> @@ -3194,44 +3223,47 @@ void ieee80211_sta_scan_work(struct work_struct *work)
>
> switch (local->scan_state) {
> case SCAN_SET_CHANNEL:
> - mode = local->scan_hw_mode;
> - if (local->scan_hw_mode->list.next == &local->modes_list &&
> - local->scan_channel_idx >= mode->num_channels) {
> + /* get current scan band */
> + if (local->scan_band < IEEE80211_NUM_BANDS)
> + sband = local->hw.wiphy->bands[local->scan_band];
> + else
> + sband = NULL;
> +
> + /* if we started at an unsupported one, advance */
> + while (!sband && local->scan_band < IEEE80211_NUM_BANDS) {
> + local->scan_band++;
> + sband = local->hw.wiphy->bands[local->scan_band];
> + local->scan_channel_idx = 0;
> + }
>
> What are we doing here?
> b43 does only define one band (2.4GHz) currently. Is it possible that this code
> selects the uninitialized 5GHz band structure?
I thought about this a long time and I'm pretty sure that it cannot
select a NULL band structure as long as there is at least one band
structure which is guaranteed by cfg80211 core code.
scan_band always starts out at IEEE80211_BAND_2GHZ, and once it reaches
NUM_BANDS the scan is aborted, and it can't select NULL bands because
one band is guaranteed to be non-NULL (and after this loop we abort if
sband == NULL)
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
