aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-05-15 15:01:59 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-05-15 15:02:06 -0400
commit3346857f6fab1d6d1237a3ec7cfa159ec9b52db5 (patch)
tree9468318835176cdb6e51a8ec4c8c87340c080611 /drivers/net
parent5d41343ac88eeddd25dc4ffb7050c9095c41a70d (diff)
parent542cc7937e6af73cb2edc455a0e456d22e254abb (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6: iwlwifi: fix device id registration for 6000 series 2x2 devices ath5k: update channel in sw state after stopping RX and TX rtl8187: use DMA-aware buffers with usb_control_msg mac80211: avoid NULL ptr deref when finding max_rates in PID and minstrel airo: airo_get_encode{,ext} potential buffer overflow Pulled directly by Linus because Davem is off playing shuffle-board at some Alaskan cruise, and the NULL ptr deref issue hits people and should get merged sooner rather than later. David - make us proud on the shuffle-board tournament!
Diffstat (limited to 'drivers/net')
-rw-r--r--drivers/net/wireless/airo.c10
-rw-r--r--drivers/net/wireless/ath5k/base.c22
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-6000.c8
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-agn.c2
-rw-r--r--drivers/net/wireless/rtl818x/rtl8187.h57
-rw-r--r--drivers/net/wireless/rtl818x/rtl8187_dev.c13
-rw-r--r--drivers/net/wireless/rtl818x/rtl8187_rtl8225.c8
7 files changed, 89 insertions, 31 deletions
diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
index c36d3a3d655f..d73475739127 100644
--- a/drivers/net/wireless/airo.c
+++ b/drivers/net/wireless/airo.c
@@ -6501,7 +6501,10 @@ static int airo_get_encode(struct net_device *dev,
6501 6501
6502 /* Copy the key to the user buffer */ 6502 /* Copy the key to the user buffer */
6503 dwrq->length = get_wep_key(local, index, &buf[0], sizeof(buf)); 6503 dwrq->length = get_wep_key(local, index, &buf[0], sizeof(buf));
6504 memcpy(extra, buf, dwrq->length); 6504 if (dwrq->length != -1)
6505 memcpy(extra, buf, dwrq->length);
6506 else
6507 dwrq->length = 0;
6505 6508
6506 return 0; 6509 return 0;
6507} 6510}
@@ -6659,7 +6662,10 @@ static int airo_get_encodeext(struct net_device *dev,
6659 6662
6660 /* Copy the key to the user buffer */ 6663 /* Copy the key to the user buffer */
6661 ext->key_len = get_wep_key(local, idx, &buf[0], sizeof(buf)); 6664 ext->key_len = get_wep_key(local, idx, &buf[0], sizeof(buf));
6662 memcpy(extra, buf, ext->key_len); 6665 if (ext->key_len != -1)
6666 memcpy(extra, buf, ext->key_len);
6667 else
6668 ext->key_len = 0;
6663 6669
6664 return 0; 6670 return 0;
6665} 6671}
diff --git a/drivers/net/wireless/ath5k/base.c b/drivers/net/wireless/ath5k/base.c
index a08bc8a4fb69..32df27a9c7a2 100644
--- a/drivers/net/wireless/ath5k/base.c
+++ b/drivers/net/wireless/ath5k/base.c
@@ -214,7 +214,7 @@ static struct pci_driver ath5k_pci_driver = {
214 * Prototypes - MAC 802.11 stack related functions 214 * Prototypes - MAC 802.11 stack related functions
215 */ 215 */
216static int ath5k_tx(struct ieee80211_hw *hw, struct sk_buff *skb); 216static int ath5k_tx(struct ieee80211_hw *hw, struct sk_buff *skb);
217static int ath5k_reset(struct ath5k_softc *sc, bool stop, bool change_channel); 217static int ath5k_reset(struct ath5k_softc *sc, struct ieee80211_channel *chan);
218static int ath5k_reset_wake(struct ath5k_softc *sc); 218static int ath5k_reset_wake(struct ath5k_softc *sc);
219static int ath5k_start(struct ieee80211_hw *hw); 219static int ath5k_start(struct ieee80211_hw *hw);
220static void ath5k_stop(struct ieee80211_hw *hw); 220static void ath5k_stop(struct ieee80211_hw *hw);
@@ -1038,16 +1038,13 @@ ath5k_chan_set(struct ath5k_softc *sc, struct ieee80211_channel *chan)
1038 if (chan->center_freq != sc->curchan->center_freq || 1038 if (chan->center_freq != sc->curchan->center_freq ||
1039 chan->hw_value != sc->curchan->hw_value) { 1039 chan->hw_value != sc->curchan->hw_value) {
1040 1040
1041 sc->curchan = chan;
1042 sc->curband = &sc->sbands[chan->band];
1043
1044 /* 1041 /*
1045 * To switch channels clear any pending DMA operations; 1042 * To switch channels clear any pending DMA operations;
1046 * wait long enough for the RX fifo to drain, reset the 1043 * wait long enough for the RX fifo to drain, reset the
1047 * hardware at the new frequency, and then re-enable 1044 * hardware at the new frequency, and then re-enable
1048 * the relevant bits of the h/w. 1045 * the relevant bits of the h/w.
