From e6134a455a9fd69ed0b13afb086d4aac67657f0c Mon Sep 17 00:00:00 2001 From: Bjørn Mork Date: Mon, 26 Oct 2015 12:27:39 +0100 Subject: mwlwifi: cannot deref hw after free MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjørn Mork --- main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/main.c b/main.c index 5a000c0..79d1162 100644 --- a/main.c +++ b/main.c @@ -800,12 +800,11 @@ static void mwl_remove(struct pci_dev *pdev) mwl_wl_deinit(priv); pci_set_drvdata(pdev, NULL); - ieee80211_free_hw(hw); - pci_disable_device(pdev); - #ifdef CONFIG_DEBUG_FS mwl_debugfs_remove(hw); #endif + ieee80211_free_hw(hw); + pci_disable_device(pdev); } static struct pci_driver mwl_pci_driver = { -- cgit v1.2.3 From 089a74fedef9464404ce5eceb283a4b7cc27cdc1 Mon Sep 17 00:00:00 2001 From: Bjørn Mork Date: Mon, 26 Oct 2015 12:33:42 +0100 Subject: mwlwifi: replace open coded mac print MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjørn Mork --- debugfs.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/debugfs.c b/debugfs.c index 00aa12d..4181483 100644 --- a/debugfs.c +++ b/debugfs.c @@ -48,19 +48,6 @@ static const struct file_operations mwl_debugfs_##name##_fops = { \ .open = simple_open, \ } -static int print_mac_addr(char *p, u8 *mac_addr) -{ - int i; - char *str = p; - - str += sprintf(str, "mac address: %02x", mac_addr[0]); - for (i = 1; i < ETH_ALEN; i++) - str += sprintf(str, ":%02x", mac_addr[i]); - str += sprintf(str, "\n"); - - return str-p; -} - static int dump_data(char *p, u8 *data, int len, char *title) { char *str = p; @@ -105,7 +92,7 @@ static ssize_t mwl_debugfs_info_read(struct file *file, char __user *ubuf, p += sprintf(p, "driver version: %s\n", MWL_DRV_VERSION); p += sprintf(p, "firmware version: 0x%08x\n", priv->hw_data.fw_release_num); - p += print_mac_addr(p, priv->hw_data.mac_addr); + p += sprintf(p, "mac address: %pM\n", priv->hw_data.mac_addr); p += sprintf(p, "2g: %s\n", priv->disable_2g ? "disable" : "enable"); p += sprintf(p, "5g: %s\n", priv->disable_5g ? "disable" : "enable"); p += sprintf(p, "antenna: %d %d\n", @@ -157,11 +144,11 @@ static ssize_t mwl_debugfs_vif_read(struct file *file, char __user *ubuf, vif->bss_conf.ssid_len); ssid[vif->bss_conf.ssid_len] = 0; p += sprintf(p, "ssid: %s\n", ssid); - p += print_mac_addr(p, mwl_vif->bssid); + p += sprintf(p, "mac address: %pM\n", mwl_vif->bssid); break; case NL80211_IFTYPE_STATION: p += sprintf(p, "type: sta\n"); - p += print_mac_addr(p, mwl_vif->sta_mac); + p += sprintf(p, "mac address: %pM\n", mwl_vif->sta_mac); break; default: p += sprintf(p, "type: unknown\n"); @@ -210,7 +197,7 @@ static ssize_t mwl_debugfs_sta_read(struct file *file, char __user *ubuf, list_for_each_entry(sta_info, &priv->sta_list, list) { sta = container_of((char *)sta_info, struct ieee80211_sta, drv_priv[0]); - p += print_mac_addr(p, sta->addr); + p += sprintf(p, "mac address: %pM\n", sta->addr); p += sprintf(p, "aid: %u\n", sta->aid); p += sprintf(p, "ampdu: %s\n", sta_info->is_ampdu_allowed ? "true" : "false"); @@ -254,7 +241,7 @@ static ssize_t mwl_debugfs_ampdu_read(struct file *file, char __user *ubuf, p += sprintf(p, "idx: %u\n", stream->idx); p += sprintf(p, "state: %u\n", stream->state); if (stream->sta) { - p += print_mac_addr(p, stream->sta->addr); + p += sprintf(p, "mac address: %pM\n", stream->sta->addr); p += sprintf(p, "tid: %u\n", stream->tid); } } -- cgit v1.2.3 From e821b5070cc38e642b3a0daa88d133ec0cb63493 Mon Sep 17 00:00:00 2001 From: Bjørn Mork Date: Mon, 26 Oct 2015 12:39:04 +0100 Subject: mwlwifi: remove awkward boolean back-n-forth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjørn Mork --- debugfs.