cfg80211/mac80211/ath6kl: acquire wdev lock outside ch_switch_notify

The channel switch notification should be sent under the wdev/sdata-lock, preferably in the same moment as the channel change happens, to avoid races by other callers (e.g. start/stop_ap). This also adds the previously missing sdata_lock protection in csa_finalize_work. Reported-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Simon Wunderlich <sw@simonwunderlich.de> 2013-11-21 12:19:51 -0500
committer: Johannes Berg <johannes.berg@intel.com> 2013-12-02 05:51:54 -0500
commit: e487eaeb076a44c69dc61348cbc903151bb8fcbd (patch)
tree: 715d57f18ec0f3e3565a711f43248a3b8c8a42eb /net/mac80211
parent: 7ca133bc7f9dd5cee2b469eb917bd352be80a690 (diff)
1 files changed, 15 insertions, 6 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 4a5c21ed64d1..1d446ac97ab5 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2988,13 +2988,18 @@ void ieee80211_csa_finalize_work(struct work_struct *work)
        struct ieee80211_local *local = sdata->local;
        int err, changed = 0;
+        sdata_lock(sdata);
+        /* AP might have been stopped while waiting for the lock. */
+        if (!sdata->vif.csa_active)
+                goto unlock;
        if (!ieee80211_sdata_running(sdata))
-                return;
+                goto unlock;
        sdata->radar_required = sdata->csa_radar_required;
        err = ieee80211_vif_change_channel(sdata, &changed);
        if (WARN_ON(err < 0))
-                return;
+                goto unlock;
        if (!local->use_chanctx) {
                local->_oper_chandef = sdata->csa_chandef;
@@ -3003,11 +3008,13 @@ void ieee80211_csa_finalize_work(struct work_struct *work)
        ieee80211_bss_info_change_notify(sdata, changed);
+        sdata->vif.csa_active = false;
        switch (sdata->vif.type) {
        case NL80211_IFTYPE_AP:
                err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
                if (err < 0)
-                        return;
+                        goto unlock;
                changed |= err;
                kfree(sdata->u.ap.next_beacon);
                sdata->u.ap.next_beacon = NULL;
@@ -3021,20 +3028,22 @@ void ieee80211_csa_finalize_work(struct work_struct *work)
        case NL80211_IFTYPE_MESH_POINT:
                err = ieee80211_mesh_finish_csa(sdata);
                if (err < 0)
-                        return;
+                        goto unlock;
                break;
 #endif
        default:
                WARN_ON(1);
-                return;
+                goto unlock;
        }
-        sdata->vif.csa_active = false;
        ieee80211_wake_queues_by_reason(&sdata->local->hw,
                                        IEEE80211_MAX_QUEUE_MAP,
                                        IEEE80211_QUEUE_STOP_REASON_CSA);
        cfg80211_ch_switch_notify(sdata->dev, &sdata->csa_chandef);
+unlock:
+        sdata_unlock(sdata);
 }
 static int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
author	Simon Wunderlich <sw@simonwunderlich.de>	2013-11-21 12:19:51 -0500
committer	Johannes Berg <johannes.berg@intel.com>	2013-12-02 05:51:54 -0500
commit	e487eaeb076a44c69dc61348cbc903151bb8fcbd (patch)
tree	715d57f18ec0f3e3565a711f43248a3b8c8a42eb /net/mac80211
parent	7ca133bc7f9dd5cee2b469eb917bd352be80a690 (diff)