@@ -344,6 +344,8 @@ static bool process_network(const void *key, void *data, void *user_data)
struct network *network = data;
struct station *station = user_data;
+ network_bss_stop_update(network);
+
if (!network_bss_list_isempty(network)) {
bool connected = network == station->connected_network;
@@ -532,6 +534,7 @@ struct bss_expiration_data {
struct scan_bss *connected_bss;
uint64_t now;
const struct scan_freq_set *freqs;
+ struct l_queue *free_list;
};
#define SCAN_RESULT_BSS_RETENTION_TIME (30 * 1000000)
@@ -553,18 +556,20 @@ static bool bss_free_if_expired(void *data, void *user_data)
bss->time_stamp + SCAN_RESULT_BSS_RETENTION_TIME))
return false;
- bss_free(bss);
+ l_queue_push_head(expiration_data->free_list, bss);
return true;
}
static void station_bss_list_remove_expired_bsses(struct station *station,
- const struct scan_freq_set *freqs)
+ const struct scan_freq_set *freqs,
+ struct l_queue *free_list)
{
struct bss_expiration_data data = {
.now = l_time_now(),
.connected_bss = station->connected_bss,
.freqs = freqs,
+ .free_list = free_list,
};
l_queue_foreach_remove(station->bss_list, bss_free_if_expired, &data);
@@ -939,18 +944,19 @@ void station_set_scan_results(struct station *station,
{
const struct l_queue_entry *bss_entry;
struct network *network;
+ struct l_queue *free_list = l_queue_new();
l_queue_foreach_remove(new_bss_list, bss_free_if_ssid_not_utf8, NULL);
while ((network = l_queue_pop_head(station->networks_sorted)))
- network_bss_list_clear(network);
+ network_bss_start_update(network);
l_queue_clear(station->hidden_bss_list_sorted, NULL);
l_queue_destroy(station->autoconnect_list, NULL);
station->autoconnect_list = NULL;
- station_bss_list_remove_expired_bsses(station, freqs);
+ station_bss_list_remove_expired_bsses(station, freqs, free_list);
for (bss_entry = l_queue_get_entries(station->bss_list); bss_entry;
bss_entry = bss_entry->next) {
@@ -962,7 +968,12 @@ void station_set_scan_results(struct station *station,
if (old_bss == station->connected_bss)
station->connected_bss = new_bss;
- bss_free(old_bss);
+ /*
+ * The network object is still holding a reference to
+ * the BSS. Until we tell network to replace the BSS
+ * with a new object, don't free it.
+ */
+ l_queue_push_head(free_list, old_bss);
continue;
}
@@ -996,6 +1007,8 @@ void station_set_scan_results(struct station *station,
l_hashmap_foreach_remove(station->networks, process_network, station);
+ l_queue_destroy(free_list, bss_free);
+
station->autoconnect_can_start = trigger_autoconnect;
station_autoconnect_start(station);
}
This will tell network the BSS list is being updated and it can act accordingly as far as the BSS DBus registrations/unregistration. In addition any scan_bss object needing to be freed has to wait until after network_bss_stop_update() because network has to be able to iterate its old list and unregister any BSS's that were not seen in the scan results. This is done by pushing each BSS needing to be freed into a queue, then destroying them after the BSS's are all added. --- src/station.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) v2: * Updated to use network_bss_{start,stop} update * Added the free list to fix invalid reads due to freeing the scan_bss early