From 00ac69ac3bca328581e479cfa7b80613db943f80 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Mon, 21 Jan 2019 12:22:21 +0200 Subject: [PATCH] UPSTREAM: cfg80211: Properly track transmitting and non-transmitting BSS When holding data of the non-transmitting BSS, we need to keep the transmitting BSS data on. Otherwise it will be released, and release the non-transmitting BSS with it. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg (cherry picked from commit a3584f56de1c808d4383a275b4a74467b19e5645) Bug: 154523213 Signed-off-by: Connor O'Brien Change-Id: I685a4cd474798df51137b974e80f7bba93f13c74 --- net/wireless/core.h | 12 ++++++++++++ net/wireless/scan.c | 36 ++++++++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/net/wireless/core.h b/net/wireless/core.h index 3cb6fa4939c0..e3f7ada0caec 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -142,6 +142,7 @@ struct cfg80211_internal_bss { struct list_head list; struct list_head hidden_list; struct list_head nontrans_list; + struct cfg80211_bss *transmitted_bss; struct rb_node rbn; u64 ts_boottime; unsigned long ts; @@ -172,12 +173,23 @@ static inline struct cfg80211_internal_bss *bss_from_pub(struct cfg80211_bss *pu static inline void cfg80211_hold_bss(struct cfg80211_internal_bss *bss) { atomic_inc(&bss->hold); + if (bss->transmitted_bss) { + bss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, pub); + atomic_inc(&bss->hold); + } } static inline void cfg80211_unhold_bss(struct cfg80211_internal_bss *bss) { int r = atomic_dec_return(&bss->hold); WARN_ON(r < 0); + if (bss->transmitted_bss) { + bss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, pub); + r = atomic_dec_return(&bss->hold); + WARN_ON(r < 0); + } } diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 0b4c19c0338c..5efc86c3d4e6 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -110,6 +110,12 @@ static inline void bss_ref_get(struct cfg80211_registered_device *rdev, pub); bss->refcount++; } + if (bss->transmitted_bss) { + bss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, + pub); + bss->refcount++; + } } static inline void bss_ref_put(struct cfg80211_registered_device *rdev, @@ -126,6 +132,18 @@ static inline void bss_ref_put(struct cfg80211_registered_device *rdev, if (hbss->refcount == 0) bss_free(hbss); } + + if (bss->transmitted_bss) { + struct cfg80211_internal_bss *tbss; + + tbss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, + pub); + tbss->refcount--; + if (tbss->refcount == 0) + bss_free(tbss); + } + bss->refcount--; if (bss->refcount == 0) bss_free(bss); @@ -1029,6 +1047,7 @@ static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev, static struct cfg80211_internal_bss * cfg80211_bss_update(struct cfg80211_registered_device *rdev, struct cfg80211_internal_bss *tmp, + struct cfg80211_bss *trans_bss, bool signal_valid) { struct cfg80211_internal_bss *found = NULL; @@ -1186,6 +1205,17 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, goto drop; } + /* This must be before the call to bss_ref_get */ + if (trans_bss) { + struct cfg80211_internal_bss *pbss = + container_of(trans_bss, + struct cfg80211_internal_bss, + pub); + + new->transmitted_bss = trans_bss; + bss_ref_get(rdev, pbss); + } + list_add_tail(&new->list, &rdev->bss_list); rdev->bss_entries++; rb_insert_bss(rdev, new); @@ -1341,7 +1371,8 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, signal_valid = abs(data->chan->center_freq - channel->center_freq) <= wiphy->max_adj_channel_rssi_comp; - res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); + res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, trans_bss, + signal_valid); if (!res) return NULL; @@ -1644,7 +1675,8 @@ cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy, signal_valid = abs(data->chan->center_freq - channel->center_freq) <= wiphy->max_adj_channel_rssi_comp; - res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); + res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, trans_bss, + signal_valid); if (!res) return NULL;