Commit 0359facc authored by Mohamed Abbas's avatar Mohamed Abbas Committed by John W. Linville

iwlwifi: fix race condition during driver unload

This patch fixed the OOPS when load the driver while rf-kill is on then
unload the driver right after load. a race condition caused the interupt
handler to schedule the tasklet which will run right after the driver pci_remove
causing invalid poiter OOPS.
Signed-off-by: default avatarMohamed Abbas <mabbas@linux.intel.com>
Signed-off-by: default avatarJoonwoo Park <joonwpark81@gmail.com>
Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent ad97edd2
...@@ -4153,6 +4153,16 @@ static void iwl3945_enable_interrupts(struct iwl3945_priv *priv) ...@@ -4153,6 +4153,16 @@ static void iwl3945_enable_interrupts(struct iwl3945_priv *priv)
iwl3945_write32(priv, CSR_INT_MASK, CSR_INI_SET_MASK); iwl3945_write32(priv, CSR_INT_MASK, CSR_INI_SET_MASK);
} }
/* call this function to flush any scheduled tasklet */
static inline void iwl_synchronize_irq(struct iwl3945_priv *priv)
{
/* wait to make sure we flush pedding tasklet*/
synchronize_irq(priv->pci_dev->irq);
tasklet_kill(&priv->irq_tasklet);
}
static inline void iwl3945_disable_interrupts(struct iwl3945_priv *priv) static inline void iwl3945_disable_interrupts(struct iwl3945_priv *priv)
{ {
clear_bit(STATUS_INT_ENABLED, &priv->status); clear_bit(STATUS_INT_ENABLED, &priv->status);
...@@ -4552,7 +4562,9 @@ static void iwl3945_irq_tasklet(struct iwl3945_priv *priv) ...@@ -4552,7 +4562,9 @@ static void iwl3945_irq_tasklet(struct iwl3945_priv *priv)
} }
/* Re-enable all interrupts */ /* Re-enable all interrupts */
iwl3945_enable_interrupts(priv); /* only Re-enable if disabled by irq */
if (test_bit(STATUS_INT_ENABLED, &priv->status))
iwl3945_enable_interrupts(priv);
#ifdef CONFIG_IWL3945_DEBUG #ifdef CONFIG_IWL3945_DEBUG
if (iwl3945_debug_level & (IWL_DL_ISR)) { if (iwl3945_debug_level & (IWL_DL_ISR)) {
...@@ -4616,7 +4628,9 @@ unplugged: ...@@ -4616,7 +4628,9 @@ unplugged:
none: none:
/* re-enable interrupts here since we don't have anything to service. */ /* re-enable interrupts here since we don't have anything to service. */
iwl3945_enable_interrupts(priv); /* only Re-enable if disabled by irq */
if (test_bit(STATUS_INT_ENABLED, &priv->status))
iwl3945_enable_interrupts(priv);
spin_unlock(&priv->lock); spin_unlock(&priv->lock);
return IRQ_NONE; return IRQ_NONE;
} }
...@@ -5905,7 +5919,10 @@ static void __iwl3945_down(struct iwl3945_priv *priv) ...@@ -5905,7 +5919,10 @@ static void __iwl3945_down(struct iwl3945_priv *priv)
iwl3945_write32(priv, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET); iwl3945_write32(priv, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET);
/* tell the device to stop sending interrupts */ /* tell the device to stop sending interrupts */
spin_lock_irqsave(&priv->lock, flags);
iwl3945_disable_interrupts(priv); iwl3945_disable_interrupts(priv);
spin_unlock_irqrestore(&priv->lock, flags);
iwl_synchronize_irq(priv);
if (priv->mac80211_registered) if (priv->mac80211_registered)
ieee80211_stop_queues(priv->hw); ieee80211_stop_queues(priv->hw);
...@@ -7943,6 +7960,7 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e ...@@ -7943,6 +7960,7 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
struct ieee80211_hw *hw; struct ieee80211_hw *hw;
struct iwl_3945_cfg *cfg = (struct iwl_3945_cfg *)(ent->driver_data); struct iwl_3945_cfg *cfg = (struct iwl_3945_cfg *)(ent->driver_data);
