openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

mwifiex: fix issues in driver unload path for USB chipsets 

1) After driver load failure, clear 'card->adapter' instead of
card pointer so that card specific cleanup is performed later
when user unloads the driver.

2) Clear usb_card pointer in disconnect handler to avoid invalid
memory access when user unloads the driver after removing the
card.

Signed-off-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Ujjal Roy 2013-11-14 19:10:42 -08:00 committed by John W. Linville
parent 3c59e328eb
commit 353d2a69ea
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
drivers/net/wireless/mwifiex/usb.c
View File

@ -350,7 +350,6 @@ static int mwifiex_usb_probe(struct usb_interface *intf,
card->udev = udev; card->udev = udev;
card->intf = intf; card->intf = intf;
usb_card = card;
pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n", pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n",
udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass, udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass,
@ -525,25 +524,28 @@ static int mwifiex_usb_resume(struct usb_interface *intf)
static void mwifiex_usb_disconnect(struct usb_interface *intf) static void mwifiex_usb_disconnect(struct usb_interface *intf)
{ {
struct usb_card_rec *card = usb_get_intfdata(intf); struct usb_card_rec *card = usb_get_intfdata(intf);
struct mwifiex_adapter *adapter;
if (!card || !card->adapter) { if (!card) {
pr_err("%s: card or card->adapter is NULL\n", __func__); pr_err("%s: card is NULL\n", __func__);
return; return;
} }
adapter = card->adapter;
if (!adapter->priv_num)
return;
mwifiex_usb_free(card); mwifiex_usb_free(card);
dev_dbg(adapter->dev, "%s: removing card\n", __func__); if (card->adapter) {
mwifiex_remove_card(adapter, &add_remove_card_sem); struct mwifiex_adapter *adapter = card->adapter;
if (!adapter->priv_num)
return;
dev_dbg(adapter->dev, "%s: removing card\n", __func__);
mwifiex_remove_card(adapter, &add_remove_card_sem);
}
usb_set_intfdata(intf, NULL); usb_set_intfdata(intf, NULL);
usb_put_dev(interface_to_usbdev(intf)); usb_put_dev(interface_to_usbdev(intf));
kfree(card); kfree(card);
usb_card = NULL;
return; return;
} }
@ -754,6 +756,7 @@ static int mwifiex_register_dev(struct mwifiex_adapter *adapter)
card->adapter = adapter; card->adapter = adapter;
adapter->dev = &card->udev->dev; adapter->dev = &card->udev->dev;
strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME); strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME);
usb_card = card;
return 0; return 0;
} }
@ -762,7 +765,7 @@ static void mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
{ {
struct usb_card_rec *card = (struct usb_card_rec *)adapter->card; struct usb_card_rec *card = (struct usb_card_rec *)adapter->card;
usb_set_intfdata(card->intf, NULL); card->adapter = NULL;
} }
static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter, static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter,
@ -1004,7 +1007,7 @@ static void mwifiex_usb_cleanup_module(void)
if (!down_interruptible(&add_remove_card_sem)) if (!down_interruptible(&add_remove_card_sem))
up(&add_remove_card_sem); up(&add_remove_card_sem);
if (usb_card) { if (usb_card && usb_card->adapter) {
struct mwifiex_adapter *adapter = usb_card->adapter; struct mwifiex_adapter *adapter = usb_card->adapter;
int i; int i;