[PATCH 10/16] brcmfmac: Only handle p2p_stop_device if vif is valid

[PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2015-09-18
[PATCH 03/16] brcmfmac: Fix set and get tx-power functions. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 06/16] brcmfmac: Fix bug in flowring management. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 02/16] brcmfmac: Add support for the BCM4350 PCIE device. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 08/16] brcmfmac: Workaround in change vif for wpa_supplicant support. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 10/16] brcmfmac: Only handle p2p_stop_device if vif is valid · Arend van Spriel <hidden> · 2015-09-18
[PATCH 04/16] brcmfmac: Only assign primary netdev to if2bss array. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 01/16] brcmfmac: Fix exception handling. · Arend van Spriel <hidden> · 2015-09-18
Re: [PATCH 01/16] brcmfmac: Fix exception handling. · Arend van Spriel <hidden> · 2015-09-19
Re: [01/16] brcmfmac: Fix exception handling. · Kalle Valo <hidden> · 2015-09-29
[PATCH 05/16] brcmfmac: Inform p2p module about p2pon through API · Arend van Spriel <hidden> · 2015-09-18
[PATCH 14/16] brcmfmac: Add support for the BCM4365 and BCM4366 PCIE devices. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 15/16] brcmfmac: Fix TDLS setup by properly handling p2p noif. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 13/16] brcmfmac: Fix race condition bug when deleting p2p interface. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 07/16] brcmfmac: Make p2pon module param always available. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 12/16] brcmfmac: Add module parameter to disable features. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 11/16] brcmfmac: Fix p2p bug for older firmwares. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 09/16] brcmfmac: Deleting of p2p device is leaking memory. · Arend van Spriel <hidden> · 2015-09-18
[PATCH 16/16] brcmfmac: Accept events when TDLS is used in combination with p2p. · Arend van Spriel <hidden> · 2015-09-18
Re: [PATCH 16/16] brcmfmac: Accept events when TDLS is used in combination with p2p. · Arend van Spriel <hidden> · 2015-09-19
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Rafał Miłecki <zajec5@gmail.com> · 2015-09-18
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2015-09-19
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2015-09-19
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Rafał Miłecki <zajec5@gmail.com> · 2015-09-19
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2015-09-19
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Kalle Valo <hidden> · 2015-09-21
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2015-09-28
Pending patches in patchwork and their states · Kalle Valo <hidden> · 2015-09-28
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Rafał Miłecki <zajec5@gmail.com> · 2016-01-09
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2016-01-10
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Rafał Miłecki <zajec5@gmail.com> · 2016-01-10
Re: [PATCH 00/16] brcmfmac: new device support and P2P fixes · Arend van Spriel <hidden> · 2016-01-11

STALE3804d REVIEWED: 2 (0M)

From: Arend van Spriel <hidden>
Date: 2015-09-18 20:08:25
Subsystem: networking drivers (wireless), the rest · Maintainers: Johannes Berg, Linus Torvalds

From: Hante Meuleman <redacted>

In some situations it is possible that vif has been removed while
cfg80211 invokes the p2p_stop_device handler. This will result in
crash.

Reviewed-by: Arend Van Spriel <redacted>
Reviewed-by: Pieter-Paul Giesberts <redacted>
Signed-off-by: Hante Meuleman <redacted>
Signed-off-by: Arend van Spriel <redacted>
---
 drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
index 83027dc..76e4771 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c

@@ -2327,11 +2327,17 @@ void brcmf_p2p_stop_device(struct wiphy *wiphy, struct wireless_dev *wdev)
 	struct brcmf_cfg80211_vif *vif;
 
 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
-	mutex_lock(&cfg->usr_sync);
-	(void)brcmf_p2p_deinit_discovery(p2p);
-	brcmf_abort_scanning(cfg);
-	clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
-	mutex_unlock(&cfg->usr_sync);
+	/* This call can be result of the unregister_wdev call. In that case
+	 * we dont want to do anything anymore. Just return. The config vif
+	 * will have been cleared at this point.
+	 */
+	if (p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif == vif) {
+		mutex_lock(&cfg->usr_sync);
+		(void)brcmf_p2p_deinit_discovery(p2p);
+		brcmf_abort_scanning(cfg);
+		clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
+		mutex_unlock(&cfg->usr_sync);
+	}
 }
 
 /**

-- 
1.9.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help