| From foo@baz Fri Mar 16 15:43:17 CET 2018 |
| From: Limin Zhu <liminzhu@marvell.com> |
| Date: Thu, 30 Nov 2017 14:22:34 +0800 |
| Subject: mwifiex: cfg80211: do not change virtual interface during scan processing |
| |
| From: Limin Zhu <liminzhu@marvell.com> |
| |
| |
| [ Upstream commit c61cfe49f0f0f0d1f8b56d0b045838d597e8c3a3 ] |
| |
| (1) Change virtual interface operation in cfg80211 process reset and |
| reinitilize private data structure. |
| (2) Scan result event processed in main process will dereference private |
| data structure concurrently, ocassionly crash the kernel. |
| |
| The cornel case could be trigger by below steps: |
| (1) wpa_cli mlan0 scan |
| (2) ./hostapd mlan0.conf |
| |
| Cfg80211 asynchronous scan procedure is not all the time operated |
| under rtnl lock, here we add the protect to serialize the cfg80211 |
| scan and change_virtual interface operation. |
| |
| Signed-off-by: Limin Zhu <liminzhu@marvell.com> |
| Signed-off-by: Xinming Hu <huxm@marvell.com> |
| Signed-off-by: Kalle Valo <kvalo@codeaurora.org> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 ++++++ |
| 1 file changed, 6 insertions(+) |
| |
| --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c |
| +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c |
| @@ -1116,6 +1116,12 @@ mwifiex_cfg80211_change_virtual_intf(str |
| struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev); |
| enum nl80211_iftype curr_iftype = dev->ieee80211_ptr->iftype; |
| |
| + if (priv->scan_request) { |
| + mwifiex_dbg(priv->adapter, ERROR, |
| + "change virtual interface: scan in process\n"); |
| + return -EBUSY; |
| + } |
| + |
| switch (curr_iftype) { |
| case NL80211_IFTYPE_ADHOC: |
| switch (type) { |