mwifiex: do not release lock during list_for_each_entry_safe()

As we are releasing the lock, during next iteration we may end
up getting page fault if other thread has already deleted that
node.

Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/mwifiex/cmdevt.c b/drivers/net/wireless/mwifiex/cmdevt.c
index 8559720..946a2f7 100644 (file)
--- a/drivers/net/wireless/mwifiex/cmdevt.c
+++ b/drivers/net/wireless/mwifiex/cmdevt.c
@@ -1008,11 +1008,9 @@ mwifiex_cancel_all_pending_cmd(struct mwifiex_adapter *adapter)
        list_for_each_entry_safe(cmd_node, tmp_node,
                                 &adapter->scan_pending_q, list) {
                list_del(&cmd_node->list);
-               spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
 
                cmd_node->wait_q_enabled = false;
                mwifiex_insert_cmd_to_free_q(adapter, cmd_node);
-               spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
        }
        spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
 
@@ -1070,12 +1068,8 @@ mwifiex_cancel_pending_ioctl(struct mwifiex_adapter *adapter)
        list_for_each_entry_safe(cmd_node, tmp_node,
                                 &adapter->scan_pending_q, list) {
                list_del(&cmd_node->list);
-               spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
-                                      scan_pending_q_flags);
                cmd_node->wait_q_enabled = false;
                mwifiex_insert_cmd_to_free_q(adapter, cmd_node);
-               spin_lock_irqsave(&adapter->scan_pending_q_lock,
-                                 scan_pending_q_flags);
        }
        spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
                               scan_pending_q_flags);