iwlagn: fix dangling scan request
authorJohannes Berg <johannes.berg@intel.com>
Thu, 22 Sep 2011 21:59:04 +0000 (14:59 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 3 Oct 2011 18:41:12 +0000 (11:41 -0700)
commit3c1c4f8e80a39ae7d6d2a159e3b28f742fd4e968
treeb48212a6777d3f9ca7d30ebd73e0d4ee0a795269
parent111118a4e62d7fbe365cc47ae78e4d9e96b73b6f
iwlagn: fix dangling scan request

commit 6c80c39d9a6986a566c30d797aae37bfb697eea3 upstream.

If iwl_scan_initiate() fails for any reason,
priv->scan_request and priv->scan_vif are left
dangling. This can lead to a crash later when
iwl_bg_scan_completed() tries to run a pending
scan request.

In practice, this seems to be very rare due to
the STATUS_SCANNING check earlier. That check,
however, is wrong -- it should allow a scan to
be queued when a reset/roc scan is going on.
When a normal scan is already going on, a new
one can't be issued by mac80211, so that code
can be removed completely. I introduced this
bug when adding off-channel support in commit
266af4c745952e9bebf687dd68af58df553cb59d.

Reported-by: Peng Yan <peng.yan@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/net/wireless/iwlwifi/iwl-scan.c