This is a note to let you know that I've just added the patch titled
ath9k: fix race conditions when stop device
to the 2.6.36-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ath9k-fix-race-conditions-when-stop-device.patch
and it can be found in the queue-2.6.36 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 203043f579ece44bb30291442cd56332651dd37d Mon Sep 17 00:00:00 2001
From: Stanislaw Gruszka <[email protected]>
Date: Tue, 25 Jan 2011 14:08:40 +0100
Subject: ath9k: fix race conditions when stop device
From: Stanislaw Gruszka <[email protected]>
commit 203043f579ece44bb30291442cd56332651dd37d upstream.
We do not kill any scheduled tasklets when stopping device, that may
cause usage of resources after free. Moreover we enable interrupts
in tasklet function, so we could potentially end with interrupts
enabled when driver is not ready to receive them.
I think patch should fix Ben's kernel crash from:
http://marc.info/?l=linux-wireless&m=129438358921501&w=2
Signed-off-by: Stanislaw Gruszka <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/wireless/ath/ath9k/init.c | 5 -----
drivers/net/wireless/ath/ath9k/main.c | 9 +++++++++
2 files changed, 9 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/init.c
+++ b/drivers/net/wireless/ath/ath9k/init.c
@@ -626,8 +626,6 @@ err_queues:
err_debug:
ath9k_hw_deinit(ah);
err_hw:
- tasklet_kill(&sc->intr_tq);
- tasklet_kill(&sc->bcon_tasklet);
kfree(ah);
sc->sc_ah = NULL;
@@ -787,9 +785,6 @@ static void ath9k_deinit_softc(struct at
ath9k_exit_debug(sc->sc_ah);
ath9k_hw_deinit(sc->sc_ah);
- tasklet_kill(&sc->intr_tq);
- tasklet_kill(&sc->bcon_tasklet);
-
kfree(sc->sc_ah);
sc->sc_ah = NULL;
}
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -1349,6 +1349,9 @@ static void ath9k_stop(struct ieee80211_
ath9k_btcoex_timer_pause(sc);
}
+ /* prevent tasklets to enable interrupts once we disable them */
+ ah->imask &= ~ATH9K_INT_GLOBAL;
+
/* make sure h/w will not generate any interrupt
* before setting the invalid flag. */
ath9k_hw_set_interrupts(ah, 0);
@@ -1823,6 +1826,12 @@ static int ath9k_set_key(struct ieee8021
ret = -EINVAL;
}
+ /* we can now sync irq and kill any running tasklets, since we already
+ * disabled interrupts and not holding a spin lock */
+ synchronize_irq(sc->irq);
+ tasklet_kill(&sc->intr_tq);
+ tasklet_kill(&sc->bcon_tasklet);
+
ath9k_ps_restore(sc);
mutex_unlock(&sc->mutex);
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.36/ath9k-fix-race-conditions-when-stop-device.patch
queue-2.6.36/iwlagn-enable-only-rfkill-interrupt-when-device-is-down.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
