diff options
author | Wey-Yi Guy <wey-yi.w.guy@intel.com> | 2010-11-17 14:17:53 -0800 |
---|---|---|
committer | Wey-Yi Guy <wey-yi.w.guy@intel.com> | 2010-12-02 08:34:54 -0800 |
commit | 40b97c2fe96a476f1c228345f0c6a2d135a8b226 (patch) | |
tree | 979c349b71b6de6c1d9150e2b6a8035cddc339e7 | |
parent | 61790c5f3c5f158821821a00797d94504531839f (diff) |
iwlagn: fix race condition when reprogram sta
During reprogram stations, do not send link quality command.
uCode will crash if receive link quality command for invalid station
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
-rw-r--r-- | drivers/net/wireless/iwlwifi/iwl-sta.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c b/drivers/net/wireless/iwlwifi/iwl-sta.c index 0a67b2fa52a..4776323b1eb 100644 --- a/drivers/net/wireless/iwlwifi/iwl-sta.c +++ b/drivers/net/wireless/iwlwifi/iwl-sta.c @@ -647,6 +647,7 @@ void iwl_reprogram_ap_sta(struct iwl_priv *priv, struct iwl_rxon_context *ctx) memcpy(&lq, priv->stations[sta_id].lq, sizeof(lq)); active = priv->stations[sta_id].used & IWL_STA_UCODE_ACTIVE; + priv->stations[sta_id].used &= ~IWL_STA_DRIVER_ACTIVE; spin_unlock_irqrestore(&priv->sta_lock, flags); if (active) { @@ -657,6 +658,10 @@ void iwl_reprogram_ap_sta(struct iwl_priv *priv, struct iwl_rxon_context *ctx) IWL_ERR(priv, "failed to remove STA %pM (%d)\n", priv->stations[sta_id].sta.sta.addr, ret); } + spin_lock_irqsave(&priv->sta_lock, flags); + priv->stations[sta_id].used |= IWL_STA_DRIVER_ACTIVE; + spin_unlock_irqrestore(&priv->sta_lock, flags); + ret = iwl_send_add_sta(priv, &sta_cmd, CMD_SYNC); if (ret) IWL_ERR(priv, "failed to re-add STA %pM (%d)\n", @@ -777,6 +782,14 @@ int iwl_send_lq_cmd(struct iwl_priv *priv, struct iwl_rxon_context *ctx, if (WARN_ON(lq->sta_id == IWL_INVALID_STATION)) return -EINVAL; + + spin_lock_irqsave(&priv->sta_lock, flags_spin); + if (!(priv->stations[lq->sta_id].used & IWL_STA_DRIVER_ACTIVE)) { + spin_unlock_irqrestore(&priv->sta_lock, flags_spin); + return -EINVAL; + } + spin_unlock_irqrestore(&priv->sta_lock, flags_spin); + iwl_dump_lq_cmd(priv, lq); BUG_ON(init && (cmd.flags & CMD_ASYNC)); |