Commit 58905ca5 authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

mac80211: fix scan channel race

When a software scan starts, it first sets sw_scanning, but
leaves the scan_channel "unset" (it currently actually gets
initialised to a default). Now, when something else tries
to (re)configure the hardware in the window between these two
events (after sw_scanning = true, but before scan_channel is
set), the current code switches to the (unset!) scan_channel.
This causes trouble, especially when switching bands and
sending frames on the wrong channel.

To work around this, leave scan_channel initialised to NULL
and use it to determine whether or not a switch to a different
channel should occur (and also use the same condition to check
whether to adjust power for scan or not).

Additionally, avoid reconfiguring the hardware completely when
recalculating idle resulted in no changes, this was the problem
that originally led us to discover the race condition in the
first place, which was helpfully bisected by Pavel. This part
of the patch should not be necessary with the other fixes, but
not calling the ieee80211_hw_config function when we know it to
be unnecessary is certainly a correct thing to do.

Unfortunately, this patch cannot and does not fix the race
condition completely, but due to the way the scan code is
structured it makes the particular problem Pavel discovered
(race while changing channel at the same time as transmitting
frames) go away. To fix it completely, more work especially
with locking configuration is needed.
Bisected-by: default avatarPavel Roskin <proski@gnu.org>
Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 02018b39
...@@ -964,5 +964,6 @@ void ieee80211_recalc_idle(struct ieee80211_local *local) ...@@ -964,5 +964,6 @@ void ieee80211_recalc_idle(struct ieee80211_local *local)
mutex_lock(&local->iflist_mtx); mutex_lock(&local->iflist_mtx);
chg = __ieee80211_recalc_idle(local); chg = __ieee80211_recalc_idle(local);
mutex_unlock(&local->iflist_mtx); mutex_unlock(&local->iflist_mtx);
if (chg)
ieee80211_hw_config(local, chg); ieee80211_hw_config(local, chg);
} }
...@@ -154,15 +154,17 @@ static void ieee80211_master_set_multicast_list(struct net_device *dev) ...@@ -154,15 +154,17 @@ static void ieee80211_master_set_multicast_list(struct net_device *dev)
int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
{ {
struct ieee80211_channel *chan; struct ieee80211_channel *chan, *scan_chan;
int ret = 0; int ret = 0;
int power; int power;
enum nl80211_channel_type channel_type; enum nl80211_channel_type channel_type;
might_sleep(); might_sleep();
if (local->sw_scanning) { scan_chan = local->scan_channel;
chan = local->scan_channel;
if (scan_chan) {
chan = scan_chan;
channel_type = NL80211_CHAN_NO_HT; channel_type = NL80211_CHAN_NO_HT;
} else { } else {
chan = local->oper_channel; chan = local->oper_channel;
...@@ -176,7 +178,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) ...@@ -176,7 +178,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
changed |= IEEE80211_CONF_CHANGE_CHANNEL; changed |= IEEE80211_CONF_CHANGE_CHANNEL;
} }
if (local->sw_scanning) if (scan_chan)
power = chan->max_power; power = chan->max_power;
else else
power = local->power_constr_level ? power = local->power_constr_level ?
...@@ -859,8 +861,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) ...@@ -859,8 +861,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
if (!local->oper_channel) { if (!local->oper_channel) {
/* init channel we're on */ /* init channel we're on */
local->hw.conf.channel = local->hw.conf.channel =
local->oper_channel = local->oper_channel = &sband->channels[0];
local->scan_channel = &sband->channels[0]; local->hw.conf.channel_type = NL80211_CHAN_NO_HT;
} }
channels += sband->n_channels; channels += sband->n_channels;
......
...@@ -298,6 +298,7 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) ...@@ -298,6 +298,7 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
was_hw_scan = local->hw_scanning; was_hw_scan = local->hw_scanning;
local->hw_scanning = false; local->hw_scanning = false;
local->sw_scanning = false; local->sw_scanning = false;
local->scan_channel = NULL;
/* we only have to protect scan_req and hw/sw scan */ /* we only have to protect scan_req and hw/sw scan */
mutex_unlock(&local->scan_mtx); mutex_unlock(&local->scan_mtx);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment