diff options
Diffstat (limited to 'net/wireless/scan.c')
| -rw-r--r-- | net/wireless/scan.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 674aadca0079..fd99ea495b7e 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c | |||
| @@ -169,7 +169,7 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak) | |||
| 169 | union iwreq_data wrqu; | 169 | union iwreq_data wrqu; |
| 170 | #endif | 170 | #endif |
| 171 | 171 | ||
| 172 | ASSERT_RDEV_LOCK(rdev); | 172 | lockdep_assert_held(&rdev->sched_scan_mtx); |
| 173 | 173 | ||
| 174 | request = rdev->scan_req; | 174 | request = rdev->scan_req; |
| 175 | 175 | ||
| @@ -230,9 +230,9 @@ void __cfg80211_scan_done(struct work_struct *wk) | |||
| 230 | rdev = container_of(wk, struct cfg80211_registered_device, | 230 | rdev = container_of(wk, struct cfg80211_registered_device, |
| 231 | scan_done_wk); | 231 | scan_done_wk); |
| 232 | 232 | ||
| 233 | cfg80211_lock_rdev(rdev); | 233 | mutex_lock(&rdev->sched_scan_mtx); |
| 234 | ___cfg80211_scan_done(rdev, false); | 234 | ___cfg80211_scan_done(rdev, false); |
| 235 | cfg80211_unlock_rdev(rdev); | 235 | mutex_unlock(&rdev->sched_scan_mtx); |
| 236 | } | 236 | } |
| 237 | 237 | ||
| 238 | void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) | 238 | void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) |
| @@ -698,11 +698,6 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev, | |||
| 698 | found = rb_find_bss(dev, tmp, BSS_CMP_REGULAR); | 698 | found = rb_find_bss(dev, tmp, BSS_CMP_REGULAR); |
| 699 | 699 | ||
| 700 | if (found) { | 700 | if (found) { |
| 701 | found->pub.beacon_interval = tmp->pub.beacon_interval; | ||
| 702 | found->pub.signal = tmp->pub.signal; | ||
| 703 | found->pub.capability = tmp->pub.capability; | ||
| 704 | found->ts = tmp->ts; | ||
| 705 | |||
| 706 | /* Update IEs */ | 701 | /* Update IEs */ |
| 707 | if (rcu_access_pointer(tmp->pub.proberesp_ies)) { | 702 | if (rcu_access_pointer(tmp->pub.proberesp_ies)) { |
| 708 | const struct cfg80211_bss_ies *old; | 703 | const struct cfg80211_bss_ies *old; |
| @@ -723,6 +718,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev, | |||
| 723 | 718 | ||
| 724 | if (found->pub.hidden_beacon_bss && | 719 | if (found->pub.hidden_beacon_bss && |
| 725 | !list_empty(&found->hidden_list)) { | 720 | !list_empty(&found->hidden_list)) { |
| 721 | const struct cfg80211_bss_ies *f; | ||
| 722 | |||
| 726 | /* | 723 | /* |
| 727 | * The found BSS struct is one of the probe | 724 | * The found BSS struct is one of the probe |
| 728 | * response members of a group, but we're | 725 | * response members of a group, but we're |
| @@ -732,6 +729,10 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev, | |||
| 732 | * SSID to showing it, which is confusing so | 729 | * SSID to showing it, which is confusing so |
| 733 | * drop this information. | 730 | * drop this information. |
| 734 | */ | 731 | */ |
| 732 | |||
| 733 | f = rcu_access_pointer(tmp->pub.beacon_ies); | ||
| 734 | kfree_rcu((struct cfg80211_bss_ies *)f, | ||
| 735 | rcu_head); | ||
| 735 | goto drop; | 736 | goto drop; |
| 736 | } | 737 | } |
| 737 | 738 | ||
| @@ -761,6 +762,11 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev, | |||
| 761 | kfree_rcu((struct cfg80211_bss_ies *)old, | 762 | kfree_rcu((struct cfg80211_bss_ies *)old, |
| 762 | rcu_head); | 763 | rcu_head); |
| 763 | } | 764 | } |
| 765 | |||
| 766 | found->pub.beacon_interval = tmp->pub.beacon_interval; | ||
| 767 | found->pub.signal = tmp->pub.signal; | ||
| 768 | found->pub.capability = tmp->pub.capability; | ||
| 769 | found->ts = tmp->ts; | ||
| 764 | } else { | 770 | } else { |
| 765 | struct cfg80211_internal_bss *new; | 771 | struct cfg80211_internal_bss *new; |
| 766 | struct cfg80211_internal_bss *hidden; | 772 | struct cfg80211_internal_bss *hidden; |
| @@ -1056,6 +1062,7 @@ int cfg80211_wext_siwscan(struct net_device *dev, | |||
| 1056 | if (IS_ERR(rdev)) | 1062 | if (IS_ERR(rdev)) |
| 1057 | return PTR_ERR(rdev); | 1063 | return PTR_ERR(rdev); |
| 1058 | 1064 | ||
| 1065 | mutex_lock(&rdev->sched_scan_mtx); | ||
| 1059 | if (rdev->scan_req) { | 1066 | if (rdev->scan_req) { |
| 1060 | err = -EBUSY; | 1067 | err = -EBUSY; |
| 1061 | goto out; | 1068 | goto out; |
| @@ -1162,6 +1169,7 @@ int cfg80211_wext_siwscan(struct net_device *dev, | |||
| 1162 | dev_hold(dev); | 1169 | dev_hold(dev); |
| 1163 | } | 1170 | } |
| 1164 | out: | 1171 | out: |
| 1172 | mutex_unlock(&rdev->sched_scan_mtx); | ||
| 1165 | kfree(creq); | 1173 | kfree(creq); |
| 1166 | cfg80211_unlock_rdev(rdev); | 1174 | cfg80211_unlock_rdev(rdev); |
| 1167 | return err; | 1175 | return err; |