diff options
author | Hante Meuleman <meuleman@broadcom.com> | 2015-09-18 22:08:13 +0200 |
---|---|---|
committer | Kalle Valo <kvalo@codeaurora.org> | 2015-09-29 09:55:58 +0200 |
commit | d1bb34c128f59c30b75b96ef60f5f00cdbe9ca0e (patch) | |
tree | b73d0662d1f9585ab3746e60991cb9b9acb0702c | |
parent | brcmfmac: Deleting of p2p device is leaking memory. (diff) | |
download | linux-d1bb34c128f59c30b75b96ef60f5f00cdbe9ca0e.tar.xz linux-d1bb34c128f59c30b75b96ef60f5f00cdbe9ca0e.zip |
brcmfmac: Only handle p2p_stop_device if vif is valid
In some situations it is possible that vif has been removed while
cfg80211 invokes the p2p_stop_device handler. This will result in
crash.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-rw-r--r-- | drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c index 83027dcc4aae..76e477109e6d 100644 --- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c +++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c @@ -2327,11 +2327,17 @@ void brcmf_p2p_stop_device(struct wiphy *wiphy, struct wireless_dev *wdev) struct brcmf_cfg80211_vif *vif; vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev); - mutex_lock(&cfg->usr_sync); - (void)brcmf_p2p_deinit_discovery(p2p); - brcmf_abort_scanning(cfg); - clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state); - mutex_unlock(&cfg->usr_sync); + /* This call can be result of the unregister_wdev call. In that case + * we dont want to do anything anymore. Just return. The config vif + * will have been cleared at this point. + */ + if (p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif == vif) { + mutex_lock(&cfg->usr_sync); + (void)brcmf_p2p_deinit_discovery(p2p); + brcmf_abort_scanning(cfg); + clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state); + mutex_unlock(&cfg->usr_sync); + } } /** |