brcmfmac: Only handle p2p_stop_device if vif is valid

In some situations it is possible that vif has been removed while cfg80211 invokes the p2p_stop_device handler. This will result in crash. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

brcmfmac: Only handle p2p_stop_device if vif is valid
In some situations it is possible that vif has been removed while cfg80211 invokes the p2p_stop_device handler. This will result in crash. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
d1bb34c1 · Hante Meuleman · Kalle Valo · 9831bcb9 · d1bb34c1
Commit d1bb34c1 authored Sep 18, 2015 by Hante Meuleman Committed by Kalle Valo Sep 29, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 5 deletions

drivers/net/wireless/brcm80211/brcmfmac/p2p.c drivers/net/wireless/brcm80211/brcmfmac/p2p.c +11 -5

No files found.
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
@@ -2327,11 +2327,17 @@ void brcmf_p2p_stop_device(struct wiphy *wiphy, struct wireless_dev *wdev)
 	struct brcmf_cfg80211_vif *vif;
 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
-	mutex_lock(&cfg->usr_sync);
+	/* This call can be result of the unregister_wdev call. In that case
-	(void)brcmf_p2p_deinit_discovery(p2p);
+	 * we dont want to do anything anymore. Just return. The config vif
-	brcmf_abort_scanning(cfg);
+	 * will have been cleared at this point.
-	clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
+	 */
-	mutex_unlock(&cfg->usr_sync);
+	if (p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif == vif) {
+		mutex_lock(&cfg->usr_sync);
+		(void)brcmf_p2p_deinit_discovery(p2p);
+		brcmf_abort_scanning(cfg);
+		clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
+		mutex_unlock(&cfg->usr_sync);
+	}
 }
 /**