From: Ben Greear <greearb@candelatech.com>

I found another crash when deleting lots of virtual stations
in a congested environment.  I think the problem is that
the ieee80211_mlme_notify_scan_completed could call
ieee80211_restart_sta_timer for a stopped interface
that was about to be deleted.  Fix similar problem for
mesh interfaces as well.

Signed-off-by: Ben Greear <greearb@candelatech.com>
---
v4:  Fix up mesh as well, add check in calling code instead of
    in the methods that mucks iwth the timers.

:100644 100644 67fcfdf... 02e3d75... M	net/mac80211/mesh.c
:100644 100644 aec786d... 1d237e9... M	net/mac80211/mlme.c
 net/mac80211/mesh.c |    3 ++-
 net/mac80211/mlme.c |    3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 67fcfdf..02e3d75 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -779,7 +779,8 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(sdata, &local->interfaces, list)
-		if (ieee80211_vif_is_mesh(&sdata->vif))
+		if (ieee80211_sdata_running(sdata)
+		    && ieee80211_vif_is_mesh(&sdata->vif))
 			ieee80211_queue_work(&local->hw, &sdata->work);
 	rcu_read_unlock();
 }
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index aec786d..1d237e9 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3054,7 +3054,8 @@ void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
 	/* Restart STA timers */
 	rcu_read_lock();
 	list_for_each_entry_rcu(sdata, &local->interfaces, list)
-		ieee80211_restart_sta_timer(sdata);
+		if (ieee80211_sdata_running(sdata))
+			ieee80211_restart_sta_timer(sdata);
 	rcu_read_unlock();
 }
 
-- 
1.7.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html