commit 5b2812e925c8e976852867f8d760637c5926d817
author Johannes Berg <johannes@sipsolutions.net> Wed Sep 26 14:27:23 2007 +0200
committer David S. Miller <davem@sunset.davemloft.net> Wed Oct 10 16:53:11 2007 -0700
tree 5e8ba3ec4fa8273822334eb64bb899a0b3afcbd3
parent b4219952356baa162368f2f5dab6421a5dbc5e15

[PATCH] mac80211: fix interface initialisation and deinitialisation

When an interface is registered it is still uninitialised so
ieee80211_if_reinit() can't be called on it (it will oops.)
Hence, we need to move the uninit method assignment.

Also, this patch fixes the bug that the master device is never
initialised nor deinitialised at all. Oddly, the deinit code
had an if statement to not run some code when running for the
master interface (which never happened), but that if statement
is also wrong. Fix that too.

Now that the uninit code is run for the master device, another
bug surfaced: it tries to remove all dependent interfaces and
that oopses or BUGs at some point, either because it unregisters
already unregistered interfaces (missing list_del bug) or due
to trying to iterate a list that has had other things removed.
Fix this too by handling the master interface specially.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

net/mac80211/ieee80211.c

diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index ccf8463..5263819 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -265,7 +265,6 @@
 	dev->open = ieee80211_mgmt_open;
 	dev->stop = ieee80211_mgmt_stop;
 	dev->type = ARPHRD_IEEE80211_PRISM;
-	dev->uninit = ieee80211_if_reinit;
 	dev->destructor = ieee80211_if_free;
 }
 
@@ -551,7 +550,6 @@
 	dev->change_mtu = ieee80211_change_mtu;
 	dev->open = ieee80211_open;
 	dev->stop = ieee80211_stop;
-	dev->uninit = ieee80211_if_reinit;
 	dev->destructor = ieee80211_if_free;
 }
 
@@ -1242,6 +1240,7 @@
 		goto fail_dev;
 
 	ieee80211_debugfs_add_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
+	ieee80211_if_set_type(local->mdev, IEEE80211_IF_TYPE_AP);
 
 	result = ieee80211_init_rate_ctrl_alg(local, NULL);
 	if (result < 0) {
@@ -1346,8 +1345,22 @@
 	 * because the driver cannot be handing us frames any
 	 * more and the tasklet is killed.
 	 */
-	list_for_each_entry_safe(sdata, tmp, &local->interfaces, list)
+
+	/*
+	 * First, we remove all non-master interfaces. Do this because they
+	 * may have bss pointer dependency on the master, and when we free
+	 * the master these would be freed as well, breaking our list
+	 * iteration completely.
+	 */
+	list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
+		if (sdata->dev == local->mdev)
+			continue;
+		list_del(&sdata->list);
 		__ieee80211_if_del(local, sdata);
+	}
+
+	/* then, finally, remove the master interface */
+	__ieee80211_if_del(local, IEEE80211_DEV_TO_SUB_IF(local->mdev));
 
 	rtnl_unlock();