From b015dbc0f95eef34819515bd403a62569bca23df Mon Sep 17 00:00:00 2001 From: Amitkumar Karwar Date: Mon, 2 Jan 2012 16:18:40 -0800 Subject: mwifiex: fix crash during simultaneous scan and connect If 'iw connect' command is fired when driver is already busy in serving 'iw scan' command, ssid specific scan operation for connect is skipped. In this case cmd wait queue handler gets called with no command in queue (i.e. adapter->cmd_queued = NULL). This patch adds a NULL check in mwifiex_wait_queue_complete() routine to fix crash observed during simultaneous scan and assoc operations. Signed-off-by: Amitkumar Karwar Signed-off-by: Bing Zhao Signed-off-by: John W. Linville --- drivers/net/wireless/mwifiex/sta_ioctl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mwifiex/sta_ioctl.c b/drivers/net/wireless/mwifiex/sta_ioctl.c index ea4a29b7e33..1679c2593b7 100644 --- a/drivers/net/wireless/mwifiex/sta_ioctl.c +++ b/drivers/net/wireless/mwifiex/sta_ioctl.c @@ -55,9 +55,14 @@ int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter) { bool cancel_flag = false; int status = adapter->cmd_wait_q.status; - struct cmd_ctrl_node *cmd_queued = adapter->cmd_queued; + struct cmd_ctrl_node *cmd_queued; + if (!adapter->cmd_queued) + return 0; + + cmd_queued = adapter->cmd_queued; adapter->cmd_queued = NULL; + dev_dbg(adapter->dev, "cmd pending\n"); atomic_inc(&adapter->cmd_pending); -- cgit v1.2.3-18-g5258