From c60bdd8334804720e9d236c543612c998baaee0d Mon Sep 17 00:00:00 2001 From: Michal Kazior Date: Wed, 29 Jan 2014 07:26:31 +0100 Subject: [PATCH] ath10k: properly return err from start() If recovery failed ath10k returned 0 (success) and mac80211 continued to call other driver callbacks. This caused null dereference. This is how the failure looked like: ath10k: ctl_resp never came in (-110) ath10k: failed to connect to HTC: -110 ath10k: could not init core (-110) BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] ath10k_ce_send+0x1d/0x15d [ath10k_pci] PGD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: ath10k_pci ath10k_core ath5k ath9k ath9k_common ath9k_hw ath mac80211 cfg80211 nf_nat_ipv4 ] CPU: 1 PID: 36 Comm: kworker/1:1 Tainted: G WC 3.13.0-rc8-wl-ath+ #8 Hardware name: To be filled by O.E.M. To be filled by O.E.M./HURONRIVER, BIOS 4.6.5 05/02/2012 Workqueue: events ieee80211_restart_work [mac80211] task: ffff880215b521c0 ti: ffff880215e18000 task.ti: ffff880215e18000 RIP: 0010:[] [] ath10k_ce_send+0x1d/0x15d [ath10k_pci] RSP: 0018:ffff880215e19af8 EFLAGS: 00010292 RAX: ffff880215e19b10 RBX: 0000000000000000 RCX: 0000000000000018 RDX: 00000000d9ccf800 RSI: ffff8800c965ad00 RDI: 0000000000000000 RBP: ffff880215e19b58 R08: 0000000000000002 R09: 0000000000000000 R10: ffffffff812e1a23 R11: 0000000000000292 R12: 0000000000000018 R13: 0000000000000000 R14: 0000000000000002 R15: ffff88021562d700 FS: 0000000000000000(0000) GS:ffff88021fa80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000001a0d000 CR4: 00000000000407e0 Stack: d9ccf8000d47df40 ffffffffa0b367a0 ffff880215e19b10 0000000000000010 ffff880215e19b68 ffff880215e19b28 0000000000000018 ffff8800c965ad00 0000000000000018 0000000000000000 0000000000000002 ffff88021562d700 Call Trace: [] ath10k_pci_hif_send_head+0xa7/0xcb [ath10k_pci] [] ath10k_htc_send+0x23d/0x2d0 [ath10k_core] [] ath10k_wmi_cmd_send_nowait+0x5d/0x85 [ath10k_core] [] ath10k_wmi_cmd_send+0x62/0x115 [ath10k_core] [] ? __netdev_alloc_skb+0x4b/0x9b [] ath10k_wmi_vdev_set_param+0x91/0xa3 [ath10k_core] [] ath10k_mac_set_rts+0x3e/0x40 [ath10k_core] [] ath10k_set_frag_threshold+0x5e/0x9c [ath10k_core] [] ieee80211_reconfig+0x12a/0x7b3 [mac80211] [] ? mutex_unlock+0x9/0xb [] ieee80211_restart_work+0x5e/0x68 [mac80211] [] process_one_work+0x1d7/0x2fc [] ? process_one_work+0x16d/0x2fc [] worker_thread+0x12e/0x1fb [] ? rescuer_thread+0x27b/0x27b [] kthread+0xb5/0xbd [] ? _raw_spin_unlock_irq+0x28/0x42 [] ? __kthread_parkme+0x5c/0x5c [] ret_from_fork+0x7c/0xb0 [] ? __kthread_parkme+0x5c/0x5c Code: df ff d0 48 83 c4 18 5b 41 5c 41 5d 5d c3 55 48 89 e5 41 57 41 56 45 89 c6 41 55 41 54 41 89 cc 53 48 89 RIP [] ath10k_ce_send+0x1d/0x15d [ath10k_pci] RSP CR2: 0000000000000000 Reported-By: Ben Greear Signed-off-by: Michal Kazior Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath10k/mac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c index bb1c8397c0d3..ce91d5c9d60a 100644 --- a/drivers/net/wireless/ath/ath10k/mac.c +++ b/drivers/net/wireless/ath/ath10k/mac.c @@ -2187,10 +2187,11 @@ static int ath10k_start(struct ieee80211_hw *hw) ret); ath10k_regd_update(ar); + ret = 0; exit: mutex_unlock(&ar->conf_mutex); - return 0; + return ret; } static void ath10k_stop(struct ieee80211_hw *hw)