Search Linux Wireless

[PATCH 29/31] ath6kl: fix crash when interface is closed but scan is ongoing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When ath6kl module was removed while a scan was ongoing the driver would
crash in ath6kl_cfg80211_scan_complete_event().

Fix the function not to iterate nodes when the scan is aborted. The nodes
are already freed when the module is being unloaded. This patch removes the
null check entirely as the wmi structure is not accessed anymore during
module unload.

Also fix a bug where the status was checked as a bitfield with '&' operator.
But it's not a bitfield, just a regular error code.

This is a port of my patch from ath6kl staging with the same title.

Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxxxx>
---
 drivers/net/wireless/ath/ath6kl/cfg80211.c |   41 +++++++++++++++------------
 1 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index eff9983..d1d4794 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -820,29 +820,34 @@ static int ath6kl_cfg80211_scan(struct wiphy *wiphy, struct net_device *ndev,
 
 void ath6kl_cfg80211_scan_complete_event(struct ath6kl *ar, int status)
 {
+	int i;
 
 	ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "%s: status %d\n", __func__, status);
 
-	if (ar->scan_req) {
-		/* Translate data to cfg80211 mgmt format */
-		ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node,
-					 ar->wdev->wiphy);
-
-		cfg80211_scan_done(ar->scan_req, ((status & -ECANCELED)
-						  || (status & -EBUSY)) ? true :
-				   false);
-
-		if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) {
-			u8 i;
-
-			for (i = 0; i < ar->scan_req->n_ssids; i++) {
-				ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1,
-							  DISABLE_SSID_FLAG,
-							  0, NULL);
-			}
+	if (!ar->scan_req)
+		return;
+
+	if ((status == -ECANCELED) || (status == -EBUSY)) {
+		cfg80211_scan_done(ar->scan_req, true);
+		goto out;
+	}
+
+	/* Translate data to cfg80211 mgmt format */
+	ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node,
+				 ar->wdev->wiphy);
+
+	cfg80211_scan_done(ar->scan_req, false);
+
+	if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) {
+		for (i = 0; i < ar->scan_req->n_ssids; i++) {
+			ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1,
+						  DISABLE_SSID_FLAG,
+						  0, NULL);
 		}
-		ar->scan_req = NULL;
 	}
+
+out:
+	ar->scan_req = NULL;
 }
 
 static int ath6kl_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux