mac80211: correctly close cancelled scans

commit a754055a1296fcbe6f32de3a5eaca6efb2fd1865 upstream. __ieee80211_scan_completed is called from a worker. This means that the following flow is possible. * driver calls ieee80211_scan_completed * mac80211 cancels the scan (that is already complete) * __ieee80211_scan_completed runs When scan_work will finally run, it will see that the scan hasn't been aborted and might even trigger another scan on another band. This leads to a situation where cfg80211's scan is not done and no further scan can be issued. Fix this by setting a new flag when a HW scan is being cancelled so that no other scan will be triggered. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Emmanuel Grumbach <emmanuel.grumbach@intel.com> 2013-09-16 04:12:07 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-11-12 22:05:30 -0500
commit: 715a606d73f63e94259e6251565e6e12e3271d0f (patch)
tree: 2d8dd2d9ff41caf6aa7820b60605bc3aa592baec /net
parent: 5be794dc4bb66266acc91eb589ace48e82a6c77e (diff)
2 files changed, 22 insertions, 0 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 9ca8e3278cc0..92ef04c72c51 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -842,6 +842,8 @@ struct tpt_led_trigger {
 *      that the scan completed.
 * @SCAN_ABORTED: Set for our scan work function when the driver reported
 *      a scan complete for an aborted scan.
+ * @SCAN_HW_CANCELLED: Set for our scan work function when the scan is being
+ *      cancelled.
 */
 enum {
        SCAN_SW_SCANNING,
@@ -849,6 +851,7 @@ enum {
        SCAN_ONCHANNEL_SCANNING,
        SCAN_COMPLETED,
        SCAN_ABORTED,
+        SCAN_HW_CANCELLED,
 };
 /**
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 99b103921a4b..eb03337b6545 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -202,6 +202,9 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
        enum ieee80211_band band;
        int i, ielen, n_chans;
+        if (test_bit(SCAN_HW_CANCELLED, &local->scanning))
+                return false;
        do {
                if (local->hw_scan_band == IEEE80211_NUM_BANDS)
                        return false;
@@ -878,7 +881,23 @@ void ieee80211_scan_cancel(struct ieee80211_local *local)
        if (!local->scan_req)
                goto out;
+        /*
+         * We have a scan running and the driver already reported completion,
+         * but the worker hasn't run yet or is stuck on the mutex - mark it as
+         * cancelled.
+         */
+        if (test_bit(SCAN_HW_SCANNING, &local->scanning) &&
+            test_bit(SCAN_COMPLETED, &local->scanning)) {
+                set_bit(SCAN_HW_CANCELLED, &local->scanning);
+                goto out;
+        }
        if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
+                /*
+                 * Make sure that __ieee80211_scan_completed doesn't trigger a
+                 * scan on another band.
+                 */
+                set_bit(SCAN_HW_CANCELLED, &local->scanning);
                if (local->ops->cancel_hw_scan)
                        drv_cancel_hw_scan(local,
                                rcu_dereference_protected(local->scan_sdata,
author	Emmanuel Grumbach <emmanuel.grumbach@intel.com>	2013-09-16 04:12:07 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-11-12 22:05:30 -0500
commit	715a606d73f63e94259e6251565e6e12e3271d0f (patch)
tree	2d8dd2d9ff41caf6aa7820b60605bc3aa592baec /net
parent	5be794dc4bb66266acc91eb589ace48e82a6c77e (diff)