int i; int i;
unsigned long flags;
DECLARE_MAC_BUF(mac); DECLARE_MAC_BUF(mac);
/* Disabling hardware scan means that mac80211 will perform scans /* Disabling hardware scan means that mac80211 will perform scans
...@@ -8093,7 +8111,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e ...@@ -8093,7 +8111,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
priv->power_mode = IWL_POWER_AC; priv->power_mode = IWL_POWER_AC;
priv->user_txpower_limit = IWL_DEFAULT_TX_POWER; priv->user_txpower_limit = IWL_DEFAULT_TX_POWER;
spin_lock_irqsave(&priv->lock, flags);
iwl3945_disable_interrupts(priv); iwl3945_disable_interrupts(priv);
spin_unlock_irqrestore(&priv->lock, flags);
err = sysfs_create_group(&pdev->dev.kobj, &iwl3945_attribute_group); err = sysfs_create_group(&pdev->dev.kobj, &iwl3945_attribute_group);
if (err) { if (err) {
...@@ -8180,6 +8200,7 @@ static void __devexit iwl3945_pci_remove(struct pci_dev *pdev) ...@@ -8180,6 +8200,7 @@ static void __devexit iwl3945_pci_remove(struct pci_dev *pdev)
struct iwl3945_priv *priv = pci_get_drvdata(pdev); struct iwl3945_priv *priv = pci_get_drvdata(pdev);
struct list_head *p, *q; struct list_head *p, *q;
int i; int i;
unsigned long flags;
if (!priv) if (!priv)
return; return;
...@@ -8190,6 +8211,15 @@ static void __devexit iwl3945_pci_remove(struct pci_dev *pdev) ...@@ -8190,6 +8211,15 @@ static void __devexit iwl3945_pci_remove(struct pci_dev *pdev)
iwl3945_down(priv); iwl3945_down(priv);
/* make sure we flush any pending irq or
* tasklet for the driver
*/
spin_lock_irqsave(&priv->lock, flags);
iwl3945_disable_interrupts(priv);
spin_unlock_irqrestore(&priv->lock, flags);
iwl_synchronize_irq(priv);
/* Free MAC hash list for ADHOC */ /* Free MAC hash list for ADHOC */
for (i = 0; i < IWL_IBSS_MAC_HASH_SIZE; i++) { for (i = 0; i < IWL_IBSS_MAC_HASH_SIZE; i++) {
list_for_each_safe(p, q, &priv->ibss_mac_hash[i]) { list_for_each_safe(p, q, &priv->ibss_mac_hash[i]) {
......
...@@ -4285,6 +4285,14 @@ static void iwl4965_enable_interrupts(struct iwl_priv *priv) ...@@ -4285,6 +4285,14 @@ static void iwl4965_enable_interrupts(struct iwl_priv *priv)
iwl_write32(priv, CSR_INT_MASK, CSR_INI_SET_MASK); iwl_write32(priv, CSR_INT_MASK, CSR_INI_SET_MASK);
} }
/* call this function to flush any scheduled tasklet */
static inline void iwl_synchronize_irq(struct iwl_priv *priv)
{
/* wait to make sure we flush pedding tasklet*/
synchronize_irq(priv->pci_dev->irq);
tasklet_kill(&priv->irq_tasklet);
}
static inline void iwl4965_disable_interrupts(struct iwl_priv *priv) static inline void iwl4965_disable_interrupts(struct iwl_priv *priv)
{ {
clear_bit(STATUS_INT_ENABLED, &priv->status); clear_bit(STATUS_INT_ENABLED, &priv->status);
...@@ -4668,7 +4676,9 @@ static void iwl4965_irq_tasklet(struct iwl_priv *priv) ...@@ -4668,7 +4676,9 @@ static void iwl4965_irq_tasklet(struct iwl_priv *priv)
} }
/* Re-enable all interrupts */ /* Re-enable all interrupts */
iwl4965_enable_interrupts(priv); /* only Re-enable if diabled by irq */
if (test_bit(STATUS_INT_ENABLED, &priv->status))
iwl4965_enable_interrupts(priv);
#ifdef CONFIG_IWLWIFI_DEBUG #ifdef CONFIG_IWLWIFI_DEBUG
if (iwl_debug_level & (IWL_DL_ISR)) { if (iwl_debug_level & (IWL_DL_ISR)) {
...@@ -4733,7 +4743,9 @@ static irqreturn_t iwl4965_isr(int irq, void *data) ...@@ -4733,7 +4743,9 @@ static irqreturn_t iwl4965_isr(int irq, void *data)