1049 */ 1046 */
1050 return ath5k_reset(sc, true, true); 1047 return ath5k_reset(sc, chan);
1051 } 1048 }
1052 1049
1053 return 0; 1050 return 0;
@@ -2314,7 +2311,7 @@ ath5k_init(struct ath5k_softc *sc)
2314 sc->imask = AR5K_INT_RXOK | AR5K_INT_RXERR | AR5K_INT_RXEOL | 2311 sc->imask = AR5K_INT_RXOK | AR5K_INT_RXERR | AR5K_INT_RXEOL |
2315 AR5K_INT_RXORN | AR5K_INT_TXDESC | AR5K_INT_TXEOL | 2312 AR5K_INT_RXORN | AR5K_INT_TXDESC | AR5K_INT_TXEOL |
2316 AR5K_INT_FATAL | AR5K_INT_GLOBAL; 2313 AR5K_INT_FATAL | AR5K_INT_GLOBAL;
2317 ret = ath5k_reset(sc, false, false); 2314 ret = ath5k_reset(sc, NULL);
2318 if (ret) 2315 if (ret)
2319 goto done; 2316 goto done;
2320 2317
@@ -2599,18 +2596,25 @@ drop_packet:
2599 return NETDEV_TX_OK; 2596 return NETDEV_TX_OK;
2600} 2597}
2601 2598
2599/*
2600 * Reset the hardware. If chan is not NULL, then also pause rx/tx
2601 * and change to the given channel.
2602 */
2602static int 2603static int
2603ath5k_reset(struct ath5k_softc *sc, bool stop, bool change_channel) 2604ath5k_reset(struct ath5k_softc *sc, struct ieee80211_channel *chan)
2604{ 2605{
2605 struct ath5k_hw *ah = sc->ah; 2606 struct ath5k_hw *ah = sc->ah;
2606 int ret; 2607 int ret;
2607 2608
2608 ATH5K_DBG(sc, ATH5K_DEBUG_RESET, "resetting\n"); 2609 ATH5K_DBG(sc, ATH5K_DEBUG_RESET, "resetting\n");
2609 2610
2610 if (stop) { 2611 if (chan) {
2611 ath5k_hw_set_imr(ah, 0); 2612 ath5k_hw_set_imr(ah, 0);
2612 ath5k_txq_cleanup(sc); 2613 ath5k_txq_cleanup(sc);
2613 ath5k_rx_stop(sc); 2614 ath5k_rx_stop(sc);
2615
2616 sc->curchan = chan;
2617 sc->curband = &sc->sbands[chan->band];
2614 } 2618 }
2615 ret = ath5k_hw_reset(ah, sc->opmode, sc->curchan, true); 2619 ret = ath5k_hw_reset(ah, sc->opmode, sc->curchan, true);
2616 if (ret) { 2620 if (ret) {
@@ -2648,7 +2652,7 @@ ath5k_reset_wake(struct ath5k_softc *sc)
2648{ 2652{
2649 int ret; 2653 int ret;
2650 2654
2651 ret = ath5k_reset(sc, true, true); 2655 ret = ath5k_reset(sc, sc->curchan);
2652 if (!ret) 2656 if (!ret)
2653 ieee80211_wake_queues(sc->hw); 2657 ieee80211_wake_queues(sc->hw);
2654 2658
diff --git a/drivers/net/wireless/iwlwifi/iwl-6000.c b/drivers/net/wireless/iwlwifi/iwl-6000.c
index edfa5e149f71..bd438d8acf55 100644
--- a/drivers/net/wireless/iwlwifi/iwl-6000.c
+++ b/drivers/net/wireless/iwlwifi/iwl-6000.c
@@ -101,8 +101,8 @@ struct iwl_cfg iwl6000_2agn_cfg = {
101 .eeprom_ver = EEPROM_5000_EEPROM_VERSION, 101 .eeprom_ver = EEPROM_5000_EEPROM_VERSION,
102 .eeprom_calib_ver = EEPROM_5000_TX_POWER_VERSION, 102 .eeprom_calib_ver = EEPROM_5000_TX_POWER_VERSION,
103 .mod_params = &iwl50_mod_params, 103 .mod_params = &iwl50_mod_params,
104 .valid_tx_ant = ANT_BC, 104 .valid_tx_ant = ANT_AB,
105 .valid_rx_ant = ANT_BC, 105 .valid_rx_ant = ANT_AB,
106 .need_pll_cfg = false, 106 .need_pll_cfg = false,
