lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mac80211: fix sta_info mesh timer bug

Browse Source 
I noticed a bug I introduced when mesh is enabled: sta_info_destroy()
will end up calling cancel_timer() on a timer that has never been
initialized because the timer is only initialized in mesh_plink_alloc(),
not in sta_info_alloc(). This patch moves the initialization of all mesh
related fields into sta_info_alloc(), adds a bit of sanity checking to
the cfg80211 handlers and sta_info_insert() and makes mesh_plink_alloc()
a static helper function that is only used from the mesh plink code.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: Luis Carlos Cobo <luisca@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Johannes Berg
2008-02-27 09:56:40 +01:00
committed by John W. Linville
parent dbbea6713d
commit 03e4497ebe
4 changed files with 37 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
net/mac80211/cfg.c
View File

@@ -17,8 +17,6 @@
#include "ieee80211_rate.h" #include "ieee80211_rate.h"
#include "mesh.h" #include "mesh.h"
#define DEFAULT_RATES 0
static enum ieee80211_if_types static enum ieee80211_if_types
nl80211_type_to_mac80211_type(enum nl80211_iftype type) nl80211_type_to_mac80211_type(enum nl80211_iftype type)
{ {
@@ -654,10 +652,13 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
} else } else
sdata = IEEE80211_DEV_TO_SUB_IF(dev); sdata = IEEE80211_DEV_TO_SUB_IF(dev);
if (ieee80211_vif_is_mesh(&sdata->vif)) if (compare_ether_addr(mac, dev->dev_addr) == 0)
sta = mesh_plink_alloc(sdata, mac, DEFAULT_RATES, GFP_KERNEL); return -EINVAL;
else
sta = sta_info_alloc(sdata, mac, GFP_KERNEL); if (is_multicast_ether_addr(mac))
return -EINVAL;
sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
if (!sta) if (!sta)
return -ENOMEM; return -ENOMEM;

2
net/mac80211/mesh.h
View File

@@ -232,8 +232,6 @@ void mesh_neighbour_update(u8 *hw_addr, u64 rates, struct net_device *dev,
bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie, bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie,
struct net_device *dev); struct net_device *dev);
void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata); void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata);
struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
u8 *hw_addr, u64 rates, gfp_t gfp);
void mesh_plink_broken(struct sta_info *sta); void mesh_plink_broken(struct sta_info *sta);
void mesh_plink_deactivate(struct sta_info *sta); void mesh_plink_deactivate(struct sta_info *sta);
int mesh_plink_open(struct sta_info *sta); int mesh_plink_open(struct sta_info *sta);

