From 5ffae43208ec160e584117fabee2cddc5ad0e39a Mon Sep 17 00:00:00 2001
From: Lior David <qca_liord@qca.qualcomm.com>
Date: Mon, 22 Aug 2016 12:42:19 +0300
Subject: wil6210: fix protection of wil->scan_request

Currently the places that check wil->scan_request and
call cfg80211_scan_done are not consistently protected,
so there is a risk that cfg80211_scan_done will be called
with NULL scan_request, causing a kernel crash.
Fix this by using p2p_wdev_mutex in few other places
that access scan_request. This makes sense since
scan_request may point to p2p_wdev, and it is not worth
the extra complexity of adding a new mutex.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
---
 drivers/net/wireless/ath/wil6210/cfg80211.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'drivers/net/wireless/ath/wil6210/cfg80211.c')

diff --git a/drivers/net/wireless/ath/wil6210/cfg80211.c b/drivers/net/wireless/ath/wil6210/cfg80211.c
index ffacc7648727..d117240d9a73 100644
--- a/drivers/net/wireless/ath/wil6210/cfg80211.c
+++ b/drivers/net/wireless/ath/wil6210/cfg80211.c
@@ -354,10 +354,13 @@ static int wil_cfg80211_scan(struct wiphy *wiphy,
 	wil_dbg_misc(wil, "%s(), wdev=0x%p iftype=%d\n",
 		     __func__, wdev, wdev->iftype);
 
+	mutex_lock(&wil->p2p_wdev_mutex);
 	if (wil->scan_request) {
 		wil_err(wil, "Already scanning\n");
+		mutex_unlock(&wil->p2p_wdev_mutex);
 		return -EAGAIN;
 	}
+	mutex_unlock(&wil->p2p_wdev_mutex);
 
 	/* check we are client side */
 	switch (wdev->iftype) {
-- 
cgit v1.2.3