diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2014-01-22 04:14:19 -0500 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2014-02-06 03:55:19 -0500 |
| commit | f9d15d162b3acf28f85b3ac05c4883e5ed588d28 (patch) | |
| tree | 1c78c9fd0d81302190738d2778db000f9506e4fa /net/wireless/nl80211.c | |
| parent | a617302c531eaf497ccd02a61d380efc119ba999 (diff) | |
cfg80211: send scan results from work queue
Due to the previous commit, when a scan finishes, it is in theory
possible to hit the following sequence:
1. interface starts being removed
2. scan is cancelled by driver and cfg80211 is notified
3. scan done work is scheduled
4. interface is removed completely, rdev->scan_req is freed,
event sent to userspace but scan done work remains pending
5. new scan is requested on another virtual interface
6. scan done work runs, freeing the still-running scan
To fix this situation, hang on to the scan done message and block
new scans while that is the case, and only send the message from
the work function, regardless of whether the scan_req is already
freed from interface removal. This makes step 5 above impossible
and changes step 6 to be
5. scan done work runs, sending the scan done message
As this can't work for wext, so we send the message immediately,
but this shouldn't be an issue since we still return -EBUSY.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/wireless/nl80211.c')
| -rw-r--r-- | net/wireless/nl80211.c | 29 |
1 files changed, 10 insertions, 19 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 6ea960b1a8eb..4fe2e6e2bc76 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -5245,7 +5245,7 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) | |||
| 5245 | if (!rdev->ops->scan) | 5245 | if (!rdev->ops->scan) |
| 5246 | return -EOPNOTSUPP; | 5246 | return -EOPNOTSUPP; |
| 5247 | 5247 | ||
| 5248 | if (rdev->scan_req) { | 5248 | if (rdev->scan_req || rdev->scan_msg) { |
| 5249 | err = -EBUSY; | 5249 | err = -EBUSY; |
| 5250 | goto unlock; | 5250 | goto unlock; |
| 5251 | } | 5251 | } |
| @@ -10012,40 +10012,31 @@ void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, | |||
| 10012 | NL80211_MCGRP_SCAN, GFP_KERNEL); | 10012 | NL80211_MCGRP_SCAN, GFP_KERNEL); |
| 10013 | } | 10013 | } |
| 10014 | 10014 | ||
| 10015 | void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, | 10015 | struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, |
| 10016 | struct wireless_dev *wdev) | 10016 | struct wireless_dev *wdev, bool aborted) |
| 10017 | { | 10017 | { |
| 10018 | struct sk_buff *msg; | 10018 | struct sk_buff *msg; |
| 10019 | 10019 | ||
| 10020 | msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); | 10020 | msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); |
| 10021 | if (!msg) | 10021 | if (!msg) |
| 10022 | return; | 10022 | return NULL; |
| 10023 | 10023 | ||
| 10024 | if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, | 10024 | if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, |
| 10025 | NL80211_CMD_NEW_SCAN_RESULTS) < 0) { | 10025 | aborted ? NL80211_CMD_SCAN_ABORTED : |
| 10026 | NL80211_CMD_NEW_SCAN_RESULTS) < 0) { | ||
| 10026 | nlmsg_free(msg); | 10027 | nlmsg_free(msg); |
| 10027 | return; | 10028 | return NULL; |
| 10028 | } | 10029 | } |
| 10029 | 10030 | ||
| 10030 | genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, | 10031 | return msg; |
| 10031 | NL80211_MCGRP_SCAN, GFP_KERNEL); | ||
| 10032 | } | 10032 | } |
| 10033 | 10033 | ||
| 10034 | void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, | 10034 | void nl80211_send_scan_result(struct cfg80211_registered_device *rdev, |
| 10035 | struct wireless_dev *wdev) | 10035 | struct sk_buff *msg) |
| 10036 | { | 10036 | { |
| 10037 | struct sk_buff *msg; | ||
| 10038 | |||
| 10039 | msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); | ||
| 10040 | if (!msg) | 10037 | if (!msg) |
| 10041 | return; | 10038 | return; |
| 10042 | 10039 | ||
| 10043 | if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, | ||
| 10044 | NL80211_CMD_SCAN_ABORTED) < 0) { | ||
| 10045 | nlmsg_free(msg); | ||
| 10046 | return; | ||
| 10047 | } | ||
| 10048 | |||
| 10049 | genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, | 10040 | genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, |
| 10050 | NL80211_MCGRP_SCAN, GFP_KERNEL); | 10041 | NL80211_MCGRP_SCAN, GFP_KERNEL); |
| 10051 | } | 10042 | } |