From patchwork Fri Jul 22 05:42:02 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kalle Valo X-Patchwork-Id: 998242 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p6M5hm0S010238 for ; Fri, 22 Jul 2011 05:43:48 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753396Ab1GVFnq (ORCPT ); Fri, 22 Jul 2011 01:43:46 -0400 Received: from wolverine01.qualcomm.com ([199.106.114.254]:3158 "EHLO wolverine01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753387Ab1GVFno (ORCPT ); Fri, 22 Jul 2011 01:43:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qca.qualcomm.com; i=kvalo@qca.qualcomm.com; q=dns/txt; s=qcdkim; t=1311313424; x=1342849424; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; z=From:=20Kalle=20Valo=20|To:=20|CC:=20|Subject:=20[PATCH=2029/31]=20ath6kl:=20fix=20crash =20when=20interface=20is=20closed=20but=20scan=20is=20ong oing|Date:=20Fri,=2022=20Jul=202011=2008:42:02=20+0300 |Message-ID:=20<1311313324-6766-31-git-send-email-kvalo@q ca.qualcomm.com>|In-Reply-To:=20<1311313324-6766-1-git-se nd-email-kvalo@qca.qualcomm.com>|References:=20<131131332 4-6766-1-git-send-email-kvalo@qca.qualcomm.com> |MIME-Version:=201.0; bh=cR75LF5vZJevnFNelBfLFwGxeIvP5+3fvRnoZQ2xV8Y=; b=NIGuVkaLG5zMG12znngZFzBC72lm8T4AVwqIvxih8hiHwsca6Z8vq4TM CAF8XeJ09WtocTeijDq7ra6Qj8ExkoNlEWC99q+joBDAV3i4GX4oQT8Bo p3kbRq3tM+wmLuZa7m94qC/dtLR0Jq90SPGA/INnDlankbZuBifV83nw8 E=; X-IronPort-AV: E=McAfee;i="5400,1158,6414"; a="105201667" Received: from ironmsg03-r.qualcomm.com ([172.30.46.17]) by wolverine01.qualcomm.com with ESMTP; 21 Jul 2011 22:43:44 -0700 X-IronPort-AV: E=Sophos;i="4.67,244,1309762800"; d="scan'208";a="91740977" Received: from nasanexhc05.na.qualcomm.com ([172.30.48.2]) by Ironmsg03-R.qualcomm.com with ESMTP/TLS/AES128-SHA; 21 Jul 2011 22:43:44 -0700 Received: from NASANEXHC12.na.qualcomm.com (172.30.48.1) by nasanexhc05.na.qualcomm.com (172.30.48.2) with Microsoft SMTP Server (TLS) id 14.1.323.0; Thu, 21 Jul 2011 22:43:44 -0700 Received: from NASJOEXHC01.na.qualcomm.com (10.234.56.15) by nasanexhc12.na.qualcomm.com (172.30.39.187) with Microsoft SMTP Server (TLS) id 14.1.323.0; Thu, 21 Jul 2011 22:43:43 -0700 Received: from localhost.localdomain (10.234.11.69) by qcamail1.atheros.com (10.234.56.15) with Microsoft SMTP Server (TLS) id 14.1.323.0; Thu, 21 Jul 2011 22:43:40 -0700 From: Kalle Valo To: CC: Subject: [PATCH 29/31] ath6kl: fix crash when interface is closed but scan is ongoing Date: Fri, 22 Jul 2011 08:42:02 +0300 Message-ID: <1311313324-6766-31-git-send-email-kvalo@qca.qualcomm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1311313324-6766-1-git-send-email-kvalo@qca.qualcomm.com> References: <1311313324-6766-1-git-send-email-kvalo@qca.qualcomm.com> MIME-Version: 1.0 X-Originating-IP: [10.234.11.69] Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Fri, 22 Jul 2011 05:43:48 +0000 (UTC) When ath6kl module was removed while a scan was ongoing the driver would crash in ath6kl_cfg80211_scan_complete_event(). Fix the function not to iterate nodes when the scan is aborted. The nodes are already freed when the module is being unloaded. This patch removes the null check entirely as the wmi structure is not accessed anymore during module unload. Also fix a bug where the status was checked as a bitfield with '&' operator. But it's not a bitfield, just a regular error code. This is a port of my patch from ath6kl staging with the same title. Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath6kl/cfg80211.c | 41 +++++++++++++++------------ 1 files changed, 23 insertions(+), 18 deletions(-) diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c index eff9983..d1d4794 100644 --- a/drivers/net/wireless/ath/ath6kl/cfg80211.c +++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c @@ -820,29 +820,34 @@ static int ath6kl_cfg80211_scan(struct wiphy *wiphy, struct net_device *ndev, void ath6kl_cfg80211_scan_complete_event(struct ath6kl *ar, int status) { + int i; ath6kl_dbg(ATH6KL_DBG_WLAN_CFG, "%s: status %d\n", __func__, status); - if (ar->scan_req) { - /* Translate data to cfg80211 mgmt format */ - ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node, - ar->wdev->wiphy); - - cfg80211_scan_done(ar->scan_req, ((status & -ECANCELED) - || (status & -EBUSY)) ? true : - false); - - if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) { - u8 i; - - for (i = 0; i < ar->scan_req->n_ssids; i++) { - ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1, - DISABLE_SSID_FLAG, - 0, NULL); - } + if (!ar->scan_req) + return; + + if ((status == -ECANCELED) || (status == -EBUSY)) { + cfg80211_scan_done(ar->scan_req, true); + goto out; + } + + /* Translate data to cfg80211 mgmt format */ + ath6kl_wmi_iterate_nodes(ar->wmi, ath6kl_cfg80211_scan_node, + ar->wdev->wiphy); + + cfg80211_scan_done(ar->scan_req, false); + + if (ar->scan_req->n_ssids && ar->scan_req->ssids[0].ssid_len) { + for (i = 0; i < ar->scan_req->n_ssids; i++) { + ath6kl_wmi_probedssid_cmd(ar->wmi, i + 1, + DISABLE_SSID_FLAG, + 0, NULL); } - ar->scan_req = NULL; } + +out: + ar->scan_req = NULL; } static int ath6kl_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,