On Fri, Oct 12, 2012 at 1:13 PM, Stanislaw Gruszka <sgruszka@xxxxxxxxxx> wrote: > On Tue, Oct 09, 2012 at 10:14:40AM +0100, Pedro Francisco wrote: >> So, I'm guessing this means it is related to what you found on iwlwifi >> (even if I'm on iwlegacy)? > > Yes, this seems to be cfg80211 problem. I think crash happen because > cfg80211 is in disassociate state (i.e. has wdev->current_bss NULL) and > erroneously mac80211 stays in associate state. So while we unload > module cfg80211_mlme_down() we do not call ieee80211_deauth(). > > I think this state mishmash happens because wrong behaviour on > __cfg80211_mlme_deauth(). Below patch try to correct that. > Can you check if it prevent a crash? On my environment I can > not reproduce this problem reliably. > > Thanks > Stanislaw > > diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h > index ab78b53..9b99b60 100644 > --- a/include/net/cfg80211.h > +++ b/include/net/cfg80211.h > @@ -1218,6 +1218,7 @@ struct cfg80211_deauth_request { > const u8 *ie; > size_t ie_len; > u16 reason_code; > + bool local_state_change; > }; > > /** > diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c > index e714ed8..e510a33 100644 > --- a/net/mac80211/mlme.c > +++ b/net/mac80211/mlme.c > @@ -3549,6 +3549,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, > { > struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; > u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; > + bool tx = !req->local_state_change; > > mutex_lock(&ifmgd->mtx); > > @@ -3565,12 +3566,12 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, > if (ifmgd->associated && > ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { > ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, > - req->reason_code, true, frame_buf); > + req->reason_code, tx, frame_buf); > } else { > drv_mgd_prepare_tx(sdata->local, sdata); > ieee80211_send_deauth_disassoc(sdata, req->bssid, > IEEE80211_STYPE_DEAUTH, > - req->reason_code, true, > + req->reason_code, tx, > frame_buf); > } > > diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c > index 3df195a..4954010 100644 > --- a/net/wireless/mlme.c > +++ b/net/wireless/mlme.c > @@ -457,21 +457,11 @@ int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, > .reason_code = reason, > .ie = ie, > .ie_len = ie_len, > + .local_state_change = local_state_change, > }; > > ASSERT_WDEV_LOCK(wdev); > > - if (local_state_change) { > - if (wdev->current_bss && > - ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) { > - cfg80211_unhold_bss(wdev->current_bss); > - cfg80211_put_bss(&wdev->current_bss->pub); > - wdev->current_bss = NULL; > - } > - > - return 0; > - } > - > return rdev->ops->deauth(&rdev->wiphy, dev, &req); > } > I've been testing the patch since this morning (GMT), I can't reproduce any of the issues I referred on this thread (had to adapt the patch slightly, though). Seems to be fixed! Thank you for your help! -- Pedro Francisco
Attachment:
mlme-timers-fedora-3.6.1-fc17-kernel.patch
Description: Binary data