iwlwifi: fix race condition during driver unload
This patch fixed the OOPS when load the driver while rf-kill is on then
unload the driver right after load. a race condition caused the interupt
handler to schedule the tasklet which will run right after the driver pci_remove
causing invalid poiter OOPS.
Signed-off-by: Mohamed Abbas <mabbas@linux.intel.com>
Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c b/drivers/net/wireless/iwlwifi/iwl4965-base.c
index 7f56565..29e8431 100644
--- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
+++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
@@ -4285,6 +4285,14 @@
iwl_write32(priv, CSR_INT_MASK, CSR_INI_SET_MASK);
}
+/* call this function to flush any scheduled tasklet */
+static inline void iwl_synchronize_irq(struct iwl_priv *priv)
+{
+ /* wait to make sure we flush pedding tasklet*/
+ synchronize_irq(priv->pci_dev->irq);
+ tasklet_kill(&priv->irq_tasklet);
+}
+
static inline void iwl4965_disable_interrupts(struct iwl_priv *priv)
{
clear_bit(STATUS_INT_ENABLED, &priv->status);
@@ -4668,7 +4676,9 @@
}
/* Re-enable all interrupts */
- iwl4965_enable_interrupts(priv);
+ /* only Re-enable if diabled by irq */
+ if (test_bit(STATUS_INT_ENABLED, &priv->status))
+ iwl4965_enable_interrupts(priv);
#ifdef CONFIG_IWLWIFI_DEBUG
if (iwl_debug_level & (IWL_DL_ISR)) {
@@ -4733,7 +4743,9 @@
none:
/* re-enable interrupts here since we don't have anything to service. */
- iwl4965_enable_interrupts(priv);
+ /* only Re-enable if diabled by irq */
+ if (test_bit(STATUS_INT_ENABLED, &priv->status))
+ iwl4965_enable_interrupts(priv);
spin_unlock(&priv->lock);
return IRQ_NONE;
}
@@ -5772,7 +5784,10 @@
iwl_write32(priv, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET);
/* tell the device to stop sending interrupts */
+ spin_lock_irqsave(&priv->lock, flags);
iwl4965_disable_interrupts(priv);
+ spin_unlock_irqrestore(&priv->lock, flags);
+ iwl_synchronize_irq(priv);
if (priv->mac80211_registered)
ieee80211_stop_queues(priv->hw);
@@ -7996,6 +8011,7 @@
struct iwl_priv *priv;
struct ieee80211_hw *hw;
struct iwl_cfg *cfg = (struct iwl_cfg *)(ent->driver_data);
+ unsigned long flags;
DECLARE_MAC_BUF(mac);
/************************
@@ -8133,7 +8149,9 @@
/********************
* 8. Setup services
********************/
+ spin_lock_irqsave(&priv->lock, flags);
iwl4965_disable_interrupts(priv);
+ spin_unlock_irqrestore(&priv->lock, flags);
err = sysfs_create_group(&pdev->dev.kobj, &iwl4965_attribute_group);
if (err) {
@@ -8182,6 +8200,7 @@
struct iwl_priv *priv = pci_get_drvdata(pdev);
struct list_head *p, *q;
int i;
+ unsigned long flags;
if (!priv)
return;
@@ -8192,6 +8211,15 @@
iwl4965_down(priv);
+ /* make sure we flush any pending irq or
+ * tasklet for the driver
+ */
+ spin_lock_irqsave(&priv->lock, flags);
+ iwl4965_disable_interrupts(priv);
+ spin_unlock_irqrestore(&priv->lock, flags);
+
+ iwl_synchronize_irq(priv);
+
/* Free MAC hash list for ADHOC */
for (i = 0; i < IWL_IBSS_MAC_HASH_SIZE; i++) {
list_for_each_safe(p, q, &priv->ibss_mac_hash[i]) {