
on_oper_chan = ieee80211_cfg_on_oper_channel(local);
|
||||||
|
|
||||||
WARN_ON(local->scanning & (SCAN_SW_SCANNING | SCAN_HW_SCANNING));
|
if (was_hw_scan || !on_oper_chan)
|
||||||
|
|
||||||
if (was_hw_scan || !on_oper_chan) {
|
|
||||||
if (WARN_ON(local->scan_channel))
|
|
||||||
local->scan_channel = NULL;
|
|
||||||
ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
|
ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
|
||||||
} else
|
else
|
||||||
/* Set power back to normal operating levels. */
|
/* Set power back to normal operating levels. */
|
||||||
ieee80211_hw_config(local, 0);
|
ieee80211_hw_config(local, 0);
|
||||||
|
|
||||||
@ -331,7 +318,6 @@ static void __ieee80211_scan_completed_finish(struct ieee80211_hw *hw,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ieee80211_recalc_idle(local);
|
ieee80211_recalc_idle(local);
|
||||||
mutex_unlock(&local->mtx);
|
|
||||||
|
|
||||||
ieee80211_mlme_notify_scan_completed(local);
|
ieee80211_mlme_notify_scan_completed(local);
|
||||||
ieee80211_ibss_notify_scan_completed(local);
|
ieee80211_ibss_notify_scan_completed(local);
|
||||||
@ -686,12 +672,14 @@ void ieee80211_scan_work(struct work_struct *work)
|
|||||||
{
|
{
|
||||||
struct ieee80211_local *local =
|
struct ieee80211_local *local =
|
||||||
container_of(work, struct ieee80211_local, scan_work.work);
|
container_of(work, struct ieee80211_local, scan_work.work);
|
||||||
struct ieee80211_sub_if_data *sdata = local->scan_sdata;
|
struct ieee80211_sub_if_data *sdata;
|
||||||
unsigned long next_delay = 0;
|
unsigned long next_delay = 0;
|
||||||
bool aborted, hw_scan, finish;
|
bool aborted, hw_scan;
|
||||||
|
|
||||||
mutex_lock(&local->mtx);
|
mutex_lock(&local->mtx);
|
||||||
|
|
||||||
|
sdata = local->scan_sdata;
|
||||||
|
|
||||||
if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
|
if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
|
||||||
aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
|
aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
|
||||||
goto out_complete;
|
goto out_complete;
|
||||||
@ -755,17 +743,11 @@ void ieee80211_scan_work(struct work_struct *work)
|
|||||||
} while (next_delay == 0);
|
} while (next_delay == 0);
|
||||||
|
|
||||||
ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
|
ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
|
||||||
mutex_unlock(&local->mtx);
|
goto out;
|
||||||
return;
|
|
||||||
|
|
||||||
out_complete:
|
out_complete:
|
||||||
hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
|
hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
|
||||||
finish = __ieee80211_scan_completed(&local->hw, aborted, hw_scan);
|
__ieee80211_scan_completed(&local->hw, aborted, hw_scan);
|
||||||
mutex_unlock(&local->mtx);
|
|
||||||
if (finish)
|
|
||||||
__ieee80211_scan_completed_finish(&local->hw, hw_scan);
|
|
||||||
return;
|
|
||||||
|
|
||||||
out:
|
out:
|
||||||
mutex_unlock(&local->mtx);
|
mutex_unlock(&local->mtx);
|
||||||
}
|
}
|
||||||
@ -835,7 +817,6 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
|
|||||||
void ieee80211_scan_cancel(struct ieee80211_local *local)
|
void ieee80211_scan_cancel(struct ieee80211_local *local)
|
||||||
{
|
{
|
||||||
bool abortscan;
|
bool abortscan;
|
||||||
bool finish = false;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We are only canceling software scan, or deferred scan that was not
|
* We are only canceling software scan, or deferred scan that was not
|
||||||
@ -855,14 +836,17 @@ void ieee80211_scan_cancel(struct ieee80211_local *local)
|
|||||||
|
|
||||||
mutex_lock(&local->mtx);
|
mutex_lock(&local->mtx);
|
||||||
abortscan = local->scan_req && !test_bit(SCAN_HW_SCANNING, &local->scanning);
|
abortscan = local->scan_req && !test_bit(SCAN_HW_SCANNING, &local->scanning);
|
||||||
if (abortscan)
|
|
||||||
finish = __ieee80211_scan_completed(&local->hw, true, false);
|
|
||||||
mutex_unlock(&local->mtx);
|
|
||||||
|
|
||||||
if (abortscan) {
|
if (abortscan) {
|
||||||
/* The scan is canceled, but stop work from being pending */
|
/*
|
||||||
cancel_delayed_work_sync(&local->scan_work);
|
* The scan is canceled, but stop work from being pending.
|
||||||
|
*
|
||||||
|
* If the work is currently running, it must be blocked on
|
||||||
|
* the mutex, but we'll set scan_sdata = NULL and it'll
|
||||||
|
* simply exit once it acquires the mutex.
|
||||||
|
*/
|
||||||
|
cancel_delayed_work(&local->scan_work);
|
||||||
|
/* and clean up */
|
||||||
|
__ieee80211_scan_completed(&local->hw, true, false);
|
||||||
}
|
}
|
||||||
if (finish)
|
mutex_unlock(&local->mtx);
|
||||||
__ieee80211_scan_completed_finish(&local->hw, false);
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user