summaryrefslogtreecommitdiff
path: root/drivers/net/wireless/brcm80211
diff options
context:
space:
mode:
authorHante Meuleman <meuleman@broadcom.com>2015-09-18 23:08:13 +0300
committerKalle Valo <kvalo@codeaurora.org>2015-09-29 10:55:58 +0300
commitd1bb34c128f59c30b75b96ef60f5f00cdbe9ca0e (patch)
treeb73d0662d1f9585ab3746e60991cb9b9acb0702c /drivers/net/wireless/brcm80211
parent9831bcb987df4aff6a1d85975f1dda4c654f298d (diff)
downloadlinux-d1bb34c128f59c30b75b96ef60f5f00cdbe9ca0e.tar.xz
brcmfmac: Only handle p2p_stop_device if vif is valid
In some situations it is possible that vif has been removed while cfg80211 invokes the p2p_stop_device handler. This will result in crash. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Diffstat (limited to 'drivers/net/wireless/brcm80211')
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/p2p.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
index 83027dcc4aae..76e477109e6d 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
@@ -2327,11 +2327,17 @@ void brcmf_p2p_stop_device(struct wiphy *wiphy, struct wireless_dev *wdev)
struct brcmf_cfg80211_vif *vif;
vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
- mutex_lock(&cfg->usr_sync);
- (void)brcmf_p2p_deinit_discovery(p2p);
- brcmf_abort_scanning(cfg);
- clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
- mutex_unlock(&cfg->usr_sync);
+ /* This call can be result of the unregister_wdev call. In that case
+ * we dont want to do anything anymore. Just return. The config vif
+ * will have been cleared at this point.
+ */
+ if (p2p->bss_idx[P2PAPI_BSSCFG_DEVICE].vif == vif) {
+ mutex_lock(&cfg->usr_sync);
+ (void)brcmf_p2p_deinit_discovery(p2p);
+ brcmf_abort_scanning(cfg);
+ clear_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state);
+ mutex_unlock(&cfg->usr_sync);
+ }
}
/**