mac80211: Do not free net device after it is unregistered.
The error path in ieee80211_register_hw() may call the unregister_netdev()
and right after it - the free_netdev(), which is wrong, since the
unregister releases the device itself.
So the proposed fix is to NULL the local->mdev after unregister is done
and check this before calling free_netdev().
I checked - no code uses the local->mdev after unregister in this error
path (but even if some did this would be a BUG).
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 9ad4e36..915afad 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1766,6 +1766,7 @@
fail_rate:
ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
unregister_netdevice(local->mdev);
+ local->mdev = NULL;
fail_dev:
rtnl_unlock();
sta_info_stop(local);
@@ -1773,8 +1774,10 @@
debugfs_hw_del(local);
destroy_workqueue(local->hw.workqueue);
fail_workqueue:
- ieee80211_if_free(local->mdev);
- local->mdev = NULL;
+ if (local->mdev != NULL) {
+ ieee80211_if_free(local->mdev);
+ local->mdev = NULL;
+ }
fail_mdev_alloc:
wiphy_unregister(local->hw.wiphy);
return result;