mac80211: fix double-start of remain-on-channel When a remain-on-channel item is deleted, we remove it from the list and then start the next item. However, if it wasn't actually the first item then calling ieee80211_start_next_roc() is wrong as it will start the first item -- even if that was already started. Fix the two places that do this and add a warning to prevent the problem from reoccurring. Reported-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>

commit: 0f6b3f597daab2254614e2773e322e73fb1b6f4b [log] [tgz]
author: Johannes Berg <johannes.berg@intel.com> Wed Jun 20 20:11:33 2012 +0200
committer: Johannes Berg <johannes.berg@intel.com> Wed Jun 20 20:12:12 2012 +0200
tree: 88a4d19016a1564598e9e083444d1948dae5c99d
parent: 3bfda62c50b0a4b118dcfce36686508ca2892292 [diff] [blame]
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index febce7f..7f93626 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c

@@ -262,6 +262,9 @@
 	roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
 			       list);
 
+	if (WARN_ON_ONCE(roc->started))
+		return;
+
 	if (local->ops->remain_on_channel) {
 		int ret, duration = roc->duration;
 
@@ -377,7 +380,8 @@
 
 		ieee80211_recalc_idle(local);
 
-		ieee80211_start_next_roc(local);
+		if (roc->started)
+			ieee80211_start_next_roc(local);
 	}
 
  out_unlock:
commit	0f6b3f597daab2254614e2773e322e73fb1b6f4b	[log] [tgz]
author	Johannes Berg <johannes.berg@intel.com>	Wed Jun 20 20:11:33 2012 +0200
committer	Johannes Berg <johannes.berg@intel.com>	Wed Jun 20 20:12:12 2012 +0200
tree	88a4d19016a1564598e9e083444d1948dae5c99d
parent	3bfda62c50b0a4b118dcfce36686508ca2892292 [diff] [blame]