mac80211: move roc cookie assignment earlier

Message ID	1389517597-3865-1-git-send-email-eliad@wizery.com (mailing list archive)
State	Not Applicable, archived
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Eliad Peller <eliad@wizery.com> To: Johannes Berg <johannes@sipsolutions.net> Cc: <linux-wireless@vger.kernel.org> Subject: [PATCH] mac80211: move roc cookie assignment earlier Date: Sun, 12 Jan 2014 11:06:37 +0200 Message-Id: <1389517597-3865-1-git-send-email-eliad@wizery.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk

Message ID

1389517597-3865-1-git-send-email-eliad@wizery.com (mailing list archive)

State

Not Applicable, archived

Headers

From: Eliad Peller <eliad@wizery.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: <linux-wireless@vger.kernel.org>
Subject: [PATCH] mac80211: move roc cookie assignment earlier
Date: Sun, 12 Jan 2014 11:06:37 +0200
Message-Id: <1389517597-3865-1-git-send-email-eliad@wizery.com>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk

Commit Message

Eliad Peller Jan. 12, 2014, 9:06 a.m. UTC

ieee80211_start_roc_work() might add a new roc
to existing roc, and tell cfg80211 it has already
started.

However, this might happen before the roc cookie
was set, resulting in REMAIN_ON_CHANNEL (started)
event with null cookie. Consequently, it can make
wpa_supplicant go out of sync.

Fix it by setting the roc cookie earlier.

Signed-off-by: Eliad Peller <eliad@wizery.com>
---
 net/mac80211/cfg.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

Comments

Johannes Berg Jan. 14, 2014, 12:54 p.m. UTC | #1

On Sun, 2014-01-12 at 11:06 +0200, Eliad Peller wrote:
> ieee80211_start_roc_work() might add a new roc
> to existing roc, and tell cfg80211 it has already
> started.
> 
> However, this might happen before the roc cookie
> was set, resulting in REMAIN_ON_CHANNEL (started)
> event with null cookie. Consequently, it can make
> wpa_supplicant go out of sync.
> 
> Fix it by setting the roc cookie earlier.

Applied (to mac80211.git), I also decided to add a Cc stable tag. I'm
not going to send any more pull requests until the merge window closes,
so it'll be a while.

johannes

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index f9ae9b8..94b4acb 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2638,6 +2638,24 @@  static int ieee80211_start_roc_work(struct ieee80211_local *local,
 	INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work);
 	INIT_LIST_HEAD(&roc->dependents);
 
+	/*
+	 * cookie is either the roc cookie (for normal roc)
+	 * or the SKB (for mgmt TX)
+	 */
+	if (!txskb) {
+		/* local->mtx protects this */
+		local->roc_cookie_counter++;
+		roc->cookie = local->roc_cookie_counter;
+		/* wow, you wrapped 64 bits ... more likely a bug */
+		if (WARN_ON(roc->cookie == 0)) {
+			roc->cookie = 1;
+			local->roc_cookie_counter++;
+		}
+		*cookie = roc->cookie;
+	} else {
+		*cookie = (unsigned long)txskb;
+	}
+
 	/* if there's one pending or we're scanning, queue this one */
 	if (!list_empty(&local->roc_list) ||
 	    local->scanning || local->radar_detect_enabled)
@@ -2772,24 +2790,6 @@  static int ieee80211_start_roc_work(struct ieee80211_local *local,
 	if (!queued)
 		list_add_tail(&roc->list, &local->roc_list);
 
-	/*
-	 * cookie is either the roc cookie (for normal roc)
-	 * or the SKB (for mgmt TX)
-	 */
-	if (!txskb) {
-		/* local->mtx protects this */
-		local->roc_cookie_counter++;
-		roc->cookie = local->roc_cookie_counter;
-		/* wow, you wrapped 64 bits ... more likely a bug */
-		if (WARN_ON(roc->cookie == 0)) {
-			roc->cookie = 1;
-			local->roc_cookie_counter++;
-		}
-		*cookie = roc->cookie;
-	} else {
-		*cookie = (unsigned long)txskb;
-	}
-
 	return 0;
 }

mac80211: move roc cookie assignment earlier

Commit Message

Comments

Patch