From 36e6fea84905512ea776707e82b5b435220efc17 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 12 Aug 2009 22:21:21 +0200 Subject: cfg80211: check for and abort dangling scan requests If you trigger a scan request on an interface and then take it down, or rmmod the module or unplug the device the driver might "forget" to cancel the scan request. That is a bug in the driver, but the current behaviour is that we just hang endlessly waiting for the netdev refcount to become 0 which it never will. To improve robustness, check for this situation in cfg80211, warn about it and clean up behind the driver. I don't just clean up silently because it's likely that the driver also has some internal state it has now leaked. Additionally, this fixes a locking bug, clearing the scan_req pointer should be done under the rdev lock. Finally, we also need to _wait_ for the scan work and not just abort it since it might be pending and wanting to do a cleanup. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/wireless/core.h | 1 + 1 file changed, 1 insertion(+) (limited to 'net/wireless/core.h') diff --git a/net/wireless/core.h b/net/wireless/core.h index f7be3a9b427e..c603f5286326 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -368,6 +368,7 @@ void cfg80211_sme_scan_done(struct net_device *dev); void cfg80211_sme_rx_auth(struct net_device *dev, const u8 *buf, size_t len); void cfg80211_sme_disassoc(struct net_device *dev, int idx); void __cfg80211_scan_done(struct work_struct *wk); +void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev); void cfg80211_upload_connect_keys(struct wireless_dev *wdev); struct ieee80211_channel * -- cgit v1.2.3