From 217c15777784331336a8eb232af7e2fa180b136a Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 20 Mar 2013 14:05:52 +0100 Subject: cfg80211: fix potential connection work crash If wpa_supplicant and iw/iwconfig are used together, very rarely the system crashes. It seems to be related to the connection parameters not being set up, but it's not all clear to me how this happens. In any case, checking that the conn pointer exists here is probably a good idea. Signed-off-by: Johannes Berg --- net/wireless/sme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/sme.c b/net/wireless/sme.c index bad4c4b5e4eb..88fc9aa54fe0 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -234,7 +234,7 @@ void cfg80211_conn_work(struct work_struct *work) wdev_unlock(wdev); continue; } - if (wdev->sme_state != CFG80211_SME_CONNECTING) { + if (wdev->sme_state != CFG80211_SME_CONNECTING || !wdev->conn) { wdev_unlock(wdev); continue; } -- cgit v1.2.3 From f00f188f8212fec9976394976c4fd5d4a3bc4dcf Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Wed, 20 Mar 2013 20:22:54 +0800 Subject: cfg80211: fix error return code in cfg80211_init() Fix to return a negative error code from the error handling case instead of 0, as returned elsewhere in this function. Signed-off-by: Wei Yongjun Signed-off-by: Johannes Berg --- net/wireless/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/core.c b/net/wireless/core.c index f382cae983ba..92e3fd44e3b0 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -1096,8 +1096,10 @@ static int __init cfg80211_init(void) goto out_fail_reg; cfg80211_wq = create_singlethread_workqueue("cfg80211"); - if (!cfg80211_wq) + if (!cfg80211_wq) { + err = -ENOMEM; goto out_fail_wq; + } return 0; -- cgit v1.2.3 From 90e0970f8788cef2c8f5183af5a98f4f94600faf Mon Sep 17 00:00:00 2001 From: Artem Savkov Date: Sat, 30 Mar 2013 21:20:14 +0400 Subject: cfg80211: sched_scan_mtx lock in cfg80211_conn_work() Introduced in f9f475292dbb0e7035fb6661d1524761ea0888d9 ("cfg80211: always check for scan end on P2P device") cfg80211_conn_scan() which requires sched_scan_mtx to be held can be called from cfg80211_conn_work(). Without this we are hitting multiple warnings like the following: WARNING: at net/wireless/sme.c:88 cfg80211_conn_scan+0x1dc/0x3a0 [cfg80211]() Hardware name: 0578A21 Modules linked in: ... Pid: 620, comm: kworker/3:1 Not tainted 3.9.0-rc4-next-20130328+ #326 Call Trace: [] warn_slowpath_common+0x72/0xa0 [] warn_slowpath_null+0x22/0x30 [] cfg80211_conn_scan+0x1dc/0x3a0 [cfg80211] [] cfg80211_conn_do_work+0x94/0x380 [cfg80211] [] cfg80211_conn_work+0xa2/0x130 [cfg80211] [] process_one_work+0x198/0x450 Signed-off-by: Artem Savkov Signed-off-by: Johannes Berg --- net/wireless/sme.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net/wireless') diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 09d994d192ff..482c70e70127 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -224,6 +224,7 @@ void cfg80211_conn_work(struct work_struct *work) rtnl_lock(); cfg80211_lock_rdev(rdev); mutex_lock(&rdev->devlist_mtx); + mutex_lock(&rdev->sched_scan_mtx); list_for_each_entry(wdev, &rdev->wdev_list, list) { wdev_lock(wdev); @@ -248,6 +249,7 @@ void cfg80211_conn_work(struct work_struct *work) wdev_unlock(wdev); } + mutex_unlock(&rdev->sched_scan_mtx); mutex_unlock(&rdev->devlist_mtx); cfg80211_unlock_rdev(rdev); rtnl_unlock(); -- cgit v1.2.3