b43legacy: Fix controller restart crash
This fixes a kernel crash on rmmod, in the case where the controller
was restarted before doing the rmmod.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/drivers/net/wireless/b43legacy/main.c b/drivers/net/wireless/b43legacy/main.c
index 14a5eea..204077c 100644
--- a/drivers/net/wireless/b43legacy/main.c
+++ b/drivers/net/wireless/b43legacy/main.c
@@ -3039,7 +3039,6 @@
/* Locking: wl->mutex */
static void b43legacy_wireless_core_exit(struct b43legacy_wldev *dev)
{
- struct b43legacy_wl *wl = dev->wl;
struct b43legacy_phy *phy = &dev->phy;
u32 macctl;
@@ -3054,12 +3053,6 @@
macctl |= B43legacy_MACCTL_PSM_JMP0;
b43legacy_write32(dev, B43legacy_MMIO_MACCTL, macctl);
- mutex_unlock(&wl->mutex);
- /* Must unlock as it would otherwise deadlock. No races here.
- * Cancel possibly pending workqueues. */
- cancel_work_sync(&dev->restart_work);
- mutex_lock(&wl->mutex);
-
b43legacy_leds_exit(dev);
b43legacy_rng_exit(dev->wl);
b43legacy_pio_free(dev);
@@ -3486,6 +3479,8 @@
}
}
out:
+ if (err)
+ wl->current_dev = NULL; /* Failed to init the dev. */
mutex_unlock(&wl->mutex);
if (err)
b43legacyerr(wl, "Controller restart FAILED\n");
@@ -3618,9 +3613,11 @@
struct b43legacy_wldev *wldev;
struct b43legacy_wl *wl;
+ /* Do not cancel ieee80211-workqueue based work here.
+ * See comment in b43legacy_remove(). */
+
wldev = ssb_get_drvdata(dev);
wl = wldev->wl;
- cancel_work_sync(&wldev->restart_work);
b43legacy_debugfs_remove_device(wldev);
b43legacy_wireless_core_detach(wldev);
list_del(&wldev->list);
@@ -3789,6 +3786,10 @@
struct b43legacy_wl *wl = ssb_get_devtypedata(dev);
struct b43legacy_wldev *wldev = ssb_get_drvdata(dev);
+ /* We must cancel any work here before unregistering from ieee80211,
+ * as the ieee80211 unreg will destroy the workqueue. */
+ cancel_work_sync(&wldev->restart_work);
+
B43legacy_WARN_ON(!wl);
if (wl->current_dev == wldev)
ieee80211_unregister_hw(wl->hw);