diff options
author | Stanislaw Gruszka <sgruszka@redhat.com> | 2012-03-13 11:11:27 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2012-03-26 15:07:22 -0400 |
commit | 883a649b737cdbe3ede7e50f3f939fd706ed5c4e (patch) | |
tree | 6091c7138144cd252c830c7dd357438c98c4e31c /drivers/net/wireless/iwlegacy | |
parent | 8a78335442cea429afb2b964318b6e257448ea00 (diff) |
iwlegacy: do not nulify il->vif on reset
This il->vif is dereferenced in different part of iwlegacy code, so do
not nullify it. This should fix random crashes observed in companion
with microcode errors i.e. crash in il3945_config_ap().
Additionally this should address also
WARNING: at drivers/net/wireless/iwlegacy/common.c:4656 il_mac_remove_interface
at least one of the possible reasons of that warning.
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/iwlegacy')
-rw-r--r-- | drivers/net/wireless/iwlegacy/3945-mac.c | 2 | ||||
-rw-r--r-- | drivers/net/wireless/iwlegacy/4965-mac.c | 2 | ||||
-rw-r--r-- | drivers/net/wireless/iwlegacy/common.c | 15 |
3 files changed, 12 insertions, 7 deletions
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c index 0c1209390169..faec40467208 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c | |||
@@ -2673,8 +2673,6 @@ il3945_bg_restart(struct work_struct *data) | |||
2673 | 2673 | ||
2674 | if (test_and_clear_bit(S_FW_ERROR, &il->status)) { | 2674 | if (test_and_clear_bit(S_FW_ERROR, &il->status)) { |
2675 | mutex_lock(&il->mutex); | 2675 | mutex_lock(&il->mutex); |
2676 | /* FIXME: vif can be dereferenced */ | ||
2677 | il->vif = NULL; | ||
2678 | il->is_open = 0; | 2676 | il->is_open = 0; |
2679 | mutex_unlock(&il->mutex); | 2677 | mutex_unlock(&il->mutex); |
2680 | il3945_down(il); | 2678 | il3945_down(il); |
diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c index 7b54dbb338be..b88bb2734197 100644 --- a/drivers/net/wireless/iwlegacy/4965-mac.c +++ b/drivers/net/wireless/iwlegacy/4965-mac.c | |||
@@ -5651,8 +5651,6 @@ il4965_bg_restart(struct work_struct *data) | |||
5651 | 5651 | ||
5652 | if (test_and_clear_bit(S_FW_ERROR, &il->status)) { | 5652 | if (test_and_clear_bit(S_FW_ERROR, &il->status)) { |
5653 | mutex_lock(&il->mutex); | 5653 | mutex_lock(&il->mutex); |
5654 | /* FIXME: do we dereference vif without mutex locked ? */ | ||
5655 | il->vif = NULL; | ||
5656 | il->is_open = 0; | 5654 | il->is_open = 0; |
5657 | 5655 | ||
5658 | __il4965_down(il); | 5656 | __il4965_down(il); |
diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c index e5ac04739bcc..6a692a534ffc 100644 --- a/drivers/net/wireless/iwlegacy/common.c +++ b/drivers/net/wireless/iwlegacy/common.c | |||
@@ -4508,6 +4508,7 @@ il_mac_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif) | |||
4508 | { | 4508 | { |
4509 | struct il_priv *il = hw->priv; | 4509 | struct il_priv *il = hw->priv; |
4510 | int err; | 4510 | int err; |
4511 | bool reset; | ||
4511 | 4512 | ||
4512 | mutex_lock(&il->mutex); | 4513 | mutex_lock(&il->mutex); |
4513 | D_MAC80211("enter: type %d, addr %pM\n", vif->type, vif->addr); | 4514 | D_MAC80211("enter: type %d, addr %pM\n", vif->type, vif->addr); |
@@ -4518,7 +4519,12 @@ il_mac_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif) | |||
4518 | goto out; | 4519 | goto out; |
4519 | } | 4520 | } |
4520 | 4521 | ||
4521 | if (il->vif) { | 4522 | /* |
4523 | * We do not support multiple virtual interfaces, but on hardware reset | ||
4524 | * we have to add the same interface again. | ||
4525 | */ | ||
4526 | reset = (il->vif == vif); | ||
4527 | if (il->vif && !reset) { | ||
4522 | err = -EOPNOTSUPP; | 4528 | err = -EOPNOTSUPP; |
4523 | goto out; | 4529 | goto out; |
4524 | } | 4530 | } |
@@ -4528,8 +4534,11 @@ il_mac_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif) | |||
4528 | 4534 | ||
4529 | err = il_set_mode(il); | 4535 | err = il_set_mode(il); |
4530 | if (err) { | 4536 | if (err) { |
4531 | il->vif = NULL; | 4537 | IL_WARN("Fail to set mode %d\n", vif->type); |
4532 | il->iw_mode = NL80211_IFTYPE_STATION; | 4538 | if (!reset) { |
4539 | il->vif = NULL; | ||
4540 | il->iw_mode = NL80211_IFTYPE_STATION; | ||
4541 | } | ||
4533 | } | 4542 | } |
4534 | 4543 | ||
4535 | out: | 4544 | out: |