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/debugfs.c b/debugfs.c index 4181483..4f2b877 100644 --- a/debugfs.c +++ b/debugfs.c @@ -258,15 +258,12 @@ static ssize_t mwl_debugfs_ampdu_read(struct file *file, char __user *ubuf, static int mwl_debugfs_reg_access(struct mwl_priv *priv, bool write) { struct ieee80211_hw *hw = priv->hw; - u8 set; u32 *addr_val; int ret = 0; - set = write ? WL_SET : WL_GET; - switch (priv->reg_type) { case MWL_ACCESS_MAC: - if (set == WL_GET) + if (!write) priv->reg_value = le32_to_cpu(MAC_REG_ADDR_PCI(priv->reg_offset)); else @@ -274,19 +271,19 @@ static int mwl_debugfs_reg_access(struct mwl_priv *priv, bool write) MAC_REG_ADDR_PCI(priv->reg_offset)); break; case MWL_ACCESS_RF: - ret = mwl_fwcmd_reg_rf(hw, set, priv->reg_offset, - &priv->reg_value); + ret = mwl_fwcmd_reg_rf(hw, write ? WL_SET : WL_GET, + priv->reg_offset, &priv->reg_value); break; case MWL_ACCESS_BBP: - ret = mwl_fwcmd_reg_bb(hw, set, priv->reg_offset, - &priv->reg_value); + ret = mwl_fwcmd_reg_bb(hw, write ? WL_SET : WL_GET, + priv->reg_offset, &priv->reg_value); break; case MWL_ACCESS_CAU: - ret = mwl_fwcmd_reg_cau(hw, set, priv->reg_offset, - &priv->reg_value); + ret = mwl_fwcmd_reg_cau(hw, write ? WL_SET : WL_GET, + priv->reg_offset, &priv->reg_value); break; case MWL_ACCESS_ADDR0: - if (set == WL_GET) + if (!write) priv->reg_value = readl(priv->iobase0 + priv->reg_offset); else @@ -294,7 +291,7 @@ static int mwl_debugfs_reg_access(struct mwl_priv *priv, bool write) priv->iobase0 + priv->reg_offset); break; case MWL_ACCESS_ADDR1: - if (set == WL_GET) + if (!write) priv->reg_value = readl(priv->iobase1 + priv->reg_offset); else @@ -307,8 +304,9 @@ static int mwl_debugfs_reg_access(struct mwl_priv *priv, bool write) memset(addr_val, 0, 64 * sizeof(u32)); addr_val[0] = priv->reg_value; ret = mwl_fwcmd_get_addr_value(hw, priv->reg_offset, - 4, addr_val, set); - if ((!ret) && (set == WL_GET)) + 4, addr_val, + write ? WL_SET : WL_GET); + if (!ret && !write) priv->reg_value = addr_val[0]; kfree(addr_val); } else -- cgit v1.2.3 From d310aecfcc9545ba0abbfb5e2638497ae924b34d Mon Sep 17 00:00:00 2001 From: Bjørn Mork Date: Mon, 26 Oct 2015 14:46:56 +0100 Subject: mwlwifi: avoid downloading firmware to non-responding device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjørn Mork --- fwcmd.c | 11 +++++++---- fwcmd.h | 2 +- fwdl.c | 5 ++++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/fwcmd.c b/fwcmd.c index 62ed88a..42eee94 100644 --- a/fwcmd.c +++ b/fwcmd.c @@ -661,13 +661,16 @@ static int mwl_fwcmd_encryption_set_cmd_info(struct hostcmd_cmd_set_key *cmd, return 0; } -void mwl_fwcmd_reset(struct ieee80211_hw *hw) +int mwl_fwcmd_reset(struct ieee80211_hw *hw) { struct mwl_priv *priv = hw->priv; - if (mwl_fwcmd_chk_adapter(priv)) - writel(ISR_RESET, - priv->iobase1 + MACREG_REG_H2A_INTERRUPT_EVENTS); + if (!mwl_fwcmd_chk_adapter(priv)) + return -ENODEV; + + writel(ISR_RESET, + priv->iobase1 + MACREG_REG_H2A_INTERRUPT_EVENTS); + return 0; } void mwl_fwcmd_int_enable(struct ieee80211_hw *hw) diff --git a/fwcmd.h b/fwcmd.h index 6775c98..3abd493 100644 --- a/fwcmd.h +++ b/fwcmd.h @@ -55,7 +55,7 @@ enum encr_type { ENCR_TYPE_MIX = 7, }; -void mwl_fwcmd_reset(struct ieee80211_hw *hw); +int mwl_fwcmd_reset(struct ieee80211_hw *hw); void mwl_fwcmd_int_enable(struct ieee80211_hw *hw); diff --git a/fwdl.c b/fwdl.c index 48c8c3e..f775caa 100644 --- a/fwdl.c +++ b/fwdl.c @@ -60,7 +60,9 @@ int mwl_fwdl_download_firmware(struct ieee80211_hw *hw) fw = priv->fw_ucode; - mwl_fwcmd_reset(hw); + /* if reset fails, then dl will most likely hang */ + if (mwl_fwcmd_reset(hw) < 0) + goto err_reset; /* FW before jumping to boot rom, it will enable PCIe transaction retry, * wait for boot code to stop it. @@ -178,5 +180,6 @@ err_download: mwl_fwcmd_reset(hw); +err_reset: return -EIO; } -- cgit v1.2.3 From ff4454109d49d25f36897408911178eda12d24b8 Mon Sep 17 00:00:00 2001 From: Bjørn Mork Date: Mon, 26 Oct 2015 14:58:50 +0100 Subject: mwlwifi: reorder remove MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bjørn Mork --- main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.c b/main.c index 79d1162..da1525e 100644 --- a/main.c +++ b/main.c @@ -799,11 +799,11 @@ static void mwl_remove(struct pci_dev *pdev) priv = hw->priv; mwl_wl_deinit(priv); - pci_set_drvdata(pdev, NULL); #ifdef CONFIG_DEBUG_FS mwl_debugfs_remove(hw); #endif ieee80211_free_hw(hw); + pci_set_drvdata(pdev, NULL); pci_disable_device(pdev); } -- cgit v1.2.3