From 79ebfb85d4ad3495d70124a249a1096ab6396c05 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 20 Feb 2012 14:19:58 +0100 Subject: mac80211: fix associated vs. idle race Eliad reports that if a scan finishes in the middle of processing associated (however it happens), the interface can go idle. This is because we set assoc_data to NULL before we set associated. Change the order so any idle check will find either one of them. Doing this requires duplicating the TX sync processing, but I already have a patch to delete that completely and will submit that as soon as my driver changes to no longer require it are submitted. Reported-by: Eliad Peller Tested-by: Eliad Peller Signed-off-by: Johannes Berg Signed-off-by: John W. Linville diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 586d4fb..1495fb9 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -2238,14 +2238,28 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, } else { printk(KERN_DEBUG "%s: associated\n", sdata->name); - ieee80211_destroy_assoc_data(sdata, true); + /* tell driver about sync done first */ + if (assoc_data->synced) { + drv_finish_tx_sync(sdata->local, sdata, + assoc_data->bss->bssid, + IEEE80211_TX_SYNC_ASSOC); + assoc_data->synced = false; + } if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { /* oops -- internal error -- send timeout for now */ + ieee80211_destroy_assoc_data(sdata, true); sta_info_destroy_addr(sdata, mgmt->bssid); cfg80211_put_bss(*bss); return RX_MGMT_CFG80211_ASSOC_TIMEOUT; } + + /* + * destroy assoc_data afterwards, as otherwise an idle + * recalc after assoc_data is NULL but before associated + * is set can cause the interface to go idle + */ + ieee80211_destroy_assoc_data(sdata, true); } return RX_MGMT_CFG80211_RX_ASSOC; -- cgit v0.10.2