107}; 107};
108 108
@@ -117,8 +117,8 @@ struct iwl_cfg iwl6050_2agn_cfg = {
117 .eeprom_ver = EEPROM_5000_EEPROM_VERSION, 117 .eeprom_ver = EEPROM_5000_EEPROM_VERSION,
118 .eeprom_calib_ver = EEPROM_5000_TX_POWER_VERSION, 118 .eeprom_calib_ver = EEPROM_5000_TX_POWER_VERSION,
119 .mod_params = &iwl50_mod_params, 119 .mod_params = &iwl50_mod_params,
120 .valid_tx_ant = ANT_BC, 120 .valid_tx_ant = ANT_AB,
121 .valid_rx_ant = ANT_BC, 121 .valid_rx_ant = ANT_AB,
122 .need_pll_cfg = false, 122 .need_pll_cfg = false,
123}; 123};
124 124
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn.c b/drivers/net/wireless/iwlwifi/iwl-agn.c
index 1ef4192207a5..3bb28db4a40f 100644
--- a/drivers/net/wireless/iwlwifi/iwl-agn.c
+++ b/drivers/net/wireless/iwlwifi/iwl-agn.c
@@ -3636,7 +3636,9 @@ static struct pci_device_id iwl_hw_card_ids[] = {
3636 {IWL_PCI_DEVICE(0x0085, 0x1112, iwl6000_2ag_cfg)}, 3636 {IWL_PCI_DEVICE(0x0085, 0x1112, iwl6000_2ag_cfg)},
3637 {IWL_PCI_DEVICE(0x0082, 0x1122, iwl6000_2ag_cfg)}, 3637 {IWL_PCI_DEVICE(0x0082, 0x1122, iwl6000_2ag_cfg)},
3638 {IWL_PCI_DEVICE(0x422B, PCI_ANY_ID, iwl6000_3agn_cfg)}, 3638 {IWL_PCI_DEVICE(0x422B, PCI_ANY_ID, iwl6000_3agn_cfg)},
3639 {IWL_PCI_DEVICE(0x422C, PCI_ANY_ID, iwl6000_2agn_cfg)},
3639 {IWL_PCI_DEVICE(0x4238, PCI_ANY_ID, iwl6000_3agn_cfg)}, 3640 {IWL_PCI_DEVICE(0x4238, PCI_ANY_ID, iwl6000_3agn_cfg)},
3641 {IWL_PCI_DEVICE(0x4239, PCI_ANY_ID, iwl6000_2agn_cfg)},
3640 {IWL_PCI_DEVICE(0x0082, PCI_ANY_ID, iwl6000_2agn_cfg)}, 3642 {IWL_PCI_DEVICE(0x0082, PCI_ANY_ID, iwl6000_2agn_cfg)},
3641 {IWL_PCI_DEVICE(0x0085, PCI_ANY_ID, iwl6000_3agn_cfg)}, 3643 {IWL_PCI_DEVICE(0x0085, PCI_ANY_ID, iwl6000_3agn_cfg)},
3642 {IWL_PCI_DEVICE(0x0086, PCI_ANY_ID, iwl6050_3agn_cfg)}, 3644 {IWL_PCI_DEVICE(0x0086, PCI_ANY_ID, iwl6050_3agn_cfg)},
diff --git a/drivers/net/wireless/rtl818x/rtl8187.h b/drivers/net/wireless/rtl818x/rtl8187.h
index 9718f61809cf..edeff82a4d06 100644
--- a/drivers/net/wireless/rtl818x/rtl8187.h
+++ b/drivers/net/wireless/rtl818x/rtl8187.h
@@ -120,6 +120,12 @@ struct rtl8187_priv {
120 __le64 buf; 120 __le64 buf;
121 struct sk_buff_head queue; 121 struct sk_buff_head queue;
122 } b_tx_status; /* This queue is used by both -b and non-b devices */ 122 } b_tx_status; /* This queue is used by both -b and non-b devices */
123 struct mutex io_mutex;
124 union {
125 u8 bits8;
126 __le16 bits16;
127 __le32 bits32;
128 } *io_dmabuf;
123}; 129};
124 130
125void rtl8187_write_phy(struct ieee80211_hw *dev, u8 addr, u32 data); 131void rtl8187_write_phy(struct ieee80211_hw *dev, u8 addr, u32 data);
@@ -129,10 +135,14 @@ static inline u8 rtl818x_ioread8_idx(struct rtl8187_priv *priv,
129{ 135{
130 u8 val; 136 u8 val;
131 137
138 mutex_lock(&priv->io_mutex);
132 usb_control_msg(priv->udev, usb_rcvctrlpipe(priv->udev, 0), 139 usb_control_msg(priv->udev, usb_rcvctrlpipe(priv->udev, 0),
