mac80211 scan processing could get stuck if roc work for pending, but
not started when a scan request was deferred due to such roc item.
Normally the deferred scan would be started from
ieee80211_start_next_roc(), but ieee80211_sw_roc_work() calls that only
if the finished ROC was started. Fix this by calling
ieee80211_run_deferred_scan() in the case the last ROC was not actually
started.
This issue was hit relatively easily in P2P find operations where Listen
state (remain-on-channel) and Search state (scan) are repeated in a
loop.
Signed-off-by: Jouni Malinen <[email protected]>
---
net/mac80211/offchannel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index acd1f71..0c2a294 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -394,6 +394,8 @@ void ieee80211_sw_roc_work(struct work_struct *work)
if (started)
ieee80211_start_next_roc(local);
+ else if (list_empty(&local->roc_list))
+ ieee80211_run_deferred_scan(local);
}
out_unlock:
--
1.7.9.5
--
Jouni Malinen PGP id EFC895FA
On Mon, 2013-09-30 at 12:36 +0300, Jouni Malinen wrote:
> mac80211 scan processing could get stuck if roc work for pending, but
> not started when a scan request was deferred due to such roc item.
> Normally the deferred scan would be started from
> ieee80211_start_next_roc(), but ieee80211_sw_roc_work() calls that only
> if the finished ROC was started. Fix this by calling
> ieee80211_run_deferred_scan() in the case the last ROC was not actually
> started.
>
> This issue was hit relatively easily in P2P find operations where Listen
> state (remain-on-channel) and Search state (scan) are repeated in a
> loop.
Applied.
johannes