[PATCH 29/31] ath6kl: fix crash when interface is closed but scan is ongoing

Kalle Valo <kvalo@xxxxxxxxxxxxxxxx> · Fri, 22 Jul 2011 08:42:02 +0300

When ath6kl module was removed while a scan was ongoing the driver would
crash in ath6kl_cfg80211_scan_complete_event().

Fix the function not to iterate nodes when the scan is aborted. The nodes
are already freed when the module is being unloaded. This patch removes the
null check entirely as the wmi structure is not accessed anymore during
module unload.

Also fix a bug where the status was checked as a bitfield with '&' operator.
But it's not a bitfield, just a regular error code.

This is a port of my patch from ath6kl staging with the same title.

Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxxxx>
---
 drivers/net/wireless/ath/ath6kl/cfg80211.c |   41 +++++++++++++++------------
 1 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index eff9983..d1d4794 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -820,29 +820,34 @@ static int ath6kl_cfg80211_scan(struct wiphy *wiphy, struct net_device *ndev,
 
 void ath6kl_cfg80211_scan_complete_event(struct ath6kl *ar, int status)
 {
+	int i;
 
 	ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "%s: status %d\n", __func__, status);
 
-	if (ar->scan_req) {
-		/* Translate data to cfg80211 mgmt format */
-		ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node,
-					 ar->wdev->wiphy);
-
-		cfg80211_scan_done(ar->scan_req, ((status & -ECANCELED)
-						  || (status & -EBUSY)) ? true :
-				   false);
-
-		if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) {
-			u8 i;
-
-			for (i = 0; i < ar->scan_req->n_ssids; i++) {
-				ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1,
-							  DISABLE_SSID_FLAG,
-							  0, NULL);
-			}
+	if (!ar->scan_req)
+		return;
+
+	if ((status == -ECANCELED) || (status == -EBUSY)) {
+		cfg80211_scan_done(ar->scan_req, true);
+		goto out;
+	}
+
+	/* Translate data to cfg80211 mgmt format */
+	ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node,
+				 ar->wdev->wiphy);
+
+	cfg80211_scan_done(ar->scan_req, false);
+
+	if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) {
+		for (i = 0; i < ar->scan_req->n_ssids; i++) {
+			ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1,
+						  DISABLE_SSID_FLAG,
+						  0, NULL);
 		}
-		ar->scan_req = NULL;
 	}
+
+out:
+	ar->scan_req = NULL;
 }
 
 static int ath6kl_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





