On Wed, 2013-12-04 at 17:45 +0800, Yeoh Chun-Yeow wrote:
> On Wed, Dec 4, 2013 at 5:35 PM, Yeoh Chun-Yeow <yeohchunyeow@xxxxxxxxx> wrote:
> >> #ifdef CONFIG_MAC80211_MESH
> >> case NL80211_IFTYPE_MESH_POINT:
> >> @@ -3159,12 +3208,18 @@ int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
> >> if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_NONE)
> >> ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_INIT;
> >>
> >> - err = ieee80211_mesh_csa_beacon(sdata, params,
> >> - (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT));
> >> - if (err < 0) {
> >> - ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
> >> - return err;
> >> + if (params->count > 1) {
> >> + err = ieee80211_mesh_csa_beacon(sdata, params);
> >> + if (err < 0) {
> >> + ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
> >> + return err;
> >> + }
> >> + changed |= err;
> >> }
> >
> > Since the ieee80211_mesh_csa_beacon is not called, the kfree_rcu of
> > tmp_csa_settings in ieee80211_mesh_finish_csa has caused kernel oops.
Ugh, right, my bad.
> > Anyway, I would like to suggest if the params->count is less than 1,
> > the mesh channel switch is not triggered since there maybe mesh STA
> > located two hops away from the initiator.
> >
> > if (params->count > 1) {
> > .....
> > } else
> > return -EINVAL;
>
> maybe try to push the checking of params->count earlier, such as follow:
>
> if (params->count < 2)
> return -EINVAL;
Actually, I just looked at the specs again and the count value for mesh
is completely different. Instead of specifying the number of TBTTs
until the switch happens, it specifies the time in TUs until the switch
happens and 0 means at any time after the frame was sent (the same as
with nonmesh). In our implementation, we just decrease the count on
every beacon, which is wrong in the mesh case.
The count implementation for mesh is bogus. We need to fix that.
What if, for now, I just fix the oops because of the rcu_derefence when
the rcu is not initialized and we fix the count implementation later?
Thanks a lot for testing!
--
Cheers,
Luca.
��.n��������+%�������w��{.n�����{����zW����ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f
