The current (new) code recalculates the new work timeout
for software remain-on-channel whenever any item started.
In two of the callers of ieee80211_handle_roc_started(),
this is completely pointless since they're for hardware
and will skip the recalculation entirely; it's necessary
only in the case of having just added a new item to the
list, as in the last remaining case the recalculation had
just been done.
This last case, however, is also problematic - if one of
the items on the list actually expires during the recalc
the list iteration outside becomes corrupted and crashes.
Fix this by moving the recalculation to the only place
where it's required.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
unsigned long start_time)
{
- struct ieee80211_local *local = roc->sdata->local;
-
if (WARN_ON(roc->notified))
return;
}
roc->notified = true;
-
- if (!local->ops->remain_on_channel)
- ieee80211_recalc_sw_work(local, start_time);
}
static void ieee80211_hw_roc_start(struct work_struct *work)
queued = true;
roc->on_channel = tmp->on_channel;
ieee80211_handle_roc_started(roc, now);
+ ieee80211_recalc_sw_work(local, now);
break;
}