none: none:
/* re-enable interrupts here since we don't have anything to service. */ /* re-enable interrupts here since we don't have anything to service. */
iwl4965_enable_interrupts(priv); /* only Re-enable if diabled by irq */
if (test_bit(STATUS_INT_ENABLED, &priv->status))
iwl4965_enable_interrupts(priv);
spin_unlock(&priv->lock); spin_unlock(&priv->lock);
return IRQ_NONE; return IRQ_NONE;
} }
...@@ -5772,7 +5784,10 @@ static void __iwl4965_down(struct iwl_priv *priv) ...@@ -5772,7 +5784,10 @@ static void __iwl4965_down(struct iwl_priv *priv)
iwl_write32(priv, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET); iwl_write32(priv, CSR_RESET, CSR_RESET_REG_FLAG_NEVO_RESET);
/* tell the device to stop sending interrupts */ /* tell the device to stop sending interrupts */
spin_lock_irqsave(&priv->lock, flags);
iwl4965_disable_interrupts(priv); iwl4965_disable_interrupts(priv);
spin_unlock_irqrestore(&priv->lock, flags);
iwl_synchronize_irq(priv);
if (priv->mac80211_registered) if (priv->mac80211_registered)
ieee80211_stop_queues(priv->hw); ieee80211_stop_queues(priv->hw);
...@@ -7996,6 +8011,7 @@ static int iwl4965_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e ...@@ -7996,6 +8011,7 @@ static int iwl4965_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
struct iwl_priv *priv; struct iwl_priv *priv;
struct ieee80211_hw *hw; struct ieee80211_hw *hw;
struct iwl_cfg *cfg = (struct iwl_cfg *)(ent->driver_data); struct iwl_cfg *cfg = (struct iwl_cfg *)(ent->driver_data);
unsigned long flags;
DECLARE_MAC_BUF(mac); DECLARE_MAC_BUF(mac);
/************************ /************************
...@@ -8133,7 +8149,9 @@ static int iwl4965_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e ...@@ -8133,7 +8149,9 @@ static int iwl4965_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
/******************** /********************
* 8. Setup services * 8. Setup services
********************/ ********************/
spin_lock_irqsave(&priv->lock, flags);
iwl4965_disable_interrupts(priv); iwl4965_disable_interrupts(priv);
spin_unlock_irqrestore(&priv->lock, flags);
err = sysfs_create_group(&pdev->dev.kobj, &iwl4965_attribute_group); err = sysfs_create_group(&pdev->dev.kobj, &iwl4965_attribute_group);
if (err) { if (err) {
...@@ -8182,6 +8200,7 @@ static void __devexit iwl4965_pci_remove(struct pci_dev *pdev) ...@@ -8182,6 +8200,7 @@ static void __devexit iwl4965_pci_remove(struct pci_dev *pdev)
struct iwl_priv *priv = pci_get_drvdata(pdev); struct iwl_priv *priv = pci_get_drvdata(pdev);
struct list_head *p, *q; struct list_head *p, *q;
int i; int i;
unsigned long flags;
if (!priv) if (!priv)
return; return;
...@@ -8192,6 +8211,15 @@ static void __devexit iwl4965_pci_remove(struct pci_dev *pdev) ...@@ -8192,6 +8211,15 @@ static void __devexit iwl4965_pci_remove(struct pci_dev *pdev)
iwl4965_down(priv); iwl4965_down(priv);
/* make sure we flush any pending irq or
* tasklet for the driver
*/
spin_lock_irqsave(&priv->lock, flags);
iwl4965_disable_interrupts(priv);
spin_unlock_irqrestore(&priv->lock, flags);
iwl_synchronize_irq(priv);
/* Free MAC hash list for ADHOC */ /* Free MAC hash list for ADHOC */
for (i = 0; i < IWL_IBSS_MAC_HASH_SIZE; i++) { for (i = 0; i < IWL_IBSS_MAC_HASH_SIZE; i++) {
list_for_each_safe(p, q, &priv->ibss_mac_hash[i]) { list_for_each_safe(p, q, &priv->ibss_mac_hash[i]) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment