cfg80211: fix locking

	/* internal */

	struct wiphy *wiphy;

	int ifidx;

	bool aborted;

};

/**

	int	(*assoc)(struct wiphy *wiphy, struct net_device *dev,

			 struct cfg80211_assoc_request *req);

	int	(*deauth)(struct wiphy *wiphy, struct net_device *dev,

			  struct cfg80211_deauth_request *req);

			  struct cfg80211_deauth_request *req,

			  void *cookie);

	int	(*disassoc)(struct wiphy *wiphy, struct net_device *dev,

			    struct cfg80211_disassoc_request *req);

			    struct cfg80211_disassoc_request *req,

			    void *cookie);

	int	(*connect)(struct wiphy *wiphy, struct net_device *dev,

			   struct cfg80211_connect_params *sme);

	struct wiphy *wiphy;

	enum nl80211_iftype iftype;

	/* private to the generic wireless code */

	/* the remainder of this struct should be private to cfg80211 */

	struct list_head list;

	struct net_device *netdev;

	struct mutex mtx;

	/* currently used for IBSS and SME - might be rearranged later */

	u8 ssid[IEEE80211_MAX_SSID_LEN];

	u8 ssid_len;

	} sme_state;

	struct cfg80211_conn *conn;

	struct list_head event_list;

	spinlock_t event_lock;

	struct cfg80211_internal_bss *authtry_bsses[MAX_AUTH_BSSES];

	struct cfg80211_internal_bss *auth_bsses[MAX_AUTH_BSSES];

	struct cfg80211_internal_bss *current_bss; /* associated / joined */

 * @dev: network device

 * @buf: deauthentication frame (header + body)

 * @len: length of the frame data

 * @cookie: cookie from ->deauth if called within that callback,

 *	%NULL otherwise

 *

 * This function is called whenever deauthentication has been processed in

 * station mode. This includes both received deauthentication frames and

 * locally generated ones. This function may sleep.

 */

void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len);

void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len,

			  void *cookie);

/**

 * cfg80211_send_disassoc - notification of processed disassociation

 * @dev: network device

 * @buf: disassociation response frame (header + body)

 * @len: length of the frame data

 * @cookie: cookie from ->disassoc if called within that callback,

 *	%NULL otherwise

 *

 * This function is called whenever disassociation has been processed in

 * station mode. This includes both received disassociation frames and locally

 * generated ones. This function may sleep.

 */

void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len);

void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len,

			    void *cookie);

/**

 * cfg80211_michael_mic_failure - notification of Michael MIC failure (TKIP)

}

static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev,

			    struct cfg80211_deauth_request *req)

			    struct cfg80211_deauth_request *req,

			    void *cookie)

{

	return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), req);

	return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev),

				    req, cookie);

}

static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,

			      struct cfg80211_disassoc_request *req)

			      struct cfg80211_disassoc_request *req,

			      void *cookie)

{

	return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), req);

	return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev),

				      req, cookie);

}

static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,

int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,

			struct cfg80211_assoc_request *req);

int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,

			 struct cfg80211_deauth_request *req);

			 struct cfg80211_deauth_request *req,

			 void *cookie);

int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,

			   struct cfg80211_disassoc_request *req);

			   struct cfg80211_disassoc_request *req,

			   void *cookie);

ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,

					  struct sk_buff *skb);

void ieee80211_send_pspoll(struct ieee80211_local *local,

static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,

					   const u8 *bssid, u16 stype, u16 reason)

					   const u8 *bssid, u16 stype, u16 reason,

					   void *cookie)

{

	struct ieee80211_local *local = sdata->local;

	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;

	mgmt->u.deauth.reason_code = cpu_to_le16(reason);

	if (stype == IEEE80211_STYPE_DEAUTH)

		cfg80211_send_deauth(sdata->dev, (u8 *) mgmt, skb->len);

		cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len, cookie);

	else

		cfg80211_send_disassoc(sdata->dev, (u8 *) mgmt, skb->len);

		cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len, cookie);

	ieee80211_tx_skb(sdata, skb, ifmgd->flags & IEEE80211_STA_MFP_ENABLED);

}

			/* no action */

			break;

		case RX_MGMT_CFG80211_DEAUTH:

			cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);

			cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len,

					     NULL);

			break;

		case RX_MGMT_CFG80211_DISASSOC:

			cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);

			cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len,

					       NULL);

			break;

		default:

			WARN(1, "unexpected: %d", rma);

}

int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,

			 struct cfg80211_deauth_request *req)

			 struct cfg80211_deauth_request *req,

			 void *cookie)

{

	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;

	struct ieee80211_mgd_work *wk;

	mutex_unlock(&ifmgd->mtx);

	ieee80211_send_deauth_disassoc(sdata, bssid,

			IEEE80211_STYPE_DEAUTH, req->reason_code);

			IEEE80211_STYPE_DEAUTH, req->reason_code,

			cookie);

	return 0;

}

int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,

			   struct cfg80211_disassoc_request *req)

			   struct cfg80211_disassoc_request *req,

			   void *cookie)

{

	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;

	mutex_unlock(&ifmgd->mtx);

	ieee80211_send_deauth_disassoc(sdata, req->bss->bssid,

			IEEE80211_STYPE_DISASSOC, req->reason_code);

			IEEE80211_STYPE_DISASSOC, req->reason_code,

			cookie);

	return 0;

}

	cfg80211_rfkill_set_block(drv, rfkill_blocked(drv->rfkill));

