• Sergey Matyukevich's avatar
    cfg80211: fix duplicated scan entries after channel switch · 0afd425b
    Sergey Matyukevich authored
    When associated BSS completes channel switch procedure, its channel
    record needs to be updated. The existing mac80211 solution was
    extended to cfg80211 in commit 5dc8cdce ("mac80211/cfg80211:
    update bss channel on channel switch").
    
    However that solution still appears to be incomplete as it may lead
    to duplicated scan entries for associated BSS after channel switch.
    The root cause of the problem is as follows. Each BSS entry is
    included into the following data structures:
    - bss list rdev->bss_list
    - bss search tree rdev->bss_tree
    Updating BSS channel record without rebuilding bss_tree may break
    tree search since cmp_bss considers all of the following: channel,
    bssid, ssid. When BSS channel is updated, but its location in bss_tree
    is not updated, then subsequent search operations may fail to locate
    this BSS since they will be traversing bss_tree in wrong direction.
    As a result, for scan performed after associated BSS channel switch,
    cfg80211_bss_update may add the second entry for the same BSS to both
    bss_list and bss_tree, rather then update the existing one.
    
    To summarize, if BSS channel needs to be updated, then bss_tree should
    be rebuilt in order to put updated BSS entry into a proper location.
    
    This commit suggests the following straightforward solution:
    - if new entry has been already created for BSS after channel switch,
      then use its IEs to update known BSS entry and then remove new
      entry completely
    - use rb_erase/rb_insert_bss reinstall updated BSS in bss_tree
    - for nontransmit BSS entry, the whole transmit BSS hierarchy
      is updated
    Signed-off-by: default avatarSergey Matyukevich <sergey.matyukevich.os@quantenna.com>
    Link: https://lore.kernel.org/r/20190726163922.27509-3-sergey.matyukevich.os@quantenna.comSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    0afd425b
scan.c 67.8 KB