diff options
| author | Maya Erez <merez@codeaurora.org> | 2016-09-07 22:20:50 +0300 |
|---|---|---|
| committer | Maya Erez <merez@codeaurora.org> | 2016-09-18 17:52:11 +0300 |
| commit | 043f51594b8c5874cb1f4550c1face3420484c97 (patch) | |
| tree | 64a186644bb25ea6b5d992bec456fcc86fb460da /drivers/net/wireless/ath/wil6210/wmi.c | |
| parent | 096ca9dc58d3b1d3375060fad8fa1c9efd63a534 (diff) | |
wil6210: fix protection of wil->scan_request
Currently the places that check wil->scan_request and
call cfg80211_scan_done are not consistently protected,
so there is a risk that cfg80211_scan_done will be called
with NULL scan_request, causing a kernel crash.
Fix this by using p2p_wdev_mutex in few other places
that access scan_request. This makes sense since
scan_request may point to p2p_wdev, and it is not worth
the extra complexity of adding a new mutex.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Git-commit 5ffae43208ec160e584117fabee2cddc5ad0e39a
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
CRs-Fixed: 1063261
Change-Id: Ibc1e6dc2994268a60384b7d9bd459abc3791a0c4
Signed-off-by: Maya Erez <merez@codeaurora.org>
Diffstat (limited to 'drivers/net/wireless/ath/wil6210/wmi.c')
| -rw-r--r-- | drivers/net/wireless/ath/wil6210/wmi.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c index c9fef36977ca..0c5db9584159 100644 --- a/drivers/net/wireless/ath/wil6210/wmi.c +++ b/drivers/net/wireless/ath/wil6210/wmi.c @@ -424,6 +424,7 @@ static void wmi_evt_tx_mgmt(struct wil6210_priv *wil, int id, void *d, int len) static void wmi_evt_scan_complete(struct wil6210_priv *wil, int id, void *d, int len) { + mutex_lock(&wil->p2p_wdev_mutex); if (wil->scan_request) { struct wmi_scan_complete_event *data = d; bool aborted = (data->status != WMI_SCAN_SUCCESS); @@ -433,14 +434,13 @@ static void wmi_evt_scan_complete(struct wil6210_priv *wil, int id, wil->scan_request, aborted); del_timer_sync(&wil->scan_timer); - mutex_lock(&wil->p2p_wdev_mutex); cfg80211_scan_done(wil->scan_request, aborted); wil->radio_wdev = wil->wdev; - mutex_unlock(&wil->p2p_wdev_mutex); wil->scan_request = NULL; } else { wil_err(wil, "SCAN_COMPLETE while not scanning\n"); } + mutex_unlock(&wil->p2p_wdev_mutex); } static void wmi_evt_connect(struct wil6210_priv *wil, int id, void *d, int len) |