Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f6b3f59 authored Jun 20, 2012 by Johannes Berg

mac80211: fix double-start of remain-on-channel



When a remain-on-channel item is deleted, we remove it
from the list and then start the next item. However,
if it wasn't actually the first item then calling
ieee80211_start_next_roc() is wrong as it will start
the first item -- even if that was already started.

Fix the two places that do this and add a warning to
prevent the problem from reoccurring.

Reported-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

parent 3bfda62c

net/mac80211/cfg.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2362,6 +2362,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,

		list_del(&found->list);

		if (found->started)
		ieee80211_start_next_roc(local);
		mutex_unlock(&local->mtx);

net/mac80211/offchannel.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -262,6 +262,9 @@ void ieee80211_start_next_roc(struct ieee80211_local *local)
		roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
		list);

		if (WARN_ON_ONCE(roc->started))
		return;

		if (local->ops->remain_on_channel) {
		int ret, duration = roc->duration;

		@@ -377,6 +380,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)

		ieee80211_recalc_idle(local);

		if (roc->started)
		ieee80211_start_next_roc(local);
		}