• Vasanthakumar Thiagarajan's avatar
    cfg80211: Fix race in bss timeout · adbde344
    Vasanthakumar Thiagarajan authored
    It is quite possible to run into a race in bss timeout where
    the drivers see the bss entry just before notifying cfg80211
    of a roaming event but it got timed out by the time rdev->event_work
    got scehduled from cfg80211_wq. This would result in the following
    WARN-ON() along with the failure to notify the user space of
    the roaming. The other situation which is happening with ath6kl
    that runs into issue is when the driver reports roam to same AP
    event where the AP bss entry already got expired. To fix this,
    move cfg80211_get_bss() from __cfg80211_roamed() to cfg80211_roamed().
    [158645.538384] WARNING: at net/wireless/sme.c:586
    [158645.538810] Call Trace:
    [158645.538838]  [<c1033527>] warn_slowpath_common+0x65/0x7a
    [158645.538917]  [<c14cfacf>] ? __cfg80211_roamed+0xc2/0x1b1
    [158645.538946]  [<c103354b>] warn_slowpath_null+0xf/0x13
    [158645.539055]  [<c14cfacf>] __cfg80211_roamed+0xc2/0x1b1
    [158645.539086]  [<c14beb5b>] cfg80211_process_rdev_events+0x153/0x1cc
    [158645.539166]  [<c14bd57b>] cfg80211_event_work+0x26/0x36
    [158645.539195]  [<c10482ae>] process_one_work+0x219/0x38b
    [158645.539273]  [<c14bd555>] ? wiphy_new+0x419/0x419
    [158645.539301]  [<c10486cb>] worker_thread+0xf6/0x1bf
    [158645.539379]  [<c10485d5>] ? rescuer_thread+0x1b5/0x1b5
    [158645.539407]  [<c104b3e2>] kthread+0x62/0x67
    [158645.539484]  [<c104b380>] ? __init_kthread_worker+0x42/0x42
    [158645.539514]  [<c151309a>] kernel_thread_helper+0x6/0xd
    Reported-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
    Signed-off-by: default avatarVasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
    Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
core.h 15 KB