mac80211: fix sta_info mesh timer bug

I noticed a bug I introduced when mesh is enabled: sta_info_destroy()
will end up calling cancel_timer() on a timer that has never been
initialized because the timer is only initialized in mesh_plink_alloc(),
not in sta_info_alloc(). This patch moves the initialization of all mesh
related fields into sta_info_alloc(), adds a bit of sanity checking to
the cfg80211 handlers and sta_info_insert() and makes mesh_plink_alloc()
a static helper function that is only used from the mesh plink code.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: Luis Carlos Cobo <luisca@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

1 files changed, 5 insertions, 26 deletions

diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 85cb75d53c43..7f02ae8abe90 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -88,40 +88,19 @@ static inline void mesh_plink_fsm_restart(struct sta_info *sta)
         sta->llid = sta->plid = sta->reason = sta->plink_retries = 0;
 }
 
-/**
- * mesh_plink_alloc - allocate a new mesh peer link
- *
- * @sdata: local mesh interface
- * @hw_addr: hardware address (ETH_ALEN length)
- * @rates: rates the mesh peer supports
- *
- * The initial state of the new plink is set to LISTEN
- *
- * Returns: NULL on error.
- */
-struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
-                                  u8 *hw_addr, u64 rates, gfp_t gfp)
+static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
+                                         u8 *hw_addr, u64 rates)
 {
         struct ieee80211_local *local = sdata->local;
         struct sta_info *sta;
 
-        if (compare_ether_addr(hw_addr, sdata->dev->dev_addr) == 0)
-                /* never add ourselves as neighbours */
-                return NULL;
-
-        if (is_multicast_ether_addr(hw_addr))
-                return NULL;
-
         if (local->num_sta >= MESH_MAX_PLINKS)
                 return NULL;
 
-        sta = sta_info_alloc(sdata, hw_addr, gfp);
+        sta = sta_info_alloc(sdata, hw_addr, GFP_ATOMIC);
         if (!sta)
                 return NULL;
 
-        sta->plink_state = LISTEN;
-        spin_lock_init(&sta->plink_lock);
-        init_timer(&sta->plink_timer);
         sta->flags |= WLAN_STA_AUTHORIZED;
         sta->supp_rates[local->hw.conf.channel->band] = rates;
 
@@ -249,7 +228,7 @@ void mesh_neighbour_update(u8 *hw_addr, u64 rates, struct net_device *dev,
 
         sta = sta_info_get(local, hw_addr);
         if (!sta) {
-                sta = mesh_plink_alloc(sdata, hw_addr, rates, GFP_ATOMIC);
+                sta = mesh_plink_alloc(sdata, hw_addr, rates);
                 if (!sta) {
                         rcu_read_unlock();
                         return;
@@ -518,7 +497,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                 }
 
                 rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
-                sta = mesh_plink_alloc(sdata, mgmt->sa, rates, GFP_ATOMIC);
+                sta = mesh_plink_alloc(sdata, mgmt->sa, rates);
                 if (!sta) {
                         mpl_dbg("Mesh plink error: plink table full\n");
                         rcu_read_unlock();