diff options
| author | Miri Korenblit <miriam.rachel.korenblit@intel.com> | 2025-03-06 13:25:48 +0300 | 
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2025-03-07 11:57:39 +0300 | 
| commit | 1801a94299a5c7fc1a6825e92e1ce0dc7099faa9 (patch) | |
| tree | 93fcc256195c383f22f11ada89abf6b2653f9d36 /rust/helpers/mutex.c | |
| parent | b8c8a03e9b7bfc06f366b75daf3d0812400e7123 (diff) | |
| download | linux-1801a94299a5c7fc1a6825e92e1ce0dc7099faa9.tar.xz | |
wifi: iwlwifi: trans: cancel restart work on op mode leave
If the restart work happens to run after the opmode left
(i.e. called iwl_trans_op_mode_leave), then the opmode memory (including
its mutex) is likely to be freed already, and trans->opmode is NULL.
Although the hw is stopped in that stage, which means that this restart
got aborted (i.e. STATUS_RESET_PENDING will be cleared),
it still can access trans->opmode (NULL pointer dereference)
or the opmodes memory (which is freed).
Fix this by canceling the restart wk in iwl_trans_op_mode_leave.
Also make sure that the restart wk is really aborted.
Fixes: 7391b2a4f7db ("wifi: iwlwifi: rework firmware error handling")
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Link: https://patch.msgid.link/20250306122425.801301ba1b8b.I6f6143f550b6335b699920c5d4b2b78449607a96@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'rust/helpers/mutex.c')
0 files changed, 0 insertions, 0 deletions
