ath9k: Race condition in accessing TX and RX buffers.

Race condition causes RX buffers to be accessed even before it is
initialized. The RX and TX buffers are initialized immediately after
the hardware is registered with mac80211. The mac80211 start callback
is ready to be fired once the device is registered for a case when the
wpa_supplicant is also running at the same time.

The same race condition is also possible for RKFILL registration
as RFKILL init happens after the device registration with mac80211
and it is possible that rfkill_register would be called even before
it is initialized.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

drivers/net/wireless/ath9k/main.c

@@ -912,14 +912,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc)
 		hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
 			&sc->sbands[IEEE80211_BAND_5GHZ];
 
-	error = ieee80211_register_hw(hw);
-	if (error != 0) {
-		ath_rate_control_unregister();
-		goto bad;
-	}
+	/* initialize tx/rx engine */
+	error = ath_tx_init(sc, ATH_TXBUF);
+	if (error != 0)
+		goto detach;
 
-	/* Initialize LED control */
-	ath_init_leds(sc);
+	error = ath_rx_init(sc, ATH_RXBUF);
+	if (error != 0)
+		goto detach;
 
 #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE)
 	/* Initialze h/w Rfkill */
@@ -931,15 +931,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc)
 		goto detach;
 #endif
 
-	/* initialize tx/rx engine */
-
-	error = ath_tx_init(sc, ATH_TXBUF);
-	if (error != 0)
-		goto detach;
+	error = ieee80211_register_hw(hw);
+	if (error != 0) {
+		ath_rate_control_unregister();
+		goto bad;
+	}
 
-	error = ath_rx_init(sc, ATH_RXBUF);
-	if (error != 0)
-		goto detach;
+	/* Initialize LED control */
+	ath_init_leds(sc);
 
 	return 0;
 detach: