Commit 3207390a authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

cfg80211: fix BSS double-unlinking

When multiple interfaces are actively trying
to associate with the same BSS, they may both
find that the BSS isn't there and then try to
unlink it. This can cause errors since the
unlinking code can't currently deal with items
that have already been unlinked.

Normally this doesn't happen as most people
don't try to use multiple station interfaces
that associate at the same time too.

Fix this by using the list entry as a flag to
see if the item is still on a list.

Cc: stable@kernel.org
Reported-by: default avatarBen Greear <greearb@candelatech.com>
Tested-by: default avatarHun-Kyi Wynn <hkwynn@candelatech.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent b206b4ef
...@@ -650,14 +650,14 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) ...@@ -650,14 +650,14 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
bss = container_of(pub, struct cfg80211_internal_bss, pub); bss = container_of(pub, struct cfg80211_internal_bss, pub);
spin_lock_bh(&dev->bss_lock); spin_lock_bh(&dev->bss_lock);
if (!list_empty(&bss->list)) {
list_del_init(&bss->list);
dev->bss_generation++;
rb_erase(&bss->rbn, &dev->bss_tree);
list_del(&bss->list); kref_put(&bss->ref, bss_release);
dev->bss_generation++; }
rb_erase(&bss->rbn, &dev->bss_tree);
spin_unlock_bh(&dev->bss_lock); spin_unlock_bh(&dev->bss_lock);
kref_put(&bss->ref, bss_release);
} }
EXPORT_SYMBOL(cfg80211_unlink_bss); EXPORT_SYMBOL(cfg80211_unlink_bss);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment