1 files changed, 27 insertions, 25 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d44ab216c0ec..58e13a8c95f9 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4702,14 +4702,19 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
        if (!rdev->ops->scan)
                return -EOPNOTSUPP;
-        if (rdev->scan_req)
+        mutex_lock(&rdev->sched_scan_mtx);
-                return -EBUSY;
+        if (rdev->scan_req) {
+                err = -EBUSY;
+                goto unlock;
+        }
        if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
                n_channels = validate_scan_freqs(
                                info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
-                if (!n_channels)
+                if (!n_channels) {
-                        return -EINVAL;
+                        err = -EINVAL;
+                        goto unlock;
+                }
        } else {
                enum ieee80211_band band;
                n_channels = 0;
@@ -4723,23 +4728,29 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
                nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
                        n_ssids++;
-        if (n_ssids > wiphy->max_scan_ssids)
+        if (n_ssids > wiphy->max_scan_ssids) {
-                return -EINVAL;
+                err = -EINVAL;
+                goto unlock;
+        }
        if (info->attrs[NL80211_ATTR_IE])
                ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
        else
                ie_len = 0;
-        if (ie_len > wiphy->max_scan_ie_len)
+        if (ie_len > wiphy->max_scan_ie_len) {
-                return -EINVAL;
+                err = -EINVAL;
+                goto unlock;
+        }
        request = kzalloc(sizeof(*request)
                        + sizeof(*request->ssids) * n_ssids
                        + sizeof(*request->channels) * n_channels
                        + ie_len, GFP_KERNEL);
-        if (!request)
+        if (!request) {
-                return -ENOMEM;
+                err = -ENOMEM;
+                goto unlock;
+        }
        if (n_ssids)
                request->ssids = (void *)&request->channels[n_channels];
@@ -4876,6 +4887,8 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
                kfree(request);
        }
+ unlock:
+        mutex_unlock(&rdev->sched_scan_mtx);
        return err;
 }
@@ -7749,20 +7762,9 @@ static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
        if (!rdev->ops->stop_p2p_device)
                return -EOPNOTSUPP;
-        if (!wdev->p2p_started)
+        mutex_lock(&rdev->sched_scan_mtx);
-                return 0;
+        cfg80211_stop_p2p_device(rdev, wdev);
+        mutex_unlock(&rdev->sched_scan_mtx);
-        rdev_stop_p2p_device(rdev, wdev);
-        wdev->p2p_started = false;
-        mutex_lock(&rdev->devlist_mtx);
-        rdev->opencount--;
-        mutex_unlock(&rdev->devlist_mtx);
-        if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
-                rdev->scan_req->aborted = true;
-                ___cfg80211_scan_done(rdev, true);
-        }
        return 0;
 }
@@ -8486,7 +8488,7 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
        struct nlattr *nest;
        int i;
-        ASSERT_RDEV_LOCK(rdev);
+        lockdep_assert_held(&rdev->sched_scan_mtx);
        if (WARN_ON(!req))
                return 0;

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d44ab216c0ec..58e13a8c95f9 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c
@@ -4702,14 +4702,19 @@ static int nl80211_trigger_scan(struct sk_buff skb, struct genl_info info)
