[PATCH] AP: Fix HT 20/40 co-ex transition timer cancellation on iface removal

Jouni Malinen j at w1.fi
Tue Jun 12 13:47:26 PDT 2018


On Thu, Apr 26, 2018 at 02:27:05PM +0200, Martin Willi wrote:
> When removing an interface, hostapd_bss_deinit() frees all associated STAs.
> If any of the stations is 40MHz intolerant, the cleanup invokes
> ht40_intolerant_remove(), that in turn registers a 20->40MHz transition
> timer for the last station. That timer is never canceled; once it executes,
> the interface is gone, most likely resulting in a segfault when referencing
> it.
> 
> While hostapd_interface_deinit() cancels the transition timer, it does so
> before cleaning up STAs. Move the cancellation after STA cleanup to cancel
> any timer that was registered during that operation.

Thanks, applied.

> I'm not sure if this is the correct/best place for this cancellation, given
> that hostapd_bss_deinit() is called from other locations. This code path
> is rather easy to hit when using the ctrl interface, though.

This looks like a reasonable change on its own. If something else is
needed, that can be handled separately.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list