From 0f6b3f597daab2254614e2773e322e73fb1b6f4b Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 20 Jun 2012 20:11:33 +0200 Subject: mac80211: fix double-start of remain-on-channel When a remain-on-channel item is deleted, we remove it from the list and then start the next item. However, if it wasn't actually the first item then calling ieee80211_start_next_roc() is wrong as it will start the first item -- even if that was already started. Fix the two places that do this and add a warning to prevent the problem from reoccurring. Reported-by: Eliad Peller Signed-off-by: Johannes Berg --- net/mac80211/offchannel.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'net/mac80211/offchannel.c') diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index febce7fb7bb..7f93626ddc6 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c @@ -262,6 +262,9 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, list); + if (WARN_ON_ONCE(roc->started)) + return; + if (local->ops->remain_on_channel) { int ret, duration = roc->duration; @@ -377,7 +380,8 @@ void ieee80211_sw_roc_work(struct work_struct *work) ieee80211_recalc_idle(local); - ieee80211_start_next_roc(local); + if (roc->started) + ieee80211_start_next_roc(local); } out_unlock: -- cgit v1.2.3-70-g09d2