iwm(4) resets the net80211 scan lock in iwm_stop(), but forgets to
wake up userland processes sleeping on this lock.
Usually, ieee80211_end_scan() would wake them but ieee80211_end_scan()
won't be called anymore after iwm_stop().

This is very visible with a suspend/resume cycle while a scan is running.
The suspend code path will call iwm_stop() which resets the device,
so the scan end notification never arrives and ieee80211_end_scan() is
not called. Upon resume, the ifconfig scan process keeps sleeping in
ieee80211_ioctl() until the scan lock times out or the user hits Ctrl-C.

With this diff, the ifconfig scan process returns immediately upon resume.

Some other drivers have the same bug, e.g. iwn(4).


Index: if_iwm.c
RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.207
diff -u -p -r1.207 if_iwm.c
--- if_iwm.c    12 Aug 2017 19:23:42 -0000      1.207
+++ if_iwm.c    12 Aug 2017 20:36:21 -0000
@@ -6432,6 +6432,8 @@ iwm_stop(struct ifnet *ifp, int disable)
        int s = splnet();
+       if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST)
+               wakeup(&ic->ic_scan_lock);
        ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED;
        ifp->if_flags &= ~IFF_RUNNING;

Reply via email to