When ath6kl module was removed while a scan was ongoing the driver would crash in ath6kl_cfg80211_scan_complete_event(). Fix the function not to iterate nodes when the scan is aborted. The nodes are already freed when the module is being unloaded. This patch removes the null check entirely as the wmi structure is not accessed anymore during module unload. Also fix a bug where the status was checked as a bitfield with '&' operator. But it's not a bitfield, just a regular error code. This is a port of my patch from ath6kl staging with the same title. Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxxxx> --- drivers/net/wireless/ath/ath6kl/cfg80211.c | 41 +++++++++++++++------------ 1 files changed, 23 insertions(+), 18 deletions(-) diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c index eff9983..d1d4794 100644 --- a/drivers/net/wireless/ath/ath6kl/cfg80211.c +++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c @@ -820,29 +820,34 @@ static int ath6kl_cfg80211_scan(struct wiphy *wiphy, struct net_device *ndev, void ath6kl_cfg80211_scan_complete_event(struct ath6kl *ar, int status) { + int i; ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "%s: status %d\n", __func__, status); - if (ar->scan_req) { - /* Translate data to cfg80211 mgmt format */ - ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node, - ar->wdev->wiphy); - - cfg80211_scan_done(ar->scan_req, ((status & -ECANCELED) - || (status & -EBUSY)) ? true : - false); - - if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) { - u8 i; - - for (i = 0; i < ar->scan_req->n_ssids; i++) { - ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1, - DISABLE_SSID_FLAG, - 0, NULL); - } + if (!ar->scan_req) + return; + + if ((status == -ECANCELED) || (status == -EBUSY)) { + cfg80211_scan_done(ar->scan_req, true); + goto out; + } + + /* Translate data to cfg80211 mgmt format */ + ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node, + ar->wdev->wiphy); + + cfg80211_scan_done(ar->scan_req, false); + + if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) { + for (i = 0; i < ar->scan_req->n_ssids; i++) { + ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1, + DISABLE_SSID_FLAG, + 0, NULL); } - ar->scan_req = NULL; } + +out: + ar->scan_req = NULL; } static int ath6kl_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev, -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html