Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ea888357 authored by Stanislaw Gruszka's avatar Stanislaw Gruszka Committed by John W. Linville
Browse files

ath9k_htc: fix race conditions when stop device 



We do not kill any scheduled tasklets when stopping device, that may
cause usage of resources after free. Disable interrupts, kill tasklets
and then works in correct order.

Cc: stable@kernel.org
Tested-by: default avatarSujith <m.sujith@gmail.com>
Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 203043f5

drivers/net/wireless/ath/ath9k/htc_drv_init.c

+0 −3
Original line number Diff line number Diff line
@@ -142,9 +142,6 @@ static void ath9k_deinit_priv(struct ath9k_htc_priv *priv) 
{

	ath9k_htc_exit_debug(priv->ah);

	ath9k_hw_deinit(priv->ah);

	tasklet_kill(&priv->swba_tasklet);

	tasklet_kill(&priv->rx_tasklet);

	tasklet_kill(&priv->tx_tasklet);

	kfree(priv->ah);

	priv->ah = NULL;

}

drivers/net/wireless/ath/ath9k/htc_drv_main.c

+15 −6
Original line number Diff line number Diff line
@@ -1025,12 +1025,6 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw) 
	int ret = 0;

	u8 cmd_rsp;



	/* Cancel all the running timers/work .. */

	cancel_work_sync(&priv->fatal_work);

	cancel_work_sync(&priv->ps_work);

	cancel_delayed_work_sync(&priv->ath9k_led_blink_work);

	ath9k_led_stop_brightness(priv);



	mutex_lock(&priv->mutex);



	if (priv->op_flags & OP_INVALID) {
@@ -1044,8 +1038,23 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw) 
	WMI_CMD(WMI_DISABLE_INTR_CMDID);

	WMI_CMD(WMI_DRAIN_TXQ_ALL_CMDID);

	WMI_CMD(WMI_STOP_RECV_CMDID);



	tasklet_kill(&priv->swba_tasklet);

	tasklet_kill(&priv->rx_tasklet);

	tasklet_kill(&priv->tx_tasklet);



	skb_queue_purge(&priv->tx_queue);



	mutex_unlock(&priv->mutex);



	/* Cancel all the running timers/work .. */

	cancel_work_sync(&priv->fatal_work);

	cancel_work_sync(&priv->ps_work);

	cancel_delayed_work_sync(&priv->ath9k_led_blink_work);

	ath9k_led_stop_brightness(priv);



	mutex_lock(&priv->mutex);



	/* Remove monitor interface here */

	if (ah->opmode == NL80211_IFTYPE_MONITOR) {

		if (ath9k_htc_remove_monitor_interface(priv))