Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4facc34a authored by Avinash Patil's avatar Avinash Patil Committed by Kalle Valo
Browse files

mwifiex: do not declare wdev as pointer 



wdev is used even after del_virtual_interface handler in cfg80211
in nl80211_post_doit. Since we have freed wdev in handling of
del_virtual_intf, this can result into crash while deleting
interface.
Avoid this be not declaring wdev which part of
mwifiex_private structure but struct wireless_dev type.

Signed-off-by: default avatarAvinash Patil <patila@marvell.com>
Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: default avatarCathy Luo <cluo@marvell.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 09f63ae6

drivers/net/wireless/mwifiex/11h.c

+1 −1
Original line number Diff line number Diff line
@@ -39,7 +39,7 @@ mwifiex_11h_process_infra_join(struct mwifiex_private *priv, u8 **buffer, 
		return;



	radio_type = mwifiex_band_to_radio_type((u8) bss_desc->bss_band);

	sband = priv->wdev->wiphy->bands[radio_type];

	sband = priv->wdev.wiphy->bands[radio_type];



	cap = (struct mwifiex_ie_types_pwr_capability *)*buffer;

	cap->header.type = cpu_to_le16(WLAN_EID_PWR_CAPABILITY);

drivers/net/wireless/mwifiex/11n.c

+2 −2
Original line number Diff line number Diff line
@@ -39,7 +39,7 @@ int mwifiex_fill_cap_info(struct mwifiex_private *priv, u8 radio_type, 
{

	uint16_t ht_ext_cap = le16_to_cpu(ht_cap->extended_ht_cap_info);

	struct ieee80211_supported_band *sband =

					priv->wdev->wiphy->bands[radio_type];

					priv->wdev.wiphy->bands[radio_type];



	if (WARN_ON_ONCE(!sband)) {

		dev_err(priv->adapter->dev, "Invalid radio type!\n");
@@ -314,7 +314,7 @@ mwifiex_cmd_append_11n_tlv(struct mwifiex_private *priv, 
		return ret_len;



	radio_type = mwifiex_band_to_radio_type((u8) bss_desc->bss_band);

	sband = priv->wdev->wiphy->bands[radio_type];

	sband = priv->wdev.wiphy->bands[radio_type];



	if (bss_desc->bcn_ht_cap) {

		ht_cap = (struct mwifiex_ie_types_htcap *) *buffer;

drivers/net/wireless/mwifiex/11n_rxreorder.c

+1 −1
Original line number Diff line number Diff line
@@ -45,7 +45,7 @@ static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv, 
		skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length));



		ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr,

					 priv->wdev->iftype, 0, false);

					 priv->wdev.iftype, 0, false);



		while (!skb_queue_empty(&list)) {

			rx_skb = __skb_dequeue(&list);

drivers/net/wireless/mwifiex/cfg80211.c

+25 −45
Original line number Diff line number Diff line
@@ -1590,15 +1590,15 @@ static int mwifiex_cfg80211_inform_ibss_bss(struct mwifiex_private *priv) 
	ie_len = ie_buf[1] + sizeof(struct ieee_types_header);



	band = mwifiex_band_to_radio_type(priv->curr_bss_params.band);

	chan = __ieee80211_get_channel(priv->wdev->wiphy,

	chan = __ieee80211_get_channel(priv->wdev.wiphy,

			ieee80211_channel_to_frequency(bss_info.bss_chan,

						       band));



	bss = cfg80211_inform_bss(priv->wdev->wiphy, chan,

	bss = cfg80211_inform_bss(priv->wdev.wiphy, chan,

				  CFG80211_BSS_FTYPE_UNKNOWN,

				  bss_info.bssid, 0, WLAN_CAPABILITY_IBSS,

				  0, ie_buf, ie_len, 0, GFP_KERNEL);

	cfg80211_put_bss(priv->wdev->wiphy, bss);

	cfg80211_put_bss(priv->wdev.wiphy, bss);

	memcpy(priv->cfg_bssid, bss_info.bssid, ETH_ALEN);



	return 0;
@@ -1719,12 +1719,12 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, 


		/* Find the BSS we want using available scan results */

		if (mode == NL80211_IFTYPE_ADHOC)

			bss = cfg80211_get_bss(priv->wdev->wiphy, channel,

			bss = cfg80211_get_bss(priv->wdev.wiphy, channel,

					       bssid, ssid, ssid_len,

					       WLAN_CAPABILITY_IBSS,

					       WLAN_CAPABILITY_IBSS);

		else

			bss = cfg80211_get_bss(priv->wdev->wiphy, channel,

			bss = cfg80211_get_bss(priv->wdev.wiphy, channel,

					       bssid, ssid, ssid_len,

					       WLAN_CAPABILITY_ESS,

					       WLAN_CAPABILITY_ESS);
@@ -1781,7 +1781,7 @@ mwifiex_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev, 
		return -EINVAL;

	}



	if (priv->wdev && priv->wdev->current_bss) {

	if (priv->wdev.current_bss) {

		wiphy_warn(wiphy, "%s: already connected\n", dev->name);

		return -EALREADY;

	}
@@ -1839,7 +1839,7 @@ mwifiex_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev, 
static int mwifiex_set_ibss_params(struct mwifiex_private *priv,

				   struct cfg80211_ibss_params *params)

