wl12xx: Handle duplicate calling of remove interface

Because of the hardware recovery mechanism, its possible the
__wl1271_op_remove_interface is called twice. Currently, this leads to a
kernel crash even before a kernel WARNing can be issued.

Fix this.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
This commit is contained in:
Juuso Oikarinen 2011-03-29 16:43:50 +03:00 committed by Luciano Coelho
parent c1b193eb65
commit 13026decf7
2 changed files with 28 additions and 4 deletions

View File

@ -1304,6 +1304,16 @@ static int wl1271_op_add_interface(struct ieee80211_hw *hw,
goto out; goto out;
} }
/*
* in some very corner case HW recovery scenarios its possible to
* get here before __wl1271_op_remove_interface is complete, so
* opt out if that is the case.
*/
if (test_bit(WL1271_FLAG_IF_INITIALIZED, &wl->flags)) {
ret = -EBUSY;
goto out;
}
switch (vif->type) { switch (vif->type) {
case NL80211_IFTYPE_STATION: case NL80211_IFTYPE_STATION:
wl->bss_type = BSS_TYPE_STA_BSS; wl->bss_type = BSS_TYPE_STA_BSS;
@ -1372,6 +1382,7 @@ static int wl1271_op_add_interface(struct ieee80211_hw *hw,
wl->vif = vif; wl->vif = vif;
wl->state = WL1271_STATE_ON; wl->state = WL1271_STATE_ON;
set_bit(WL1271_FLAG_IF_INITIALIZED, &wl->flags);
wl1271_info("firmware booted (%s)", wl->chip.fw_ver_str); wl1271_info("firmware booted (%s)", wl->chip.fw_ver_str);
/* update hw/fw version info in wiphy struct */ /* update hw/fw version info in wiphy struct */
@ -1409,14 +1420,16 @@ static void __wl1271_op_remove_interface(struct wl1271 *wl)
wl1271_debug(DEBUG_MAC80211, "mac80211 remove interface"); wl1271_debug(DEBUG_MAC80211, "mac80211 remove interface");
/* because of hardware recovery, we may get here twice */
if (wl->state != WL1271_STATE_ON)
return;
wl1271_info("down"); wl1271_info("down");
mutex_lock(&wl_list_mutex); mutex_lock(&wl_list_mutex);
list_del(&wl->list); list_del(&wl->list);
mutex_unlock(&wl_list_mutex); mutex_unlock(&wl_list_mutex);
WARN_ON(wl->state != WL1271_STATE_ON);
/* enable dyn ps just in case (if left on due to fw crash etc) */ /* enable dyn ps just in case (if left on due to fw crash etc) */
if (wl->bss_type == BSS_TYPE_STA_BSS) if (wl->bss_type == BSS_TYPE_STA_BSS)
ieee80211_enable_dyn_ps(wl->vif); ieee80211_enable_dyn_ps(wl->vif);
@ -1428,6 +1441,10 @@ static void __wl1271_op_remove_interface(struct wl1271 *wl)
ieee80211_scan_completed(wl->hw, true); ieee80211_scan_completed(wl->hw, true);
} }
/*
* this must be before the cancel_work calls below, so that the work
* functions don't perform further work.
*/
wl->state = WL1271_STATE_OFF; wl->state = WL1271_STATE_OFF;
mutex_unlock(&wl->mutex); mutex_unlock(&wl->mutex);
@ -1464,7 +1481,6 @@ static void __wl1271_op_remove_interface(struct wl1271 *wl)
wl->time_offset = 0; wl->time_offset = 0;
wl->session_counter = 0; wl->session_counter = 0;
wl->rate_set = CONF_TX_RATE_MASK_BASIC; wl->rate_set = CONF_TX_RATE_MASK_BASIC;
wl->flags = 0;
wl->vif = NULL; wl->vif = NULL;
wl->filters = 0; wl->filters = 0;
wl1271_free_ap_keys(wl); wl1271_free_ap_keys(wl);
@ -1473,6 +1489,13 @@ static void __wl1271_op_remove_interface(struct wl1271 *wl)
wl->ap_ps_map = 0; wl->ap_ps_map = 0;
wl->block_size = 0; wl->block_size = 0;
/*
* this is performed after the cancel_work calls and the associated
* mutex_lock, so that wl1271_op_add_interface does not accidentally
* get executed before all these vars have been reset.
*/
wl->flags = 0;
for (i = 0; i < NUM_TX_QUEUES; i++) for (i = 0; i < NUM_TX_QUEUES; i++)
wl->tx_blocks_freed[i] = 0; wl->tx_blocks_freed[i] = 0;

View File

@ -354,7 +354,8 @@ enum wl12xx_flags {
WL1271_FLAG_PSPOLL_FAILURE, WL1271_FLAG_PSPOLL_FAILURE,
WL1271_FLAG_STA_STATE_SENT, WL1271_FLAG_STA_STATE_SENT,
WL1271_FLAG_FW_TX_BUSY, WL1271_FLAG_FW_TX_BUSY,
WL1271_FLAG_AP_STARTED WL1271_FLAG_AP_STARTED,
WL1271_FLAG_IF_INITIALIZED,
}; };
struct wl1271_link { struct wl1271_link {