diff options
| author | Amitkumar Karwar <akarwar@marvell.com> | 2013-11-14 22:10:38 -0500 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2013-11-15 14:29:31 -0500 |
| commit | bec568ff51078276109e21b5521829e2dd60a7fa (patch) | |
| tree | 146e3c17d648eb70d375bff711903c1e6634c3d5 /drivers | |
| parent | 68b76e99d1f7b696d49b5e99286401150072987a (diff) | |
mwifiex: failure path handling in mwifiex_add_virtual_intf()
1) If register_netdevice() is failed, we are freeing netdev
pointer, but priv->netdev is not cleared. This gives kernel
paging request error when driver is unloaded or interface is
deleted. Fix the problem by clearing the pointer.
2) Fix memory leak issue by freeing 'wdev' in failure paths.
Also, clear priv->wdev pointer.
As mwifiex_add_virtual_intf() successfully handles the
failure conditions, redundant code under err_add_intf label
is removed in this patch.
Reported-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/wireless/mwifiex/cfg80211.c | 20 | ||||
| -rw-r--r-- | drivers/net/wireless/mwifiex/main.c | 13 |
2 files changed, 18 insertions, 15 deletions
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c index fbad00a5abc8..ccc9c0866b25 100644 --- a/drivers/net/wireless/mwifiex/cfg80211.c +++ b/drivers/net/wireless/mwifiex/cfg80211.c | |||
| @@ -2210,8 +2210,10 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, | |||
| 2210 | priv->bss_started = 0; | 2210 | priv->bss_started = 0; |
| 2211 | priv->bss_num = 0; | 2211 | priv->bss_num = 0; |
| 2212 | 2212 | ||
| 2213 | if (mwifiex_cfg80211_init_p2p_client(priv)) | 2213 | if (mwifiex_cfg80211_init_p2p_client(priv)) { |
| 2214 | return ERR_PTR(-EFAULT); | 2214 | wdev = ERR_PTR(-EFAULT); |
| 2215 | goto done; | ||
| 2216 | } | ||
| 2215 | 2217 | ||
| 2216 | break; | 2218 | break; |
| 2217 | default: | 2219 | default: |
| @@ -2224,7 +2226,8 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, | |||
| 2224 | if (!dev) { | 2226 | if (!dev) { |
| 2225 | wiphy_err(wiphy, "no memory available for netdevice\n"); | 2227 | wiphy_err(wiphy, "no memory available for netdevice\n"); |
| 2226 | priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED; | 2228 | priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED; |
| 2227 | return ERR_PTR(-ENOMEM); | 2229 | wdev = ERR_PTR(-ENOMEM); |
| 2230 | goto done; | ||
| 2228 | } | 2231 | } |
| 2229 | 2232 | ||
| 2230 | mwifiex_init_priv_params(priv, dev); | 2233 | mwifiex_init_priv_params(priv, dev); |
| @@ -2264,7 +2267,9 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, | |||
| 2264 | wiphy_err(wiphy, "cannot register virtual network device\n"); | 2267 | wiphy_err(wiphy, "cannot register virtual network device\n"); |
| 2265 | free_netdev(dev); | 2268 | free_netdev(dev); |
| 2266 | priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED; | 2269 | priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED; |
| 2267 | return ERR_PTR(-EFAULT); | 2270 | priv->netdev = NULL; |
| 2271 | wdev = ERR_PTR(-EFAULT); | ||
| 2272 | goto done; | ||
| 2268 | } | 2273 | } |
| 2269 | 2274 | ||
| 2270 | sema_init(&priv->async_sem, 1); | 2275 | sema_init(&priv->async_sem, 1); |
| @@ -2274,6 +2279,13 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, | |||
| 2274 | #ifdef CONFIG_DEBUG_FS | 2279 | #ifdef CONFIG_DEBUG_FS |
| 2275 | mwifiex_dev_debugfs_init(priv); | 2280 | mwifiex_dev_debugfs_init(priv); |
| 2276 | #endif | 2281 | #endif |
| 2282 | |||
| 2283 | done: | ||
| 2284 | if (IS_ERR(wdev)) { | ||
| 2285 | kfree(priv->wdev); | ||
| 2286 | priv->wdev = NULL; | ||
| 2287 | } | ||
| 2288 | |||
| 2277 | return wdev; | 2289 | return wdev; |
| 2278 | } | 2290 | } |
| 2279 | EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf); | 2291 | EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf); |
diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c index 7c7da3ea55a9..9236b42007fb 100644 --- a/drivers/net/wireless/mwifiex/main.c +++ b/drivers/net/wireless/mwifiex/main.c | |||
| @@ -411,7 +411,7 @@ static void mwifiex_terminate_workqueue(struct mwifiex_adapter *adapter) | |||
| 411 | */ | 411 | */ |
| 412 | static void mwifiex_fw_dpc(const struct firmware *firmware, void *context) | 412 | static void mwifiex_fw_dpc(const struct firmware *firmware, void *context) |
| 413 | { | 413 | { |
| 414 | int ret, i; | 414 | int ret; |
| 415 | char fmt[64]; | 415 | char fmt[64]; |
| 416 | struct mwifiex_private *priv; | 416 | struct mwifiex_private *priv; |
| 417 | struct mwifiex_adapter *adapter = context; | 417 | struct mwifiex_adapter *adapter = context; |
| @@ -479,6 +479,7 @@ static void mwifiex_fw_dpc(const struct firmware *firmware, void *context) | |||
| 479 | NL80211_IFTYPE_STATION, NULL, NULL); | 479 | NL80211_IFTYPE_STATION, NULL, NULL); |
| 480 | if (IS_ERR(wdev)) { | 480 | if (IS_ERR(wdev)) { |
| 481 | dev_err(adapter->dev, "cannot create default STA interface\n"); | 481 | dev_err(adapter->dev, "cannot create default STA interface\n"); |
| 482 | rtnl_unlock(); | ||
| 482 | goto err_add_intf; | 483 | goto err_add_intf; |
| 483 | } | 484 | } |
| 484 | rtnl_unlock(); | 485 | rtnl_unlock(); |
| @@ -488,16 +489,6 @@ static void mwifiex_fw_dpc(const struct firmware *firmware, void *context) | |||
| 488 | goto done; | 489 | goto done; |
| 489 | 490 | ||
| 490 | err_add_intf: | 491 | err_add_intf: |
| 491 | for (i = 0; i < adapter->priv_num; i++) { | ||
| 492 | priv = adapter->priv[i]; | ||
| 493 | |||
| 494 | if (!priv) | ||
| 495 | continue; | ||
| 496 | |||
| 497 | if (priv->wdev && priv->netdev) | ||
| 498 | mwifiex_del_virtual_intf(adapter->wiphy, priv->wdev); | ||
| 499 | } | ||
| 500 | rtnl_unlock(); | ||
| 501 | err_register_cfg80211: | 492 | err_register_cfg80211: |
| 502 | wiphy_unregister(adapter->wiphy); | 493 | wiphy_unregister(adapter->wiphy); |
| 503 | wiphy_free(adapter->wiphy); | 494 | wiphy_free(adapter->wiphy); |