133 RTL8187_REQ_GET_REG, RTL8187_REQT_READ, 140 RTL8187_REQ_GET_REG, RTL8187_REQT_READ,
134 (unsigned long)addr, idx & 0x03, &val, 141 (unsigned long)addr, idx & 0x03,
135 sizeof(val), HZ / 2); 142 &priv->io_dmabuf->bits8, sizeof(val), HZ / 2);
143
144 val = priv->io_dmabuf->bits8;
145 mutex_unlock(&priv->io_mutex);
136 146
137 return val; 147 return val;
138} 148}
@@ -147,10 +157,14 @@ static inline u16 rtl818x_ioread16_idx(struct rtl8187_priv *priv,
147{ 157{
148 __le16 val; 158 __le16 val;
149 159
160 mutex_lock(&priv->io_mutex);
150 usb_control_msg(priv->udev, usb_rcvctrlpipe(priv->udev, 0), 161 usb_control_msg(priv->udev, usb_rcvctrlpipe(priv->udev, 0),
151 RTL8187_REQ_GET_REG, RTL8187_REQT_READ, 162 RTL8187_REQ_GET_REG, RTL8187_REQT_READ,
152 (unsigned long)addr, idx & 0x03, &val, 163 (unsigned long)addr, idx & 0x03,
153 sizeof(val), HZ / 2); 164 &priv->io_dmabuf->bits16, sizeof(val), HZ / 2);
165
166 val = priv->io_dmabuf->bits16;
167 mutex_unlock(&priv->io_mutex);
154 168
155 return le16_to_cpu(val); 169 return le16_to_cpu(val);
156} 170}
@@ -165,10 +179,14 @@ static inline u32 rtl818x_ioread32_idx(struct rtl8187_priv *priv,
165{ 179{
166 __le32 val; 180 __le32 val;
167 181
182 mutex_lock(&priv->io_mutex);
168 usb_control_msg(priv->udev, usb_rcvctrlpipe(priv->udev, 0), 183 usb_control_msg(priv->udev, usb_rcvctrlpipe(priv->udev, 0),
169 RTL8187_REQ_GET_REG, RTL8187_REQT_READ, 184 RTL8187_REQ_GET_REG, RTL8187_REQT_READ,
170 (unsigned long)addr, idx & 0x03, &val, 185 (unsigned long)addr, idx & 0x03,
171 sizeof(val), HZ / 2); 186 &priv->io_dmabuf->bits32, sizeof(val), HZ / 2);
187
188 val = priv->io_dmabuf->bits32;
189 mutex_unlock(&priv->io_mutex);
172 190
173 return le32_to_cpu(val); 191 return le32_to_cpu(val);
174} 192}
@@ -181,10 +199,15 @@ static inline u32 rtl818x_ioread32(struct rtl8187_priv *priv, __le32 *addr)
181static inline void rtl818x_iowrite8_idx(struct rtl8187_priv *priv, 199static inline void rtl818x_iowrite8_idx(struct rtl8187_priv *priv,
182 u8 *addr, u8 val, u8 idx) 200 u8 *addr, u8 val, u8 idx)
183{ 201{
202 mutex_lock(&priv->io_mutex);
203
204 priv->io_dmabuf->bits8 = val;
184 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0), 205 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0),
185 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE, 206 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE,
186 (unsigned long)addr, idx & 0x03, &val, 207 (unsigned long)addr, idx & 0x03,
187 sizeof(val), HZ / 2); 208 &priv->io_dmabuf->bits8, sizeof(val), HZ / 2);
209
210 mutex_unlock(&priv->io_mutex);
188} 211}
189 212
190static inline void rtl818x_iowrite8(struct rtl8187_priv *priv, u8 *addr, u8 val) 213static inline void rtl818x_iowrite8(struct rtl8187_priv *priv, u8 *addr, u8 val)
@@ -195,12 +218,15 @@ static inline void rtl818x_iowrite8(struct rtl8187_priv *priv, u8 *addr, u8 val)
195static inline void rtl818x_iowrite16_idx(struct rtl8187_priv *priv, 218static inline void rtl818x_iowrite16_idx(struct rtl8187_priv *priv,
196 __le16 *addr, u16 val, u8 idx) 219 __le16 *addr, u16 val, u8 idx)
197{ 220{
198 __le16 buf = cpu_to_le16(val); 221 mutex_lock(&priv->io_mutex);
199 222
223 priv->io_dmabuf->bits16 = cpu_to_le16(val);
200 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0), 224 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0),
201 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE, 225 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE,
202 (unsigned long)addr, idx & 0x03, &buf, sizeof(buf), 226 (unsigned long)addr, idx & 0x03,
203 HZ / 2); 227 &priv->io_dmabuf->bits16, sizeof(val), HZ / 2);
228
229 mutex_unlock(&priv->io_mutex);
204} 230}
205 231
206static inline void rtl818x_iowrite16(struct rtl8187_priv *priv, __le16 *addr, 232static inline void rtl818x_iowrite16(struct rtl8187_priv *priv, __le16 *addr,
@@ -212,12 +238,15 @@ static inline void rtl818x_iowrite16(struct rtl8187_priv *priv, __le16 *addr,
212static inline void rtl818x_iowrite32_idx(struct rtl8187_priv *priv, 238static inline void rtl818x_iowrite32_idx(struct rtl8187_priv *priv,
213 __le32 *addr, u32 val, u8 idx) 239 __le32 *addr, u32 val, u8 idx)
214{ 240{
215 __le32 buf = cpu_to_le32(val); 241 mutex_lock(&priv->io_mutex);
216 242
243 priv->io_dmabuf->bits32 = cpu_to_le32(val);
217 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0), 244 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0),
218 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE, 245 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE,
219 (unsigned long)addr, idx & 0x03, &buf, sizeof(buf), 246 (unsigned long)addr, idx & 0x03,
220 HZ / 2); 247 &priv->io_dmabuf->bits32, sizeof(val), HZ / 2);
248
249 mutex_unlock(&priv->io_mutex);
221} 250}
222 251
223static inline void rtl818x_iowrite32(struct rtl8187_priv *priv, __le32 *addr, 252static inline void rtl818x_iowrite32(struct rtl8187_priv *priv, __le32 *addr,
diff --git a/drivers/net/wireless/rtl818x/rtl8187_dev.c b/drivers/net/wireless/rtl818x/rtl8187_dev.c
index fd81884b9c7d..bac6cfba6abd 100644
--- a/drivers/net/wireless/rtl818x/rtl8187_dev.c
+++ b/drivers/net/wireless/rtl818x/rtl8187_dev.c
@@ -1329,6 +1329,14 @@ static int __devinit rtl8187_probe(struct usb_interface *intf,
1329 priv = dev->priv; 1329 priv = dev->priv;
1330 priv->is_rtl8187b = (id->driver_info == DEVICE_RTL8187B); 1330 priv->is_rtl8187b = (id->driver_info == DEVICE_RTL8187B);
1331 1331
1332 /* allocate "DMA aware" buffer for register accesses */
1333 priv->io_dmabuf = kmalloc(sizeof(*priv->io_dmabuf), GFP_KERNEL);
