package/kernel/mac80211/patches/370-0010-brcmfmac-Only-handle-p2p_stop_device-if-vif-is-valid.patch

   1 From: Hante Meuleman <meuleman@broadcom.com>
   2 Date: Fri, 18 Sep 2015 22:08:13 +0200
   3 Subject: [PATCH] brcmfmac: Only handle p2p_stop_device if vif is valid
   4
   5 In some situations it is possible that vif has been removed while
   6 cfg80211 invokes the p2p_stop_device handler. This will result in
   7 crash.
   8
   9 Reviewed-by: Arend Van Spriel <arend@broadcom.com>
  10 Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
  11 Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
  12 Signed-off-by: Arend van Spriel <arend@broadcom.com>
  13 Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  14 ---
  15
  16 --- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
  17 +++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
  18 @@ -2324,11 +2324,17 @@ void brcmf_p2p_stop_device(struct wiphy
  19         struct brcmf_cfg80211_vif *vif;
  20
  21         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
  22 -       mutex_lock(&cfg->usr_sync);
  23 -       (void)brcmf_p2p_deinit_discovery(p2p);
  24 -       brcmf_abort_scanning(cfg);
  25 -       clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
  26 -       mutex_unlock(&cfg->usr_sync);
  27 +       /* This call can be result of the unregister_wdev call. In that case
  28 +        * we dont want to do anything anymore. Just return. The config vif
  29 +        * will have been cleared at this point.
  30 +        */
  31 +       if (p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif == vif) {
  32 +               mutex_lock(&cfg->usr_sync);
  33 +               (void)brcmf_p2p_deinit_discovery(p2p);
  34 +               brcmf_abort_scanning(cfg);
  35 +               clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
  36 +               mutex_unlock(&cfg->usr_sync);
  37 +       }
  38  }
  39
  40  /**