mac80211: make scan_sdata pointer usable with RCU

	unsigned long leave_oper_channel_time;

	enum mac80211_scan_state next_scan_state;

	struct delayed_work scan_work;

	struct ieee80211_sub_if_data *scan_sdata;

	struct ieee80211_sub_if_data __rcu *scan_sdata;

	enum nl80211_channel_type _oper_channel_type;

	struct ieee80211_channel *oper_channel, *csa_channel;

		}

	}

	if (local->scan_sdata &&

	    !(local->hw.flags & IEEE80211_HW_SCAN_WHILE_IDLE)) {

	sdata = rcu_dereference_protected(local->scan_sdata,

					  lockdep_is_held(&local->mtx));

	if (sdata && !(local->hw.flags & IEEE80211_HW_SCAN_WHILE_IDLE)) {

		scanning = true;

		local->scan_sdata->vif.bss_conf.idle = false;

		sdata->vif.bss_conf.idle = false;

	}

	list_for_each_entry(sdata, &local->interfaces, list) {

	clear_bit(SDATA_STATE_RUNNING, &sdata->state);

	if (local->scan_sdata == sdata)

	if (rcu_access_pointer(local->scan_sdata) == sdata)

		ieee80211_scan_cancel(local);

	/*

		return;

	if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {

		int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req);

		int rc;

		rc = drv_hw_scan(local,

			rcu_dereference_protected(local->scan_sdata,

						  lockdep_is_held(&local->mtx)),

			local->hw_scan_req);

		if (rc == 0)

			return;

	}

	if (!local->scan_req || local->scanning)

		return;

	if (!ieee80211_can_scan(local, local->scan_sdata))

	if (!ieee80211_can_scan(local,

				rcu_dereference_protected(

					local->scan_sdata,

					lockdep_is_held(&local->mtx))))

		return;

	ieee80211_queue_delayed_work(&local->hw, &local->scan_work,

					    unsigned long *next_delay)

{

	int i;

	struct ieee80211_sub_if_data *sdata = local->scan_sdata;

	struct ieee80211_sub_if_data *sdata;

	enum ieee80211_band band = local->hw.conf.channel->band;

	sdata = rcu_dereference_protected(local->scan_sdata,

					  lockdep_is_held(&local->mtx));;

	for (i = 0; i < local->scan_req->n_ssids; i++)

		ieee80211_send_probe_req(

			sdata, NULL,

	if (!ieee80211_can_scan(local, sdata)) {

		/* wait for the work to finish/time out */

		local->scan_req = req;

		local->scan_sdata = sdata;

		rcu_assign_pointer(local->scan_sdata, sdata);

		return 0;

	}

	}

	local->scan_req = req;

	local->scan_sdata = sdata;

	rcu_assign_pointer(local->scan_sdata, sdata);

	if (local->ops->hw_scan) {

		__set_bit(SCAN_HW_SCANNING, &local->scanning);

		ieee80211_recalc_idle(local);

		local->scan_req = NULL;

		local->scan_sdata = NULL;

		rcu_assign_pointer(local->scan_sdata, NULL);

	}

	return rc;

	mutex_lock(&local->mtx);

	sdata = local->scan_sdata;

	sdata = rcu_dereference_protected(local->scan_sdata,

					  lockdep_is_held(&local->mtx));

	/* When scanning on-channel, the first-callback means completed. */

	if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) {

		int rc;

		local->scan_req = NULL;

		local->scan_sdata = NULL;

		rcu_assign_pointer(local->scan_sdata, NULL);

		rc = __ieee80211_start_scan(sdata, req);

		if (rc) {

	if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {

		if (local->ops->cancel_hw_scan)

			drv_cancel_hw_scan(local, local->scan_sdata);

			drv_cancel_hw_scan(local,

				rcu_dereference_protected(local->scan_sdata,

						lockdep_is_held(&local->mtx)));

		goto out;

	}