mwifiex: reset card->adapter during device unregister
authorXinming Hu <huxm@marvell.com>
Fri, 18 Nov 2016 14:00:30 +0000 (19:30 +0530)
committerKalle Valo <kvalo@codeaurora.org>
Sat, 19 Nov 2016 07:18:50 +0000 (09:18 +0200)
card->adapter gets initialized in mwifiex_register_dev(). As it's not
cleared in mwifiex_unregister_dev(), we may end up accessing the memory
which is already free in below scenario.

Scenario: Driver initialization is failed due to incorrect firmware or
some other reason. Meanwhile device reboot/unload occurs.

This is safe, now that we've properly synchronized suspend() and
remove() with the FW initialization thread; now that code can simply
check for 'card->adapter == NULL' and exit safely.

Signed-off-by: Xinming Hu <huxm@marvell.com>
Tested-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/marvell/mwifiex/pcie.c
drivers/net/wireless/marvell/mwifiex/sdio.c

index 6176cb78d9d674b8cb2148dd9ca128df694b0286..f6d28d98da8d7d2a5be3fb9bb981474a4db4129d 100644 (file)
@@ -3042,6 +3042,7 @@ static void mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
                        if (card->msi_enable)
                                pci_disable_msi(pdev);
               }
+               card->adapter = NULL;
        }
 }
 
index 5077d56b1bd493a03446a0b5d75d48850ed8ee2f..69542f802de5d3bea1c649b0d862172cadec8221 100644 (file)
@@ -2017,6 +2017,7 @@ mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
        struct sdio_mmc_card *card = adapter->card;
 
        if (adapter->card) {
+               card->adapter = NULL;
                sdio_claim_host(card->func);
                sdio_disable_func(card->func);
                sdio_release_host(card->func);