}

static void cfg80211_process_events(struct wireless_dev *wdev)

{

	struct cfg80211_event *ev;

	unsigned long flags;

	spin_lock_irqsave(&wdev->event_lock, flags);

	while (!list_empty(&wdev->event_list)) {

		ev = list_first_entry(&wdev->event_list,

				      struct cfg80211_event, list);

		list_del(&ev->list);

		spin_unlock_irqrestore(&wdev->event_lock, flags);

		wdev_lock(wdev);

		switch (ev->type) {

		case EVENT_CONNECT_RESULT:

			__cfg80211_connect_result(

				wdev->netdev, ev->cr.bssid,

				ev->cr.req_ie, ev->cr.req_ie_len,

				ev->cr.resp_ie, ev->cr.resp_ie_len,

				ev->cr.status,

				ev->cr.status == WLAN_STATUS_SUCCESS);

			break;

		case EVENT_ROAMED:

			__cfg80211_roamed(wdev, ev->rm.bssid,

					  ev->rm.req_ie, ev->rm.req_ie_len,

					  ev->rm.resp_ie, ev->rm.resp_ie_len);

			break;

		case EVENT_DISCONNECTED:

			__cfg80211_disconnected(wdev->netdev,

						ev->dc.ie, ev->dc.ie_len,

						ev->dc.reason, true);

			break;

		case EVENT_IBSS_JOINED:

			__cfg80211_ibss_joined(wdev->netdev, ev->ij.bssid);

			break;

		}

		wdev_unlock(wdev);

		kfree(ev);

		spin_lock_irqsave(&wdev->event_lock, flags);

	}

	spin_unlock_irqrestore(&wdev->event_lock, flags);

}

static void cfg80211_event_work(struct work_struct *work)

{

	struct cfg80211_registered_device *rdev;

	struct wireless_dev *wdev;

	rdev = container_of(work, struct cfg80211_registered_device,

			    event_work);

	rtnl_lock();

	cfg80211_lock_rdev(rdev);

	mutex_lock(&rdev->devlist_mtx);

	list_for_each_entry(wdev, &rdev->netdev_list, list)

		cfg80211_process_events(wdev);

	mutex_unlock(&rdev->devlist_mtx);

	cfg80211_unlock_rdev(rdev);

	rtnl_unlock();

}

/* exported functions */

struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)

	INIT_LIST_HEAD(&drv->netdev_list);

	spin_lock_init(&drv->bss_lock);

	INIT_LIST_HEAD(&drv->bss_list);

	INIT_WORK(&drv->scan_done_wk, __cfg80211_scan_done);

	device_initialize(&drv->wiphy.dev);

	drv->wiphy.dev.class = &ieee80211_class;

	INIT_WORK(&drv->rfkill_sync, cfg80211_rfkill_sync_work);

	INIT_WORK(&drv->conn_work, cfg80211_conn_work);

	INIT_WORK(&drv->event_work, cfg80211_event_work);

	/*

	 * Initialize wiphy parameters to IEEE 802.11 MIB default values.

	mutex_unlock(&drv->mtx);

	cancel_work_sync(&drv->conn_work);

	cancel_work_sync(&drv->scan_done_wk);

	kfree(drv->scan_req);

	flush_work(&drv->event_work);

	cfg80211_debugfs_drv_del(drv);

	switch (state) {

	case NETDEV_REGISTER:

		mutex_init(&wdev->mtx);

		INIT_LIST_HEAD(&wdev->event_list);

		spin_lock_init(&wdev->event_lock);

		mutex_lock(&rdev->devlist_mtx);

		list_add(&wdev->list, &rdev->netdev_list);

		if (sysfs_create_link(&dev->dev.kobj, &rdev->wiphy.dev.kobj,

			cfg80211_leave_ibss(rdev, dev, true);

			break;

		case NL80211_IFTYPE_STATION:

			wdev_lock(wdev);

#ifdef CONFIG_WIRELESS_EXT

			kfree(wdev->wext.ie);

			wdev->wext.ie = NULL;

			wdev->wext.ie_len = 0;

			wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;

#endif

			cfg80211_disconnect(rdev, dev,

			__cfg80211_disconnect(rdev, dev,

					      WLAN_REASON_DEAUTH_LEAVING, true);

			cfg80211_mlme_down(rdev, dev);

			wdev_unlock(wdev);

			break;

		default:

			break;

		break;

	case NETDEV_UP:

#ifdef CONFIG_WIRELESS_EXT

		cfg80211_lock_rdev(rdev);

		wdev_lock(wdev);

		switch (wdev->iftype) {

		case NL80211_IFTYPE_ADHOC:

			if (wdev->wext.ibss.ssid_len)

				cfg80211_join_ibss(rdev, dev,

				__cfg80211_join_ibss(rdev, dev,

						     &wdev->wext.ibss);

			break;

		case NL80211_IFTYPE_STATION:

			if (wdev->wext.connect.ssid_len)

				cfg80211_connect(rdev, dev,

				__cfg80211_connect(rdev, dev,

						   &wdev->wext.connect);

			break;

		default:

			break;

		}

		wdev_unlock(wdev);

		cfg80211_unlock_rdev(rdev);

#endif

		break;

	case NETDEV_UNREGISTER:

			list_del_init(&wdev->list);

		}

		mutex_unlock(&rdev->devlist_mtx);

		mutex_destroy(&wdev->mtx);

		break;

	case NETDEV_PRE_UP:

		if (rfkill_blocked(rdev->rfkill))