iwlwifi: avoid race condition in channel change

When iwl_mac_config() is called by mac80211, the channel pointer hw->conf->channel can potentially change, resulting in mismatch band and channel number when configuring RXON command. To avoid this situation, save the channel pointer in local variables and validate the channel before using it. Note that priv->mutex is locked during the whole function so the local variables are safe. Same change is applied to iwl_mac_channel_switch() since basically it copies code from iwl_mac_config(). Also removed an outdated comment in the flow. Signed-off-by: Shanyu Zhao <shanyu.zhao@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
author: Shanyu Zhao <shanyu.zhao@intel.com> 2010-07-28 16:40:39 -0400
committer: John W. Linville <linville@tuxdriver.com> 2010-08-24 16:32:01 -0400
commit: aa2dc6b529d781a375f7ad3185198f6315865b06 (patch)
tree: 86941fc4b57927321c2f8f96630aec4574b1212d /drivers/net/wireless/iwlwifi/iwl-agn.c
parent: 81e95430aaa898799421617c2db2882386bab69a (diff)
1 files changed, 6 insertions, 8 deletions
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn.c b/drivers/net/wireless/iwlwifi/iwl-agn.c
index eecfec7c4063..61ecd180982e 100644
--- a/drivers/net/wireless/iwlwifi/iwl-agn.c
+++ b/drivers/net/wireless/iwlwifi/iwl-agn.c
@@ -3632,6 +3632,7 @@ static void iwl_mac_channel_switch(struct ieee80211_hw *hw,
        struct iwl_priv *priv = hw->priv;
        const struct iwl_channel_info *ch_info;
        struct ieee80211_conf *conf = &hw->conf;
+        struct ieee80211_channel *channel = ch_switch->channel;
        struct iwl_ht_config *ht_conf = &priv->current_ht_config;
        u16 ch;
        unsigned long flags = 0;
@@ -3655,10 +3656,10 @@ static void iwl_mac_channel_switch(struct ieee80211_hw *hw,
        mutex_lock(&priv->mutex);
        if (priv->cfg->ops->lib->set_channel_switch) {
-                ch = ch_switch->channel->hw_value;
+                ch = channel->hw_value;
                if (le16_to_cpu(priv->active_rxon.channel) != ch) {
                        ch_info = iwl_get_channel_info(priv,
-                                                       conf->channel->band,
+                                                       channel->band,
                                                       ch);
                        if (!is_channel_valid(ch_info)) {
                                IWL_DEBUG_MAC80211(priv, "invalid channel\n");
@@ -3687,15 +3688,12 @@ static void iwl_mac_channel_switch(struct ieee80211_hw *hw,
                        } else
                                ht_conf->is_40mhz = false;
-                        /* if we are switching from ht to 2.4 clear flags
+                        if (le16_to_cpu(priv->staging_rxon.channel) != ch)
-                         * from any ht related info since 2.4 does not
-                         * support ht */
-                        if ((le16_to_cpu(priv->staging_rxon.channel) != ch))
                                priv->staging_rxon.flags = 0;
-                        iwl_set_rxon_channel(priv, conf->channel);
+                        iwl_set_rxon_channel(priv, channel);
                        iwl_set_rxon_ht(priv, ht_conf);
-                        iwl_set_flags_for_band(priv, conf->channel->band,
+                        iwl_set_flags_for_band(priv, channel->band,
                                               priv->vif);
                        spin_unlock_irqrestore(&priv->lock, flags);
author	Shanyu Zhao <shanyu.zhao@intel.com>	2010-07-28 16:40:39 -0400
committer	John W. Linville <linville@tuxdriver.com>	2010-08-24 16:32:01 -0400
commit	aa2dc6b529d781a375f7ad3185198f6315865b06 (patch)
tree	86941fc4b57927321c2f8f96630aec4574b1212d /drivers/net/wireless/iwlwifi/iwl-agn.c
parent	81e95430aaa898799421617c2db2882386bab69a (diff)