4702	if (!rdev->ops->scan)	4702	if (!rdev->ops->scan)
4703	return -EOPNOTSUPP;	4703	return -EOPNOTSUPP;
4704		4704
4705	if (rdev->scan_req)	4705	mutex_lock(&rdev->sched_scan_mtx);
4706	return -EBUSY;	4706	if (rdev->scan_req) {
		4707	err = -EBUSY;
		4708	goto unlock;
		4709	}
4707		4710
4708	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {	4711	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4709	n_channels = validate_scan_freqs(	4712	n_channels = validate_scan_freqs(
4710	info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);	4713	info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4711	if (!n_channels)	4714	if (!n_channels) {
4712	return -EINVAL;	4715	err = -EINVAL;
		4716	goto unlock;
		4717	}
4713	} else {	4718	} else {
4714	enum ieee80211_band band;	4719	enum ieee80211_band band;
4715	n_channels = 0;	4720	n_channels = 0;
@@ -4723,23 +4728,29 @@ static int nl80211_trigger_scan(struct sk_buff skb, struct genl_info info)
4723	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)	4728	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
4724	n_ssids++;	4729	n_ssids++;
4725		4730
4726	if (n_ssids > wiphy->max_scan_ssids)	4731	if (n_ssids > wiphy->max_scan_ssids) {
4727	return -EINVAL;	4732	err = -EINVAL;
		4733	goto unlock;
		4734	}
4728		4735
4729	if (info->attrs[NL80211_ATTR_IE])	4736	if (info->attrs[NL80211_ATTR_IE])
4730	ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);	4737	ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4731	else	4738	else
4732	ie_len = 0;	4739	ie_len = 0;
4733		4740
4734	if (ie_len > wiphy->max_scan_ie_len)	4741	if (ie_len > wiphy->max_scan_ie_len) {
4735	return -EINVAL;	4742	err = -EINVAL;
		4743	goto unlock;
		4744	}
4736		4745
4737	request = kzalloc(sizeof(*request)	4746	request = kzalloc(sizeof(*request)
4738	+ sizeof(request->ssids) n_ssids	4747	+ sizeof(request->ssids) n_ssids
4739	+ sizeof(request->channels) n_channels	4748	+ sizeof(request->channels) n_channels
4740	+ ie_len, GFP_KERNEL);	4749	+ ie_len, GFP_KERNEL);
4741	if (!request)	4750	if (!request) {
4742	return -ENOMEM;	4751	err = -ENOMEM;
		4752	goto unlock;
		4753	}
4743		4754
4744	if (n_ssids)	4755	if (n_ssids)
4745	request->ssids = (void *)&request->channels[n_channels];	4756	request->ssids = (void *)&request->channels[n_channels];
@@ -4876,6 +4887,8 @@ static int nl80211_trigger_scan(struct sk_buff skb, struct genl_info info)
4876	kfree(request);	4887	kfree(request);
4877	}	4888	}
4878		4889
		4890	unlock:
		4891	mutex_unlock(&rdev->sched_scan_mtx);
4879	return err;	4892	return err;
4880	}	4893	}
4881		4894
@@ -7749,20 +7762,9 @@ static int nl80211_stop_p2p_device(struct sk_buff skb, struct genl_info info)
7749	if (!rdev->ops->stop_p2p_device)	7762	if (!rdev->ops->stop_p2p_device)
7750	return -EOPNOTSUPP;	7763	return -EOPNOTSUPP;
7751		7764
7752	if (!wdev->p2p_started)	7765	mutex_lock(&rdev->sched_scan_mtx);
7753	return 0;	7766	cfg80211_stop_p2p_device(rdev, wdev);
7754		7767	mutex_unlock(&rdev->sched_scan_mtx);
7755	rdev_stop_p2p_device(rdev, wdev);
7756	wdev->p2p_started = false;
7757
7758	mutex_lock(&rdev->devlist_mtx);
7759	rdev->opencount--;
7760	mutex_unlock(&rdev->devlist_mtx);
7761
7762	if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
7763	rdev->scan_req->aborted = true;
7764	___cfg80211_scan_done(rdev, true);
7765	}
7766		7768
7767	return 0;	7769	return 0;
7768	}	7770	}
@@ -8486,7 +8488,7 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
8486	struct nlattr *nest;	8488	struct nlattr *nest;
8487	int i;	8489	int i;
8488		8490
8489	ASSERT_RDEV_LOCK(rdev);	8491	lockdep_assert_held(&rdev->sched_scan_mtx);
8490		8492
8491	if (WARN_ON(!req))	8493	if (WARN_ON(!req))
8492	return 0;	8494	return 0;