mac80211: fix scan races and rework scanning

There are some places marked
	/* XXX maybe racy? */
and they really are racy because there's no locking.

This patch reworks much of the scan code, and introduces proper
locking for the scan request as well as the internal scanning
(which is necessary for IBSS/managed modes). Helper functions
are added to call the scanning code whenever necessary. The
scan deferring is changed to simply queue the scanning work
instead of trying to start the scan in place, the scanning work
will then take care of the rest.

Also, currently when internal scans are requested for an interface
that is trying to associate, we reject such scans. This was not
intended, the mlme code has provisions to scan twice when it can't
find the BSS to associate with right away; this has never worked
properly. Fix this by not rejecting internal scan requests for an
interface that is associating.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

1 files changed, 9 insertions, 19 deletions

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index f8925ca7c8f0..a2f5e6223059 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2072,19 +2072,15 @@ static int ieee80211_sta_config_auth(struct ieee80211_sub_if_data *sdata)
                 return 0;
         } else {
                 if (ifmgd->assoc_scan_tries < IEEE80211_ASSOC_SCANS_MAX_TRIES) {
+                        u8 ssid_len = 0;
+
+                        if (!(ifmgd->flags & IEEE80211_STA_AUTO_SSID_SEL))
+                                ssid_len = ifmgd->ssid_len;
+
                         ifmgd->assoc_scan_tries++;
-                        /* XXX maybe racy? */
-                        if (local->scan_req)
-                                return -1;
-                        memcpy(local->int_scan_req.ssids[0].ssid,
-                               ifmgd->ssid, IEEE80211_MAX_SSID_LEN);
-                        if (ifmgd->flags & IEEE80211_STA_AUTO_SSID_SEL)
-                                local->int_scan_req.ssids[0].ssid_len = 0;
-                        else
-                                local->int_scan_req.ssids[0].ssid_len = ifmgd->ssid_len;
 
-                        if (ieee80211_start_scan(sdata, &local->int_scan_req))
-                                ieee80211_scan_failed(local);
+                        ieee80211_request_internal_scan(sdata, ifmgd->ssid,
+                                                        ssid_len);
 
                         ifmgd->state = IEEE80211_STA_MLME_AUTHENTICATE;
                         set_bit(IEEE80211_STA_REQ_AUTH, &ifmgd->request);
@@ -2122,14 +2118,8 @@ static void ieee80211_sta_work(struct work_struct *work)
             ifmgd->state != IEEE80211_STA_MLME_AUTHENTICATE &&
             ifmgd->state != IEEE80211_STA_MLME_ASSOCIATE &&
             test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request)) {
-                /*
-                 * The call to ieee80211_start_scan can fail but ieee80211_request_scan
-                 * (which queued ieee80211_sta_work) did not return an error. Thus, call
-                 * ieee80211_scan_failed here if ieee80211_start_scan fails in order to
-                 * notify the scan requester.
-                 */
-                if (ieee80211_start_scan(sdata, local->scan_req))
-                        ieee80211_scan_failed(local);
+                queue_delayed_work(local->hw.workqueue, &local->scan_work,
+                                   round_jiffies_relative(0));
                 return;
         }