31
net/mac80211/mesh_plink.c
View File

@@ -88,40 +88,19 @@ static inline void mesh_plink_fsm_restart(struct sta_info *sta)
sta->llid = sta->plid = sta->reason = sta->plink_retries = 0; sta->llid = sta->plid = sta->reason = sta->plink_retries = 0;
} }
/** static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
* mesh_plink_alloc - allocate a new mesh peer link u8 *hw_addr, u64 rates)
*
* @sdata: local mesh interface
* @hw_addr: hardware address (ETH_ALEN length)
* @rates: rates the mesh peer supports
*
* The initial state of the new plink is set to LISTEN
*
* Returns: NULL on error.
*/
struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
u8 *hw_addr, u64 rates, gfp_t gfp)
{ {
struct ieee80211_local *local = sdata->local; struct ieee80211_local *local = sdata->local;
struct sta_info *sta; struct sta_info *sta;
if (compare_ether_addr(hw_addr, sdata->dev->dev_addr) == 0)
/* never add ourselves as neighbours */
return NULL;
if (is_multicast_ether_addr(hw_addr))
return NULL;
if (local->num_sta >= MESH_MAX_PLINKS) if (local->num_sta >= MESH_MAX_PLINKS)
return NULL; return NULL;
sta = sta_info_alloc(sdata, hw_addr, gfp); sta = sta_info_alloc(sdata, hw_addr, GFP_ATOMIC);
if (!sta) if (!sta)
return NULL; return NULL;
sta->plink_state = LISTEN;
spin_lock_init(&sta->plink_lock);
init_timer(&sta->plink_timer);
sta->flags |= WLAN_STA_AUTHORIZED; sta->flags |= WLAN_STA_AUTHORIZED;
sta->supp_rates[local->hw.conf.channel->band] = rates; sta->supp_rates[local->hw.conf.channel->band] = rates;
@@ -249,7 +228,7 @@ void mesh_neighbour_update(u8 *hw_addr, u64 rates, struct net_device *dev,
sta = sta_info_get(local, hw_addr); sta = sta_info_get(local, hw_addr);
if (!sta) { if (!sta) {
sta = mesh_plink_alloc(sdata, hw_addr, rates, GFP_ATOMIC); sta = mesh_plink_alloc(sdata, hw_addr, rates);
if (!sta) { if (!sta) {
rcu_read_unlock(); rcu_read_unlock();
return; return;
@@ -518,7 +497,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
} }
rates = ieee80211_sta_get_rates(local, &elems, rx_status->band); rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
sta = mesh_plink_alloc(sdata, mgmt->sa, rates, GFP_ATOMIC); sta = mesh_plink_alloc(sdata, mgmt->sa, rates);
if (!sta) { if (!sta) {
mpl_dbg("Mesh plink error: plink table full\n"); mpl_dbg("Mesh plink error: plink table full\n");
rcu_read_unlock(); rcu_read_unlock();

33
net/mac80211/sta_info.c
View File

@@ -31,13 +31,12 @@
* for faster lookup and a list for iteration. They are managed using * for faster lookup and a list for iteration. They are managed using
* RCU, i.e. access to the list and hash table is protected by RCU. * RCU, i.e. access to the list and hash table is protected by RCU.
* *
* Upon allocating a STA info structure with sta_info_alloc() or * Upon allocating a STA info structure with sta_info_alloc(), the caller owns
* mesh_plink_alloc(), the caller owns that structure. It must then either * that structure. It must then either destroy it using sta_info_destroy()
* destroy it using sta_info_destroy() (which is pretty useless) or insert * (which is pretty useless) or insert it into the hash table using
* it into the hash table using sta_info_insert() which demotes the reference * sta_info_insert() which demotes the reference from ownership to a regular
* from ownership to a regular RCU-protected reference; if the function * RCU-protected reference; if the function is called without protection by an
* is called without protection by an RCU critical section the reference * RCU critical section the reference is instantly invalidated.
* is instantly invalidated.
* *
* Because there are debugfs entries for each station, and adding those * Because there are debugfs entries for each station, and adding those
* must be able to sleep, it is also possible to "pin" a station entry, * must be able to sleep, it is also possible to "pin" a station entry,
@@ -248,6 +247,12 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr)); wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr));
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
#ifdef CONFIG_MAC80211_MESH
sta->plink_state = LISTEN;
spin_lock_init(&sta->plink_lock);
init_timer(&sta->plink_timer);
#endif
return sta; return sta;
} }
@@ -258,7 +263,19 @@ int sta_info_insert(struct sta_info *sta)
unsigned long flags; unsigned long flags;
DECLARE_MAC_BUF(mac); DECLARE_MAC_BUF(mac);
WARN_ON(!netif_running(sdata->dev)); /*
* Can't be a WARN_ON because it can be triggered through a race:
* something inserts a STA (on one CPU) without holding the RTNL
* and another CPU turns off the net device.
*/
if (unlikely(!netif_running(sdata->dev)))
return -ENETDOWN;
if (WARN_ON(compare_ether_addr(sta->addr, sdata->dev->dev_addr) == 0))
return -EINVAL;
if (WARN_ON(is_multicast_ether_addr(sta->addr)))
return -EINVAL;
spin_lock_irqsave(&local->sta_lock, flags); spin_lock_irqsave(&local->sta_lock, flags);
/* check if STA exists already */ /* check if STA exists already */