mac80211: correctly close cancelled scans

__ieee80211_scan_completed is called from a worker. This means that the following flow is possible. * driver calls ieee80211_scan_completed * mac80211 cancels the scan (that is already complete) * __ieee80211_scan_completed runs When scan_work will finally run, it will see that the scan hasn't been aborted and might even trigger another scan on another band. This leads to a situation where cfg80211's scan is not done and no further scan can be issued. Fix this by setting a new flag when a HW scan is being cancelled so that no other scan will be triggered. Cc: stable@vger.kernel.org Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Emmanuel Grumbach <emmanuel.grumbach@intel.com> 2013-09-16 04:12:07 -0400
committer: Johannes Berg <johannes.berg@intel.com> 2013-10-09 12:40:07 -0400
commit: a754055a1296fcbe6f32de3a5eaca6efb2fd1865 (patch)
tree: 6812b556c369c031478a94d6de4b2b6259bd2ca9 /net/mac80211
parent: 22c4ceed0184318ec5a6182c6d75d398452c2e39 (diff)
2 files changed, 22 insertions, 0 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index b6186517ec56..611abfcfb5eb 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -893,6 +893,8 @@ struct tpt_led_trigger {
 *      that the scan completed.
 * @SCAN_ABORTED: Set for our scan work function when the driver reported
 *      a scan complete for an aborted scan.
+ * @SCAN_HW_CANCELLED: Set for our scan work function when the scan is being
+ *      cancelled.
 */
 enum {
        SCAN_SW_SCANNING,
@@ -900,6 +902,7 @@ enum {
        SCAN_ONCHANNEL_SCANNING,
        SCAN_COMPLETED,
        SCAN_ABORTED,
+        SCAN_HW_CANCELLED,
 };
 /**
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 08afe74b98f4..d2d17a449224 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -238,6 +238,9 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
        enum ieee80211_band band;
        int i, ielen, n_chans;
+        if (test_bit(SCAN_HW_CANCELLED, &local->scanning))
+                return false;
        do {
                if (local->hw_scan_band == IEEE80211_NUM_BANDS)
                        return false;
@@ -940,7 +943,23 @@ void ieee80211_scan_cancel(struct ieee80211_local *local)
        if (!local->scan_req)
                goto out;
+        /*
+         * We have a scan running and the driver already reported completion,
+         * but the worker hasn't run yet or is stuck on the mutex - mark it as
+         * cancelled.
+         */
+        if (test_bit(SCAN_HW_SCANNING, &local->scanning) &&
+            test_bit(SCAN_COMPLETED, &local->scanning)) {
+                set_bit(SCAN_HW_CANCELLED, &local->scanning);
+                goto out;
+        }
        if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
+                /*
+                 * Make sure that __ieee80211_scan_completed doesn't trigger a
+                 * scan on another band.
+                 */
+                set_bit(SCAN_HW_CANCELLED, &local->scanning);
                if (local->ops->cancel_hw_scan)
                        drv_cancel_hw_scan(local,
                                rcu_dereference_protected(local->scan_sdata,
author	Emmanuel Grumbach <emmanuel.grumbach@intel.com>	2013-09-16 04:12:07 -0400
committer	Johannes Berg <johannes.berg@intel.com>	2013-10-09 12:40:07 -0400
commit	a754055a1296fcbe6f32de3a5eaca6efb2fd1865 (patch)
tree	6812b556c369c031478a94d6de4b2b6259bd2ca9 /net/mac80211
parent	22c4ceed0184318ec5a6182c6d75d398452c2e39 (diff)