From 79845c662eeb95c9a180b9bd0d3ad848ee65b94c Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 21 Oct 2013 11:33:35 +0200 Subject: cfg80211: fix scheduled scan pointer access Since rdev->sched_scan_req is dereferenced outside the lock protecting it, this might be done at the wrong time, causing crashes. Move the dereference to where it should be - inside the RTNL locked section. Cc: stable@vger.kernel.org [3.8+] Reviewed-by: Emmanuel Grumbach Signed-off-by: Johannes Berg diff --git a/net/wireless/scan.c b/net/wireless/scan.c index eeb7148..d4397eb 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -254,10 +254,10 @@ void __cfg80211_sched_scan_results(struct work_struct *wk) rdev = container_of(wk, struct cfg80211_registered_device, sched_scan_results_wk); - request = rdev->sched_scan_req; - rtnl_lock(); + request = rdev->sched_scan_req; + /* we don't have sched_scan_req anymore if the scan is stopping */ if (request) { if (request->flags & NL80211_SCAN_FLAG_FLUSH) { -- cgit v0.10.2 From c532a58b0fb4b2b3309e6b87bafb44f36808aa6f Mon Sep 17 00:00:00 2001 From: Michal Kazior Date: Thu, 17 Oct 2013 11:21:11 -0700 Subject: cfg80211: fix DFS channel recovery timeout The timeout was not properly converted from msecs to jiffies. As a result channel transition to NL80211_DFS_USABLE was delayed depending on CONFIG_HZ configuration, e.g. HZ=100 would delay the NOP from 30 minutes to 300 minutes. Signed-off-by: Michal Kazior Signed-off-by: Johannes Berg diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 8d49c1c..edfe6de 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -707,8 +707,8 @@ void cfg80211_dfs_channels_update_work(struct work_struct *work) if (c->dfs_state != NL80211_DFS_UNAVAILABLE) continue; - timeout = c->dfs_state_entered + - IEEE80211_DFS_MIN_NOP_TIME_MS; + timeout = c->dfs_state_entered + msecs_to_jiffies( + IEEE80211_DFS_MIN_NOP_TIME_MS); if (time_after_eq(jiffies, timeout)) { c->dfs_state = NL80211_DFS_USABLE; -- cgit v0.10.2 From bbe09bbcf4454e826e3fb08e87d81f32c0030658 Mon Sep 17 00:00:00 2001 From: Michal Kazior Date: Thu, 17 Oct 2013 11:21:12 -0700 Subject: cfg80211: update dfs_state_entered upon dfs_state change The timestamp wasn't updated after transitioning to the NL80211_DFS_USABLE state after NOP time. Signed-off-by: Michal Kazior Signed-off-by: Johannes Berg diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index edfe6de..6a6b1c8 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -712,6 +712,8 @@ void cfg80211_dfs_channels_update_work(struct work_struct *work) if (time_after_eq(jiffies, timeout)) { c->dfs_state = NL80211_DFS_USABLE; + c->dfs_state_entered = jiffies; + cfg80211_chandef_create(&chandef, c, NL80211_CHAN_NO_HT); -- cgit v0.10.2