linux/net/wireless
Johannes Berg 3bdb2d48c5 cfg80211: fix race between deauth and assoc response
Joseph Nahmias reported, in http://bugs.debian.org/562016,
that he was getting the following warning (with some log
around the issue):

  ath0: direct probe to AP 00:11:95:77:e0:b0 (try 1)
  ath0: direct probe responded
  ath0: authenticate with AP 00:11:95:77:e0:b0 (try 1)
  ath0: authenticated
  ath0: associate with AP 00:11:95:77:e0:b0 (try 1)
  ath0: deauthenticating from 00:11:95:77:e0:b0 by local choice (reason=3)
  ath0: direct probe to AP 00:11:95:77:e0:b0 (try 1)
  ath0: RX AssocResp from 00:11:95:77:e0:b0 (capab=0x421 status=0 aid=2)
  ath0: associated
  ------------[ cut here ]------------
  WARNING: at net/wireless/mlme.c:97 cfg80211_send_rx_assoc+0x14d/0x152 [cfg80211]()
  Hardware name: 7658CTO
  ...
  Pid: 761, comm: phy0 Not tainted 2.6.32-trunk-686 #1
  Call Trace:
   [<c1030a5d>] ? warn_slowpath_common+0x5e/0x8a
   [<c1030a93>] ? warn_slowpath_null+0xa/0xc
   [<f86cafc7>] ? cfg80211_send_rx_assoc+0x14d/0x152
  ...
  ath0: link becomes ready
  ath0: deauthenticating from 00:11:95:77:e0:b0 by local choice (reason=3)
  ath0: no IPv6 routers present
  ath0: link is not ready
  ath0: direct probe to AP 00:11:95:77:e0:b0 (try 1)
  ath0: direct probe responded
  ath0: authenticate with AP 00:11:95:77:e0:b0 (try 1)
  ath0: authenticated
  ath0: associate with AP 00:11:95:77:e0:b0 (try 1)
  ath0: RX ReassocResp from 00:11:95:77:e0:b0 (capab=0x421 status=0 aid=2)
  ath0: associated

It is not clear to me how the first "direct probe" here
happens, but this seems to be a race condition, if the
user requests to deauth after requesting assoc, but before
the assoc response is received. In that case, it may
happen that mac80211 tries to report the assoc success to
cfg80211, but gets blocked on the wdev lock that is held
because the user is requesting the deauth.

The result is that we run into a warning. This is mostly
harmless, but maybe cause an unexpected event to be sent
to userspace; we'd send an assoc success event although
userspace was no longer expecting that.

To fix this, remove the warning and check whether the
race happened and in that case abort processing.

Reported-by: Joseph Nahmias <joe@nahmias.net>
Cc: stable@kernel.org
Cc: 562016-quiet@bugs.debian.org
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-12-28 16:19:54 -05:00
..
chan.c cfg80211: fix locking for SIWFREQ 2009-08-14 09:13:51 -04:00
core.c wireless : use a dedicated workqueue for cfg80211. 2009-11-28 15:05:00 -05:00
core.h wireless : use a dedicated workqueue for cfg80211. 2009-11-28 15:05:00 -05:00
debugfs.c cfg80211/mac80211: use debugfs_remove_recursive 2009-10-30 16:49:18 -04:00
debugfs.h cfg80211/mac80211: use debugfs_remove_recursive 2009-10-30 16:49:18 -04:00
ethtool.c cfg80211: add firmware and hardware version to wiphy 2009-10-07 16:39:46 -04:00
ethtool.h net/wireless/ethtool.h: drop unnecessary include of linux/ethtool.h 2009-10-07 16:39:49 -04:00
ibss.c wireless : use a dedicated workqueue for cfg80211. 2009-11-28 15:05:00 -05:00
Kconfig cfg80211: convert bools into flags 2009-11-19 11:08:50 -05:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
lib80211.c
Makefile wireless: implement basic ethtool support for cfg80211 devices 2009-10-07 16:39:45 -04:00
mlme.c cfg80211: fix race between deauth and assoc response 2009-12-28 16:19:54 -05:00
nl80211.c nl80211: PMKSA caching support 2009-11-28 15:05:05 -05:00
nl80211.h
radiotap.c
reg.c wireless: update old static regulatory domain rules 2009-12-10 16:21:51 -05:00
reg.h
scan.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 2009-12-04 13:25:15 -08:00
sme.c wireless : use a dedicated workqueue for cfg80211. 2009-11-28 15:05:00 -05:00
sysfs.c
sysfs.h
util.c cfg80211: disallow bridging managed/adhoc interfaces 2009-11-19 11:08:54 -05:00
wext-compat.c cfg80211: Clear encryption privacy when key off is done. 2009-12-09 15:10:08 -05:00
wext-compat.h cfg80211: validate channel settings across interfaces 2009-08-14 09:13:42 -04:00
wext-core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 2009-12-04 13:25:15 -08:00
wext-priv.c wext: refactor 2009-10-07 16:39:43 -04:00
wext-proc.c wext: refactor 2009-10-07 16:39:43 -04:00
wext-sme.c cfg80211: don't set privacy w/o key 2009-09-28 16:55:04 -04:00
wext-spy.c wext: refactor 2009-10-07 16:39:43 -04:00