Return-path: Received: from pne-smtpout2-sn1.fre.skanova.net ([81.228.11.159]:46720 "EHLO pne-smtpout2-sn1.fre.skanova.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751471AbYH1PvG (ORCPT ); Thu, 28 Aug 2008 11:51:06 -0400 From: "Lars Ericsson" To: , Subject: Race problem in mac80211/mlme.c and rt2x00 Date: Thu, 28 Aug 2008 17:51:08 +0200 Message-ID: <017001c90925$e31d54c0$0b3ca8c0@gotws1589> (sfid-20080828_175109_886660_8E4D73FA) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: linux-wireless-owner@vger.kernel.org List-ID: Hi, I have found a race problem in mac80211/mlme.c and rt2x00 When the wpa_supplicant trigs an AP scan, mlme saves current configuration and start scanning. When the scan is complete, a SIOCGIWSCAN is sent and the saved configuration is restored. Since the SIOCGIWSCAN signal is send before the restore, a wpa_supplicant initiated SIWFREQ may hit the restore operation. The result is that local->ops->config() may be called by two different processes at the 'same' time. In the rt2x00 driver, rt2x00mac_config() may 'optimise' (skip) the channel set operation. The ultimate result/error is that the first authentication will happen on wrong (old) channel. I have moved the SIOCGIWSCAN code section after the restore operation and it seems to work. There is most likely a better solution but I leave that for the experts :) /Lars