From: Johannes Berg Date: Wed, 20 Jun 2012 18:11:33 +0000 (+0200) Subject: mac80211: fix double-start of remain-on-channel X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0f6b3f597daab2254614e2773e322e73fb1b6f4b;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git mac80211: fix double-start of remain-on-channel When a remain-on-channel item is deleted, we remove it from the list and then start the next item. However, if it wasn't actually the first item then calling ieee80211_start_next_roc() is wrong as it will start the first item -- even if that was already started. Fix the two places that do this and add a warning to prevent the problem from reoccurring. Reported-by: Eliad Peller Signed-off-by: Johannes Berg --- diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index a6abcd473434..03aff23c70fd 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2362,7 +2362,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, list_del(&found->list); - ieee80211_start_next_roc(local); + if (found->started) + ieee80211_start_next_roc(local); mutex_unlock(&local->mtx); ieee80211_roc_notify_destroy(found); diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index febce7fb7bb1..7f93626ddc61 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c @@ -262,6 +262,9 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, list); + if (WARN_ON_ONCE(roc->started)) + return; + if (local->ops->remain_on_channel) { int ret, duration = roc->duration; @@ -377,7 +380,8 @@ void ieee80211_sw_roc_work(struct work_struct *work) ieee80211_recalc_idle(local); - ieee80211_start_next_roc(local); + if (roc->started) + ieee80211_start_next_roc(local); } out_unlock: