From patchwork Thu Apr 26 12:27:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Willi X-Patchwork-Id: 905047 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=strongswan.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="QED3mAu7"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40WxCx1qlcz9rxx for ; Thu, 26 Apr 2018 22:27:41 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:Subject:To: From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=8tUGRCuS75Qblj4jebukR81efZYZAcvPqbqLTdoZipA=; b=QED3mAu7yxp2Ne j3qAKxbpOmNX+M0ITmlnRqkzYUmHQSX87W09B996pQeQLq/Mlse9wsGaeJpyog85JGX6/ON1dz9Sb oPXV4mRc4snU/pEV3tVwz65J/n5OkfUWnGO0BXAcH/OnHOwgRw3niol50Zwt7w48w22bK04rNcK68 UPPwwUn4lLbwQvfR1MWhJY+Aht5RMG4AHkVYGAyLRyKB2uqXdJ3pIULrRbHYI/YKC4AxxkCRu73Po uhLsTO9UNMpPONqak9vHIWnczYNVAVIF6AWVpLn640TdoLTX5gzXrMOaNCmlq6IZlvhNpKmxFXP/m wiTAymd8jOPlDuH23iKA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fBfzq-0001UV-Sl; Thu, 26 Apr 2018 12:27:34 +0000 Received: from sitav-80046.hsr.ch ([152.96.80.46] helo=mail.strongswan.org) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fBfzn-0001Sv-Pp for hostap@lists.infradead.org; Thu, 26 Apr 2018 12:27:33 +0000 Received: from macbuntu.wlp.is (unknown [185.12.128.225]) by mail.strongswan.org (Postfix) with ESMTPSA id 1516240468 for ; Thu, 26 Apr 2018 14:28:03 +0200 (CEST) From: Martin Willi To: hostap@lists.infradead.org Subject: [PATCH] AP: Fix HT 20/40 co-ex transition timer cancellation on iface removal Date: Thu, 26 Apr 2018 14:27:05 +0200 Message-Id: <20180426122705.6057-1-martin@strongswan.org> X-Mailer: git-send-email 2.14.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180426_052731_999014_6BAC6385 X-CRM114-Status: GOOD ( 11.77 ) X-Spam-Score: -2.3 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [152.96.80.46 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org When removing an interface, hostapd_bss_deinit() frees all associated STAs. If any of the stations is 40MHz intolerant, the cleanup invokes ht40_intolerant_remove(), that in turn registers a 20->40MHz transition timer for the last station. That timer is never canceled; once it executes, the interface is gone, most likely resulting in a segfault when referencing it. While hostapd_interface_deinit() cancels the transition timer, it does so before cleaning up STAs. Move the cancellation after STA cleanup to cancel any timer that was registered during that operation. Signed-off-by: Martin Willi --- I'm not sure if this is the correct/best place for this cancellation, given that hostapd_bss_deinit() is called from other locations. This code path is rather easy to hit when using the ctrl interface, though. --- src/ap/hostapd.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index d2eb0441c..05956461c 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -2191,12 +2191,6 @@ void hostapd_interface_deinit(struct hostapd_iface *iface) hostapd_set_state(iface, HAPD_IFACE_DISABLED); -#ifdef CONFIG_IEEE80211N -#ifdef NEED_AP_MLME - hostapd_stop_setup_timers(iface); - eloop_cancel_timeout(ap_ht2040_timeout, iface, NULL); -#endif /* NEED_AP_MLME */ -#endif /* CONFIG_IEEE80211N */ eloop_cancel_timeout(channel_list_update_timeout, iface, NULL); iface->wait_channel_update = 0; @@ -2212,6 +2206,13 @@ void hostapd_interface_deinit(struct hostapd_iface *iface) break; hostapd_bss_deinit(iface->bss[j]); } + +#ifdef CONFIG_IEEE80211N +#ifdef NEED_AP_MLME + hostapd_stop_setup_timers(iface); + eloop_cancel_timeout(ap_ht2040_timeout, iface, NULL); +#endif /* NEED_AP_MLME */ +#endif /* CONFIG_IEEE80211N */ }