{

	struct wiphy *wiphy = priv->wdev->wiphy;

	struct wiphy *wiphy = priv->wdev.wiphy;

	struct mwifiex_adapter *adapter = priv->adapter;

	int index = 0, i;

	u8 config_bands = 0;
@@ -2177,7 +2177,6 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
	struct mwifiex_private *priv;

	struct net_device *dev;

	void *mdev_priv;

	struct wireless_dev *wdev;



	if (!adapter)

		return ERR_PTR(-EFAULT);
@@ -2193,13 +2192,8 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
			return ERR_PTR(-EINVAL);

		}



		wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);

		if (!wdev)

			return ERR_PTR(-ENOMEM);



		wdev->wiphy = wiphy;

		priv->wdev = wdev;

		wdev->iftype = NL80211_IFTYPE_STATION;

		priv->wdev.wiphy = wiphy;

		priv->wdev.iftype = NL80211_IFTYPE_STATION;



		if (type == NL80211_IFTYPE_UNSPECIFIED)

			priv->bss_mode = NL80211_IFTYPE_STATION;
@@ -2221,13 +2215,8 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
			return ERR_PTR(-EINVAL);

		}



		wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);

		if (!wdev)

			return ERR_PTR(-ENOMEM);



		priv->wdev = wdev;

		wdev->wiphy = wiphy;

		wdev->iftype = NL80211_IFTYPE_AP;

		priv->wdev.wiphy = wiphy;

		priv->wdev.iftype = NL80211_IFTYPE_AP;



		priv->bss_type = MWIFIEX_BSS_TYPE_UAP;

		priv->frame_type = MWIFIEX_DATA_FRAME_TYPE_ETH_II;
@@ -2246,17 +2235,12 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
			return ERR_PTR(-EINVAL);

		}



		wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);

		if (!wdev)

			return ERR_PTR(-ENOMEM);



		priv->wdev = wdev;

		wdev->wiphy = wiphy;

		priv->wdev.wiphy = wiphy;



		/* At start-up, wpa_supplicant tries to change the interface

		 * to NL80211_IFTYPE_STATION if it is not managed mode.

		 */

		wdev->iftype = NL80211_IFTYPE_P2P_CLIENT;

		priv->wdev.iftype = NL80211_IFTYPE_P2P_CLIENT;

		priv->bss_mode = NL80211_IFTYPE_P2P_CLIENT;



		/* Setting bss_type to P2P tells firmware that this interface
@@ -2272,8 +2256,9 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
		priv->bss_num = 0;



		if (mwifiex_cfg80211_init_p2p_client(priv)) {

			wdev = ERR_PTR(-EFAULT);

			goto done;

			memset(&priv->wdev, 0, sizeof(priv->wdev));

			priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;

			return ERR_PTR(-EFAULT);

		}



		break;
@@ -2287,9 +2272,10 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
			       IEEE80211_NUM_ACS, 1);

	if (!dev) {

		wiphy_err(wiphy, "no memory available for netdevice\n");

		memset(&priv->wdev, 0, sizeof(priv->wdev));

		priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;

		priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;

		wdev = ERR_PTR(-ENOMEM);

		goto done;

		return ERR_PTR(-ENOMEM);

	}



	mwifiex_init_priv_params(priv, dev);
@@ -2309,7 +2295,7 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
			&wiphy->bands[IEEE80211_BAND_5GHZ]->vht_cap, priv);



	dev_net_set(dev, wiphy_net(wiphy));

	dev->ieee80211_ptr = priv->wdev;

	dev->ieee80211_ptr = &priv->wdev;

	dev->ieee80211_ptr->iftype = priv->bss_mode;

	memcpy(dev->dev_addr, wiphy->perm_addr, ETH_ALEN);

	SET_NETDEV_DEV(dev, wiphy_dev(wiphy));
@@ -2330,8 +2316,9 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
		free_netdev(dev);

		priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;

		priv->netdev = NULL;

		wdev = ERR_PTR(-EFAULT);

		goto done;

		memset(&priv->wdev, 0, sizeof(priv->wdev));

		priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;

		return ERR_PTR(-EFAULT);

	}



	sema_init(&priv->async_sem, 1);
@@ -2342,13 +2329,7 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy, 
	mwifiex_dev_debugfs_init(priv);

#endif



done:

	if (IS_ERR(wdev)) {

		kfree(priv->wdev);

		priv->wdev = NULL;

	}



	return wdev;

	return &priv->wdev;

}

EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf);
@@ -2374,8 +2355,7 @@ int mwifiex_del_virtual_intf(struct wiphy *wiphy, struct wireless_dev *wdev) 
	/* Clear the priv in adapter */

	priv->netdev->ieee80211_ptr = NULL;

	priv->netdev = NULL;

	kfree(wdev);

	priv->wdev = NULL;

	priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;



	priv->media_connected = false;

drivers/net/wireless/mwifiex/cfp.c

+2 −2
Original line number Diff line number Diff line
@@ -322,9 +322,9 @@ mwifiex_get_cfp(struct mwifiex_private *priv, u8 band, u16 channel, u32 freq) 
		return cfp;



	if (mwifiex_band_to_radio_type(band) == HostCmd_SCAN_RADIO_TYPE_BG)

		sband = priv->wdev->wiphy->bands[IEEE80211_BAND_2GHZ];

		sband = priv->wdev.wiphy->bands[IEEE80211_BAND_2GHZ];

	else

		sband = priv->wdev->wiphy->bands[IEEE80211_BAND_5GHZ];

		sband = priv->wdev.wiphy->bands[IEEE80211_BAND_5GHZ];



	if (!sband) {

		dev_err(priv->adapter->dev, "%s: cannot find cfp by band %d\n",