Commit 353d2a69 authored by Ujjal Roy's avatar Ujjal Roy Committed by John W. Linville

mwifiex: fix issues in driver unload path for USB chipsets

1) After driver load failure, clear 'card->adapter' instead of
card pointer so that card specific cleanup is performed later
when user unloads the driver.

2) Clear usb_card pointer in disconnect handler to avoid invalid
memory access when user unloads the driver after removing the
card.
Signed-off-by: default avatarUjjal Roy <royujjal@gmail.com>
Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
Signed-off-by: default avatarBing Zhao <bzhao@marvell.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 3c59e328
...@@ -350,7 +350,6 @@ static int mwifiex_usb_probe(struct usb_interface *intf, ...@@ -350,7 +350,6 @@ static int mwifiex_usb_probe(struct usb_interface *intf,
card->udev = udev; card->udev = udev;
card->intf = intf; card->intf = intf;
usb_card = card;
pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n", pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n",
udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass, udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass,
...@@ -525,25 +524,28 @@ static int mwifiex_usb_resume(struct usb_interface *intf) ...@@ -525,25 +524,28 @@ static int mwifiex_usb_resume(struct usb_interface *intf)
static void mwifiex_usb_disconnect(struct usb_interface *intf) static void mwifiex_usb_disconnect(struct usb_interface *intf)
{ {
struct usb_card_rec *card = usb_get_intfdata(intf); struct usb_card_rec *card = usb_get_intfdata(intf);
struct mwifiex_adapter *adapter;
if (!card || !card->adapter) { if (!card) {
pr_err("%s: card or card->adapter is NULL\n", __func__); pr_err("%s: card is NULL\n", __func__);
return; return;
} }
adapter = card->adapter; mwifiex_usb_free(card);
if (card->adapter) {
struct mwifiex_adapter *adapter = card->adapter;
if (!adapter->priv_num) if (!adapter->priv_num)
return; return;
mwifiex_usb_free(card);
dev_dbg(adapter->dev, "%s: removing card\n", __func__); dev_dbg(adapter->dev, "%s: removing card\n", __func__);
mwifiex_remove_card(adapter, &add_remove_card_sem); mwifiex_remove_card(adapter, &add_remove_card_sem);
}
usb_set_intfdata(intf, NULL); usb_set_intfdata(intf, NULL);
usb_put_dev(interface_to_usbdev(intf)); usb_put_dev(interface_to_usbdev(intf));
kfree(card); kfree(card);
usb_card = NULL;
return; return;
} }
...@@ -754,6 +756,7 @@ static int mwifiex_register_dev(struct mwifiex_adapter *adapter) ...@@ -754,6 +756,7 @@ static int mwifiex_register_dev(struct mwifiex_adapter *adapter)
card->adapter = adapter; card->adapter = adapter;
adapter->dev = &card->udev->dev; adapter->dev = &card->udev->dev;
strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME); strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME);
usb_card = card;
return 0; return 0;
} }
...@@ -762,7 +765,7 @@ static void mwifiex_unregister_dev(struct mwifiex_adapter *adapter) ...@@ -762,7 +765,7 @@ static void mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
{ {
struct usb_card_rec *card = (struct usb_card_rec *)adapter->card; struct usb_card_rec *card = (struct usb_card_rec *)adapter->card;
usb_set_intfdata(card->intf, NULL); card->adapter = NULL;
} }
static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter, static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter,
...@@ -1004,7 +1007,7 @@ static void mwifiex_usb_cleanup_module(void) ...@@ -1004,7 +1007,7 @@ static void mwifiex_usb_cleanup_module(void)
if (!down_interruptible(&add_remove_card_sem)) if (!down_interruptible(&add_remove_card_sem))
up(&add_remove_card_sem); up(&add_remove_card_sem);
if (usb_card) { if (usb_card && usb_card->adapter) {
struct mwifiex_adapter *adapter = usb_card->adapter; struct mwifiex_adapter *adapter = usb_card->adapter;
int i; int i;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment