wl1271: Fix scan failure detection

In scan_complete_work, because the mutex is released before accessing the scan->failed flag, it is possible for unfounded hardware recovery rounds to be executed. Fix this. Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com> Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
author: Juuso Oikarinen <juuso.oikarinen@nokia.com> 2010-10-26 07:24:38 -0400
committer: John W. Linville <linville@tuxdriver.com> 2010-11-15 13:25:19 -0500
commit: b739a42c921dcb0ae92cc14032b7f75dcba88e3b (patch)
tree: 85cc1cf771a013f2e040c1edcb90b4fe315e3df7 /drivers/net/wireless/wl12xx
parent: fb2382c75b1292aff0ebc8e209b0cb9ba70bb2cf (diff)
2 files changed, 17 insertions, 5 deletions
diff --git a/drivers/net/wireless/wl12xx/wl1271_main.c b/drivers/net/wireless/wl12xx/wl1271_main.c
index 63036b53f9e..bec2b3d7878 100644
--- a/drivers/net/wireless/wl12xx/wl1271_main.c
+++ b/drivers/net/wireless/wl12xx/wl1271_main.c
@@ -1056,6 +1056,7 @@ static void __wl1271_op_remove_interface(struct wl1271 *wl)
                wl->scan.state = WL1271_SCAN_STATE_IDLE;
                kfree(wl->scan.scanned_ch);
                wl->scan.scanned_ch = NULL;
+                wl->scan.req = NULL;
                ieee80211_scan_completed(wl->hw, true);
        }
@@ -1676,6 +1677,16 @@ static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
        mutex_lock(&wl->mutex);
+        if (wl->state == WL1271_STATE_OFF) {
+                /*
+                 * We cannot return -EBUSY here because cfg80211 will expect
+                 * a call to ieee80211_scan_completed if we do - in this case
+                 * there won't be any call.
+                 */
+                ret = -EAGAIN;
+                goto out;
+        }
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
@@ -2093,14 +2104,14 @@ static int wl1271_op_get_survey(struct ieee80211_hw *hw, int idx,
 {
        struct wl1271 *wl = hw->priv;
        struct ieee80211_conf *conf = &hw->conf;
- 
        if (idx != 0)
                return -ENOENT;
- 
        survey->channel = conf->channel;
        survey->filled = SURVEY_INFO_NOISE_DBM;
        survey->noise = wl->noise;
- 
        return 0;
 }
diff --git a/drivers/net/wireless/wl12xx/wl1271_scan.c b/drivers/net/wireless/wl12xx/wl1271_scan.c
index 909bb47995b..e0661a543a3 100644
--- a/drivers/net/wireless/wl12xx/wl1271_scan.c
+++ b/drivers/net/wireless/wl12xx/wl1271_scan.c
@@ -48,14 +48,15 @@ void wl1271_scan_complete_work(struct work_struct *work)
        wl->scan.state = WL1271_SCAN_STATE_IDLE;
        kfree(wl->scan.scanned_ch);
        wl->scan.scanned_ch = NULL;
-        mutex_unlock(&wl->mutex);
+        wl->scan.req = NULL;
        ieee80211_scan_completed(wl->hw, false);
        if (wl->scan.failed) {
                wl1271_info("Scan completed due to error.");
                ieee80211_queue_work(wl->hw, &wl->recovery_work);
        }
+        mutex_unlock(&wl->mutex);
 }
author	Juuso Oikarinen <juuso.oikarinen@nokia.com>	2010-10-26 07:24:38 -0400
committer	John W. Linville <linville@tuxdriver.com>	2010-11-15 13:25:19 -0500
commit	b739a42c921dcb0ae92cc14032b7f75dcba88e3b (patch)
tree	85cc1cf771a013f2e040c1edcb90b4fe315e3df7 /drivers/net/wireless/wl12xx
parent	fb2382c75b1292aff0ebc8e209b0cb9ba70bb2cf (diff)