--- a/net80211/ieee80211_proto.c +++ b/net80211/ieee80211_proto.c @@ -1415,7 +1415,8 @@ __ieee80211_newstate(struct ieee80211vap vap->iv_state = nstate; /* state transition */ del_timer(&vap->iv_mgtsend); if ((vap->iv_opmode != IEEE80211_M_HOSTAP) && - (ostate != IEEE80211_S_SCAN)) + (ostate != IEEE80211_S_SCAN) && + !(vap->iv_flags_ext & IEEE80211_FEXT_SCAN_PENDING)) ieee80211_cancel_scan(vap); /* background scan */ ni = vap->iv_bss; /* NB: no reference held */ switch (nstate) { @@ -1457,7 +1458,8 @@ __ieee80211_newstate(struct ieee80211vap } goto reset; case IEEE80211_S_SCAN: - ieee80211_cancel_scan(vap); + if (!(vap->iv_flags_ext & IEEE80211_FEXT_SCAN_PENDING)) + ieee80211_cancel_scan(vap); goto reset; reset: ieee80211_reset_bss(vap); @@ -1995,7 +1997,9 @@ ieee80211_newstate(struct ieee80211vap * } } } - } else if (dstate == IEEE80211_S_SCAN) { + } else if ((dstate == IEEE80211_S_SCAN) || + (dstate == IEEE80211_S_AUTH) || + (dstate == IEEE80211_S_ASSOC)) { /* Force to scan pending... someone is scanning */ vap->iv_flags_ext |= IEEE80211_FEXT_SCAN_PENDING; __ieee80211_newstate(vap, IEEE80211_S_INIT, arg); --- a/net80211/ieee80211_output.c +++ b/net80211/ieee80211_output.c @@ -238,7 +238,9 @@ ieee80211_hardstart(struct sk_buff *skb, } /* Cancel any running BG scan */ - if (!(ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN_THR) && (vap->iv_state == IEEE80211_S_RUN)) + if (!(ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN_THR) && + (vap->iv_state == IEEE80211_S_RUN) && + (ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN)) ieee80211_cancel_scan(vap); /* --- a/net80211/ieee80211_wireless.c +++ b/net80211/ieee80211_wireless.c @@ -2728,9 +2728,9 @@ ieee80211_ioctl_setparam(struct net_devi return -EINVAL; vap->iv_flags |= IEEE80211_F_BGSCAN; } else { - /* XXX racey? */ + if (ic->ic_flags_ext & IEEE80211_FEXT_BGSCAN) + ieee80211_cancel_scan(vap); /* anything current */ vap->iv_flags &= ~IEEE80211_F_BGSCAN; - ieee80211_cancel_scan(vap); /* anything current */ } break; case IEEE80211_PARAM_BGSCAN_IDLE: