Commit 6ee02709 authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: mac80211_hwsim: use hrtimer_active() 

Instead of hrtimer_is_queued(), use hrtimer_active() since
it might be running concurrently, and then it's not queued
at that point in time, as suggested by Thomas Gleixner in
https://lore.kernel.org/87plqn5psu.ffs@tglx

, I just never
got to this for ages.

I think the concurrency is otherwise fine since we'll get
to cancel if we're actually removing things, and otherwise
we just send a beacon at slightly the wrong time or so.

Reported-by: default avatar <syzbot+41e4341f493f1155aa3d@syzkaller.appspotmail.com>
Link: https://patch.msgid.link/20241011145230.5a4d38d4ff9b.Iac0ec316a0c9a7b2619abe52ddc8e04c25d8c7e1@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 2d63e653

drivers/net/wireless/virtual/mac80211_hwsim.c

+2 −2
Original line number Diff line number Diff line
@@ -2442,7 +2442,7 @@ static int mac80211_hwsim_config(struct ieee80211_hw *hw, u32 changed) 


		if (!data->started || !link_data->beacon_int) {

			hrtimer_cancel(&link_data->beacon_timer);

		} else if (!hrtimer_is_queued(&link_data->beacon_timer)) {

		} else if (!hrtimer_active(&link_data->beacon_timer)) {

			u64 tsf = mac80211_hwsim_get_tsf(hw, NULL);

			u32 bcn_int = link_data->beacon_int;

			u64 until_tbtt = bcn_int - do_div(tsf, bcn_int);
@@ -2537,7 +2537,7 @@ static void mac80211_hwsim_link_info_changed(struct ieee80211_hw *hw, 
			  info->enable_beacon, info->beacon_int);

		vp->bcn_en = info->enable_beacon;

		if (data->started &&

		    !hrtimer_is_queued(&link_data->beacon_timer) &&

		    !hrtimer_active(&link_data->beacon_timer) &&

		    info->enable_beacon) {

			u64 tsf, until_tbtt;

			u32 bcn_int;