Commit bcf28a2f authored Nov 18, 2016 by Xinming Hu Committed by Kalle Valo Nov 19, 2016

mwifiex: reset card->adapter during device unregister



card->adapter gets initialized in mwifiex_register_dev(). As it's not
cleared in mwifiex_unregister_dev(), we may end up accessing the memory
which is already free in below scenario.

Scenario: Driver initialization is failed due to incorrect firmware or
some other reason. Meanwhile device reboot/unload occurs.

This is safe, now that we've properly synchronized suspend() and
remove() with the FW initialization thread; now that code can simply
check for 'card->adapter == NULL' and exit safely.

Signed-off-by: Xinming Hu <huxm@marvell.com>
Tested-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

parent b42dbb27

drivers/net/wireless/marvell/mwifiex/pcie.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -3042,6 +3042,7 @@ static void mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
		if (card->msi_enable)
		pci_disable_msi(pdev);
		}
		card->adapter = NULL;
		}
		}

drivers/net/wireless/marvell/mwifiex/sdio.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -2017,6 +2017,7 @@ mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
		struct sdio_mmc_card *card = adapter->card;

		if (adapter->card) {
		card->adapter = NULL;
		sdio_claim_host(card->func);
		sdio_disable_func(card->func);
		sdio_release_host(card->func);