Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db93e7b5 authored by Senthil Balasubramanian's avatar Senthil Balasubramanian Committed by John W. Linville
Browse files

ath9k: Race condition in accessing TX and RX buffers. 



Race condition causes RX buffers to be accessed even before it is
initialized. The RX and TX buffers are initialized immediately after
the hardware is registered with mac80211. The mac80211 start callback
is ready to be fired once the device is registered for a case when the
wpa_supplicant is also running at the same time.

The same race condition is also possible for RKFILL registration
as RFKILL init happens after the device registration with mac80211
and it is possible that rfkill_register would be called even before
it is initialized.

Signed-off-by: default avatarSenthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 306efdd1

drivers/net/wireless/ath9k/main.c

+14 −15
Original line number Original line Diff line number Diff line
@@ -912,14 +912,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc) 
		hw->wiphy->bands[IEEE80211_BAND_5GHZ] =

		hw->wiphy->bands[IEEE80211_BAND_5GHZ] =

			&sc->sbands[IEEE80211_BAND_5GHZ];

			&sc->sbands[IEEE80211_BAND_5GHZ];





	error = ieee80211_register_hw(hw);

	/* initialize tx/rx engine */

	if (error != 0) {

	error = ath_tx_init(sc, ATH_TXBUF);

		ath_rate_control_unregister();

	if (error != 0)

		goto bad;

		goto detach;

	}





	/* Initialize LED control */

	error = ath_rx_init(sc, ATH_RXBUF);

	ath_init_leds(sc);

	if (error != 0)

		goto detach;





#if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE)

#if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE)

	/* Initialze h/w Rfkill */

	/* Initialze h/w Rfkill */
@@ -931,15 +931,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc) 
		goto detach;

		goto detach;

#endif

#endif





	/* initialize tx/rx engine */

	error = ieee80211_register_hw(hw);



	if (error != 0) {

	error = ath_tx_init(sc, ATH_TXBUF);

		ath_rate_control_unregister();

	if (error != 0)

		goto bad;

		goto detach;

	}





	error = ath_rx_init(sc, ATH_RXBUF);

	/* Initialize LED control */

	if (error != 0)

	ath_init_leds(sc);

		goto detach;





	return 0;

	return 0;

detach:

detach: