• J
    mac80211: fix scan vs. interface removal race · 5bc75728
    Johannes Berg 提交于
    When we remove an interface, we can currently end up having
    a pointer to it left in local->scan_sdata after it has been
    set down, and then with a hardware scan the scan completion
    can try to access it which is a bug. Alternatively, a scan
    that started as a hardware scan may terminate as though it
    was a software scan, if the timing is just right.
    
    On SMP systems, software scan also has a similar problem,
    just canceling the delayed work and setting a flag isn't
    enough since it may be running concurrently; in this case
    we would also never restore state of other interfaces.
    
    This patch hopefully fixes the problems by always invoking
    ieee80211_scan_completed or requiring it to be invoked by
    the driver, I suspect the drivers that have ->hw_scan() are
    buggy. The bug will not manifest itself unless you remove
    the interface while hw-scanning which will also turn off
    the hw, and then add a new interface which will be unusable
    until you scan once.
    Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
    Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
    5bc75728
mlme.c 70.1 KB