ap: Don't defer ap_reset when ap_free called in event
Previously we added logic to defer doing anything in ap_free() to after the AP event handler has returned so that ap_event() has a chance to inform whoever called it that the ap_state has been freed. But there's also a chance that the event handler is destroying both the AP and the netdev it runs on, so after the handler has returned we can't even use netdev_get_wdev_id or netdev_get_ifindex. The easiest solution seems to be to call ap_reset() in ap_free() even if we're within an event handler to ensure we no longer need any external objects. Also make sure ap_reset() can be called multiple times. Another option would be to watch for NETDEV_WATCH_EVENT_DEL and remove our reference to the netdev (because there's no need actually call l_rtnl_ifaddr_delete or frame_watch_wdev_remove if the netdev was destroyed -- frame_watch already tracks netdev removals), or to save just the ifindex and the wdev id...
This commit is contained in:
Andrew Zaborowski
Denis Kenzior
parent
4a3792da7e
commit
079489bd66
24
src/ap.c
24
src/ap.c
|
|
@ -207,16 +207,22 @@ static void ap_reset(struct ap_state *ap)
|
|||
ap->authorized_macs_num = 0;
|
||||
}
|
||||
|
||||
if (ap->mlme_watch)
|
||||
if (ap->mlme_watch) {
|
||||
l_genl_family_unregister(ap->nl80211, ap->mlme_watch);
|
||||
ap->mlme_watch = 0;
|
||||
}
|
||||
|
||||
frame_watch_wdev_remove(netdev_get_wdev_id(netdev));
|
||||
|
||||
if (ap->start_stop_cmd_id)
|
||||
if (ap->start_stop_cmd_id) {
|
||||
l_genl_family_cancel(ap->nl80211, ap->start_stop_cmd_id);
|
||||
ap->start_stop_cmd_id = 0;
|
||||
}
|
||||
|
||||
if (ap->rtnl_add_cmd)
|
||||
if (ap->rtnl_add_cmd) {
|
||||
l_netlink_cancel(rtnl, ap->rtnl_add_cmd);
|
||||
ap->rtnl_add_cmd = 0;
|
||||
}
|
||||
|
||||
if (ap->rtnl_get_gateway4_mac_cmd) {
|
||||
l_netlink_cancel(rtnl, ap->rtnl_get_gateway4_mac_cmd);
|
||||
|
|
@ -228,12 +234,12 @@ static void ap_reset(struct ap_state *ap)
|
|||
ap->rtnl_get_dns4_mac_cmd = 0;
|
||||
}
|
||||
|
||||
l_queue_destroy(ap->sta_states, ap_sta_free);
|
||||
l_queue_destroy(l_steal_ptr(ap->sta_states), ap_sta_free);
|
||||
|
||||
if (ap->rates)
|
||||
l_uintset_free(ap->rates);
|
||||
l_uintset_free(l_steal_ptr(ap->rates));
|
||||
|
||||
l_queue_destroy(ap->wsc_pbc_probes, l_free);
|
||||
l_queue_destroy(l_steal_ptr(ap->wsc_pbc_probes), l_free);
|
||||
l_timeout_remove(ap->wsc_pbc_timeout);
|
||||
|
||||
ap->started = false;
|
||||
|
|
@ -258,7 +264,8 @@ static bool ap_event_done(struct ap_state *ap, bool prev_in_event)
|
|||
ap->in_event = prev_in_event;
|
||||
|
||||
if (!prev_in_event && ap->free_pending) {
|
||||
ap_free(ap);
|
||||
l_genl_family_free(ap->nl80211);
|
||||
l_free(ap);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -3386,12 +3393,13 @@ free_ap:
|
|||
/* Free @ap without a graceful shutdown */
|
||||
void ap_free(struct ap_state *ap)
|
||||
{
|
||||
ap_reset(ap);
|
||||
|
||||
if (ap->in_event) {
|
||||
ap->free_pending = true;
|
||||
return;
|
||||
}
|
||||
|
||||
ap_reset(ap);
|
||||
l_genl_family_free(ap->nl80211);
|
||||
l_free(ap);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue