diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2008-09-10 18:01:51 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2008-09-15 16:48:20 -0400 |
commit | 5bc75728fd43bb15b46f16ef465bcf9d487393cf (patch) | |
tree | 5732adee3965970390bf7953d214c757bbdba2a2 /include/net | |
parent | b7413430d4d2a6168e68231d9f93763047b6d60c (diff) |
mac80211: fix scan vs. interface removal race
When we remove an interface, we can currently end up having
a pointer to it left in local->scan_sdata after it has been
set down, and then with a hardware scan the scan completion
can try to access it which is a bug. Alternatively, a scan
that started as a hardware scan may terminate as though it
was a software scan, if the timing is just right.
On SMP systems, software scan also has a similar problem,
just canceling the delayed work and setting a flag isn't
enough since it may be running concurrently; in this case
we would also never restore state of other interfaces.
This patch hopefully fixes the problems by always invoking
ieee80211_scan_completed or requiring it to be invoked by
the driver, I suspect the drivers that have ->hw_scan() are
buggy. The bug will not manifest itself unless you remove
the interface while hw-scanning which will also turn off
the hw, and then add a new interface which will be unusable
until you scan once.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/mac80211.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/net/mac80211.h b/include/net/mac80211.h index f504e3eca7d3..d67882dd3604 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h | |||
@@ -1124,7 +1124,9 @@ enum ieee80211_ampdu_mlme_action { | |||
1124 | * @hw_scan: Ask the hardware to service the scan request, no need to start | 1124 | * @hw_scan: Ask the hardware to service the scan request, no need to start |
1125 | * the scan state machine in stack. The scan must honour the channel | 1125 | * the scan state machine in stack. The scan must honour the channel |
1126 | * configuration done by the regulatory agent in the wiphy's registered | 1126 | * configuration done by the regulatory agent in the wiphy's registered |
1127 | * bands. | 1127 | * bands. When the scan finishes, ieee80211_scan_completed() must be |
1128 | * called; note that it also must be called when the scan cannot finish | ||
1129 | * because the hardware is turned off! Anything else is a bug! | ||
1128 | * | 1130 | * |
1129 | * @get_stats: return low-level statistics | 1131 | * @get_stats: return low-level statistics |
1130 | * | 1132 | * |