1334 if (!priv->io_dmabuf) {
1335 err = -ENOMEM;
1336 goto err_free_dev;
1337 }
1338 mutex_init(&priv->io_mutex);
1339
1332 SET_IEEE80211_DEV(dev, &intf->dev); 1340 SET_IEEE80211_DEV(dev, &intf->dev);
1333 usb_set_intfdata(intf, dev); 1341 usb_set_intfdata(intf, dev);
1334 priv->udev = udev; 1342 priv->udev = udev;
@@ -1495,7 +1503,7 @@ static int __devinit rtl8187_probe(struct usb_interface *intf,
1495 err = ieee80211_register_hw(dev); 1503 err = ieee80211_register_hw(dev);
1496 if (err) { 1504 if (err) {
1497 printk(KERN_ERR "rtl8187: Cannot register device\n"); 1505 printk(KERN_ERR "rtl8187: Cannot register device\n");
1498 goto err_free_dev; 1506 goto err_free_dmabuf;
1499 } 1507 }
1500 mutex_init(&priv->conf_mutex); 1508 mutex_init(&priv->conf_mutex);
1501 skb_queue_head_init(&priv->b_tx_status.queue); 1509 skb_queue_head_init(&priv->b_tx_status.queue);
@@ -1506,6 +1514,8 @@ static int __devinit rtl8187_probe(struct usb_interface *intf,
1506 1514
1507 return 0; 1515 return 0;
1508 1516
1517 err_free_dmabuf:
1518 kfree(priv->io_dmabuf);
1509 err_free_dev: 1519 err_free_dev:
1510 ieee80211_free_hw(dev); 1520 ieee80211_free_hw(dev);
1511 usb_set_intfdata(intf, NULL); 1521 usb_set_intfdata(intf, NULL);
@@ -1526,6 +1536,7 @@ static void __devexit rtl8187_disconnect(struct usb_interface *intf)
1526 priv = dev->priv; 1536 priv = dev->priv;
1527 usb_reset_device(priv->udev); 1537 usb_reset_device(priv->udev);
1528 usb_put_dev(interface_to_usbdev(intf)); 1538 usb_put_dev(interface_to_usbdev(intf));
1539 kfree(priv->io_dmabuf);
1529 ieee80211_free_hw(dev); 1540 ieee80211_free_hw(dev);
1530} 1541}
1531 1542
diff --git a/drivers/net/wireless/rtl818x/rtl8187_rtl8225.c b/drivers/net/wireless/rtl818x/rtl8187_rtl8225.c
index 78df281b297a..a09819386a1e 100644
--- a/drivers/net/wireless/rtl818x/rtl8187_rtl8225.c
+++ b/drivers/net/wireless/rtl818x/rtl8187_rtl8225.c
@@ -88,9 +88,15 @@ static void rtl8225_write_8051(struct ieee80211_hw *dev, u8 addr, __le16 data)
88 rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, reg80); 88 rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, reg80);
89 udelay(10); 89 udelay(10);
90 90
91 mutex_lock(&priv->io_mutex);
92
93 priv->io_dmabuf->bits16 = data;
91 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0), 94 usb_control_msg(priv->udev, usb_sndctrlpipe(priv->udev, 0),
92 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE, 95 RTL8187_REQ_SET_REG, RTL8187_REQT_WRITE,
93 addr, 0x8225, &data, sizeof(data), HZ / 2); 96 addr, 0x8225, &priv->io_dmabuf->bits16, sizeof(data),
97 HZ / 2);
98
99 mutex_unlock(&priv->io_mutex);
94 100
95 rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, reg80 | (1 << 2)); 101 rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, reg80 | (1 << 2));
96 udelay(10); 102 udelay(10);