> #ifdef CONFIG_MAC80211_MESH
> case NL80211_IFTYPE_MESH_POINT:
> @@ -3159,12 +3208,18 @@ int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
> if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_NONE)
> ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_INIT;
>
> - err = ieee80211_mesh_csa_beacon(sdata, params,
> - (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT));
> - if (err < 0) {
> - ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
> - return err;
> + if (params->count > 1) {
> + err = ieee80211_mesh_csa_beacon(sdata, params);
> + if (err < 0) {
> + ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
> + return err;
> + }
> + changed |= err;
> }
Since the ieee80211_mesh_csa_beacon is not called, the kfree_rcu of
tmp_csa_settings in ieee80211_mesh_finish_csa has caused kernel oops.
Anyway, I would like to suggest if the params->count is less than 1,
the mesh channel switch is not triggered since there maybe mesh STA
located two hops away from the initiator.
if (params->count > 1) {
.....
} else
return -EINVAL;
> +
> + if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT)
> + ieee80211_send_action_csa(sdata, params);
> +
> break;
----
Chun-Yeow
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
