If we failed on drv_start, we currently cleanup AP_VLAN reference to bss. But this is not needed, since AP_VLAN must be tied to a pre-existing AP interface, so open_count cannot be 0, so we will never call drv_start for AP_VLAN interfaces. Remove these cleanup and return immediately instead. Signed-off-by: Miri Korenblit --- net/mac80211/iface.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) --- v2: make the commit apply diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 232fc0b80e44..234de4762be5 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -1361,8 +1361,6 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } case NL80211_IFTYPE_AP: - sdata->bss = &sdata->u.ap; - break; case NL80211_IFTYPE_MESH_POINT: case NL80211_IFTYPE_STATION: case NL80211_IFTYPE_MONITOR: @@ -1387,8 +1385,13 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) local->reconfig_failure = false; res = drv_start(local); - if (res) - goto err_del_bss; + if (res) { + /* + * no need to worry about AP_VLAN cleanup since in that + * case we can't have open_count == 0 + */ + return res; + } ieee80211_led_radio(local, true); ieee80211_mod_tpt_led_trig(local, IEEE80211_TPT_LEDTRIG_FL_RADIO, 0); @@ -1459,6 +1462,9 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) netif_carrier_on(dev); list_add_tail_rcu(&sdata->u.mntr.list, &local->mon_list); break; + case NL80211_IFTYPE_AP: + sdata->bss = &sdata->u.ap; + fallthrough; default: if (coming_up) { ieee80211_del_virtual_monitor(local); @@ -1547,10 +1553,10 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) err_stop: if (!local->open_count) drv_stop(local, false); - err_del_bss: - sdata->bss = NULL; if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) list_del(&sdata->u.vlan.list); + /* Might not be initialized yet, but it is harmless */ + sdata->bss = NULL; return res; } -- 2.34.1