iwlwifi: remove CMD_WANT_SKB flag if send_cmd_sync failure

In function iwl_send_cmd_sync(), if the flag CMD_WANT_SKB is set but we are not provided with a valid SKB (cmd->meta.u.skb == NULL), we need to remove the CMD_WANT_SKB flag from the TX cmd queue. Otherwise in case the cmd comes in later, it will possibly set an invalid address. Thus it causes an invalid memory access. This fixed the bug http://bugzilla.kernel.org/show_bug.cgi?id=11326. Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Zhu Yi <yi.zhu@intel.com> 2009-01-08 13:19:58 -0500
committer: John W. Linville <linville@tuxdriver.com> 2009-01-16 17:08:23 -0500
commit: 73e1a65d3c4a013f6fa56e47133be95143a75fe3 (patch)
tree: 825a40a62522c5571f0c617bae95c4230dc60b6b
parent: 9d97f2e55e3df44e3b6b4cc58b091501ba7ee0ac (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/wireless/iwlwifi/iwl-hcmd.c b/drivers/net/wireless/iwlwifi/iwl-hcmd.c
index 8c71ad4f88c5..4b35b30e493e 100644
--- a/drivers/net/wireless/iwlwifi/iwl-hcmd.c
+++ b/drivers/net/wireless/iwlwifi/iwl-hcmd.c
@@ -224,7 +224,7 @@ int iwl_send_cmd_sync(struct iwl_priv *priv, struct iwl_host_cmd *cmd)
                IWL_ERROR("Error: Response NULL in '%s'\n",
                          get_cmd_string(cmd->id));
                ret = -EIO;
-                goto out;
+                goto cancel;
        }
        ret = 0;
diff --git a/drivers/net/wireless/iwlwifi/iwl3945-base.c b/drivers/net/wireless/iwlwifi/iwl3945-base.c
index d64580805d6e..15f5655c636e 100644
--- a/drivers/net/wireless/iwlwifi/iwl3945-base.c
+++ b/drivers/net/wireless/iwlwifi/iwl3945-base.c
@@ -745,7 +745,7 @@ static int iwl3945_send_cmd_sync(struct iwl3945_priv *priv, struct iwl3945_host_
                IWL_ERROR("Error: Response NULL in '%s'\n",
                          get_cmd_string(cmd->id));
                ret = -EIO;
-                goto out;
+                goto cancel;
        }
        ret = 0;
author	Zhu Yi <yi.zhu@intel.com>	2009-01-08 13:19:58 -0500
committer	John W. Linville <linville@tuxdriver.com>	2009-01-16 17:08:23 -0500
commit	73e1a65d3c4a013f6fa56e47133be95143a75fe3 (patch)
tree	825a40a62522c5571f0c617bae95c4230dc60b6b
parent	9d97f2e55e3df44e3b6b4cc58b091501ba7ee0ac (diff)

diff --git a/drivers/net/wireless/iwlwifi/iwl-hcmd.c b/drivers/net/wireless/iwlwifi/iwl-hcmd.c index 8c71ad4f88c5..4b35b30e493e 100644 --- a/drivers/net/wireless/iwlwifi/iwl-hcmd.c +++ b/drivers/net/wireless/iwlwifi/iwl-hcmd.c
@@ -224,7 +224,7 @@ int iwl_send_cmd_sync(struct iwl_priv priv, struct iwl_host_cmd cmd)
224	IWL_ERROR("Error: Response NULL in '%s'\n",	224	IWL_ERROR("Error: Response NULL in '%s'\n",
225	get_cmd_string(cmd->id));	225	get_cmd_string(cmd->id));
226	ret = -EIO;	226	ret = -EIO;
227	goto out;	227	goto cancel;
228	}	228	}
229		229
230	ret = 0;	230	ret = 0;


diff --git a/drivers/net/wireless/iwlwifi/iwl3945-base.c b/drivers/net/wireless/iwlwifi/iwl3945-base.c index d64580805d6e..15f5655c636e 100644 --- a/drivers/net/wireless/iwlwifi/iwl3945-base.c +++ b/drivers/net/wireless/iwlwifi/iwl3945-base.c
@@ -745,7 +745,7 @@ static int iwl3945_send_cmd_sync(struct iwl3945_priv *priv, struct iwl3945_host_
745	IWL_ERROR("Error: Response NULL in '%s'\n",	745	IWL_ERROR("Error: Response NULL in '%s'\n",
746	get_cmd_string(cmd->id));	746	get_cmd_string(cmd->id));
747	ret = -EIO;	747	ret = -EIO;
748	goto out;	748	goto cancel;
749	}	749	}
750		750
751	ret = 0;	751	ret = 0;