wl1271: Fix scan failure detection
Juuso Oikarinen [Tue, 26 Oct 2010 11:24:38 +0000 (13:24 +0200)]
In scan_complete_work, because the mutex is released before accessing the
scan->failed flag, it is possible for unfounded hardware recovery rounds
to be executed.

Fix this.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>

drivers/net/wireless/wl12xx/wl1271_main.c
drivers/net/wireless/wl12xx/wl1271_scan.c

index 63036b5..bec2b3d 100644 (file)
@@ -1056,6 +1056,7 @@ static void __wl1271_op_remove_interface(struct wl1271 *wl)
                wl->scan.state = WL1271_SCAN_STATE_IDLE;
                kfree(wl->scan.scanned_ch);
                wl->scan.scanned_ch = NULL;
+               wl->scan.req = NULL;
                ieee80211_scan_completed(wl->hw, true);
        }
 
@@ -1676,6 +1677,16 @@ static int wl1271_op_hw_scan(struct ieee80211_hw *hw,
 
        mutex_lock(&wl->mutex);
 
+       if (wl->state == WL1271_STATE_OFF) {
+               /*
+                * We cannot return -EBUSY here because cfg80211 will expect
+                * a call to ieee80211_scan_completed if we do - in this case
+                * there won't be any call.
+                */
+               ret = -EAGAIN;
+               goto out;
+       }
+
        ret = wl1271_ps_elp_wakeup(wl, false);
        if (ret < 0)
                goto out;
@@ -2093,14 +2104,14 @@ static int wl1271_op_get_survey(struct ieee80211_hw *hw, int idx,
 {
        struct wl1271 *wl = hw->priv;
        struct ieee80211_conf *conf = &hw->conf;
+
        if (idx != 0)
                return -ENOENT;
+
        survey->channel = conf->channel;
        survey->filled = SURVEY_INFO_NOISE_DBM;
        survey->noise = wl->noise;
+
        return 0;
 }
 
index 909bb47..e0661a5 100644 (file)
@@ -48,14 +48,15 @@ void wl1271_scan_complete_work(struct work_struct *work)
        wl->scan.state = WL1271_SCAN_STATE_IDLE;
        kfree(wl->scan.scanned_ch);
        wl->scan.scanned_ch = NULL;
-       mutex_unlock(&wl->mutex);
-
+       wl->scan.req = NULL;
        ieee80211_scan_completed(wl->hw, false);
 
        if (wl->scan.failed) {
                wl1271_info("Scan completed due to error.");
                ieee80211_queue_work(wl->hw, &wl->recovery_work);
        }
+       mutex_unlock(&wl->mutex);
+
 }