aboutsummaryrefslogtreecommitdiff
path: root/net/wireless
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2009-12-30 15:25:08 -0500
committerJohn W. Linville <linville@tuxdriver.com>2009-12-30 15:25:08 -0500
commit891dc5e73783eeabd2a704a9425e2a199b39c9f9 (patch)
tree9b4478941c486d47a71bfce455b896c5dda7e811 /net/wireless
parente1781ed33a8809c58ad6c3b6d432d656446efa43 (diff)
parent55afc80b2ab100618c17af77915f75307b6bd5d1 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
Conflicts: drivers/net/wireless/libertas/scan.c
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/mlme.c13
-rw-r--r--net/wireless/scan.c13
2 files changed, 21 insertions, 5 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 3dba19e1727..94d151f6f73 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -93,7 +93,18 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
}
}
- WARN_ON(!bss);
+ /*
+ * We might be coming here because the driver reported
+ * a successful association at the same time as the
+ * user requested a deauth. In that case, we will have
+ * removed the BSS from the auth_bsses list due to the
+ * deauth request when the assoc response makes it. If
+ * the two code paths acquire the lock the other way
+ * around, that's just the standard situation of a
+ * deauth being requested while connected.
+ */
+ if (!bss)
+ goto out;
} else if (wdev->conn) {
cfg80211_sme_failed_assoc(wdev);
/*
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 12dfa62aad1..0c2cbbebca9 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -601,7 +601,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
struct cfg80211_registered_device *rdev;
struct wiphy *wiphy;
struct iw_scan_req *wreq = NULL;
- struct cfg80211_scan_request *creq;
+ struct cfg80211_scan_request *creq = NULL;
int i, err, n_channels = 0;
enum ieee80211_band band;
@@ -694,8 +694,10 @@ int cfg80211_wext_siwscan(struct net_device *dev,
/* translate "Scan for SSID" request */
if (wreq) {
if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
- if (wreq->essid_len > IEEE80211_MAX_SSID_LEN)
- return -EINVAL;
+ if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
+ err = -EINVAL;
+ goto out;
+ }
memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
creq->ssids[0].ssid_len = wreq->essid_len;
}
@@ -707,12 +709,15 @@ int cfg80211_wext_siwscan(struct net_device *dev,
err = rdev->ops->scan(wiphy, dev, creq);
if (err) {
rdev->scan_req = NULL;
- kfree(creq);
+ /* creq will be freed below */
} else {
nl80211_send_scan_start(rdev, dev);
+ /* creq now owned by driver */
+ creq = NULL;
dev_hold(dev);
}
out:
+ kfree(creq);
cfg80211_unlock_rdev(rdev);
return err;
}