mwifiex: fix crash during simultaneous scan and connect
authorAmitkumar Karwar <akarwar@marvell.com>
Tue, 3 Jan 2012 00:18:40 +0000 (16:18 -0800)
committerJohn W. Linville <linville@tuxdriver.com>
Tue, 3 Jan 2012 19:40:45 +0000 (14:40 -0500)
If 'iw connect' command is fired when driver is already busy in
serving 'iw scan' command, ssid specific scan operation for connect
is skipped. In this case cmd wait queue handler gets called with no
command in queue (i.e. adapter->cmd_queued = NULL).

This patch adds a NULL check in mwifiex_wait_queue_complete()
routine to fix crash observed during simultaneous scan and assoc
operations.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/mwifiex/sta_ioctl.c

index ea4a29b7e331c4bccf646deb92f414c4825a5796..1679c2593b7ba7d2975f584e250241a1892b341d 100644 (file)
@@ -55,9 +55,14 @@ int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter)
 {
        bool cancel_flag = false;
        int status = adapter->cmd_wait_q.status;
 {
        bool cancel_flag = false;
        int status = adapter->cmd_wait_q.status;
-       struct cmd_ctrl_node *cmd_queued = adapter->cmd_queued;
+       struct cmd_ctrl_node *cmd_queued;
 
 
+       if (!adapter->cmd_queued)
+               return 0;
+
+       cmd_queued = adapter->cmd_queued;
        adapter->cmd_queued = NULL;
        adapter->cmd_queued = NULL;
+
        dev_dbg(adapter->dev, "cmd pending\n");
        atomic_inc(&adapter->cmd_pending);
 
        dev_dbg(adapter->dev, "cmd pending\n");
        atomic_inc(&adapter->cmd_pending);