From f6864491ea45d2bd877a37fbb4a618e42fe03fbe Mon Sep 17 00:00:00 2001 From: "H. Nikolaus Schaller" Date: Sat, 12 Oct 2013 17:49:31 +0200 Subject: [PATCH] libertas/sdio: fix releasing memory twice. We have connected a Wi2Wi W2CBW003 to an OMAP3 using SDIO. We have seen an issue (not related with this patch) that sometimes power is not turned off. This did lead to a kernel Oops if an ifconfig up / down / up when the chip was not powered down. This leads to a second call to lbs_get_firmware_async() with the same priv data - and that tries to release_firmware(priv->helper_fw); This appears to be wrong, since it was alredy released in the if_sdio_do_prog_firmware. Signed-off-by: H. Nikolaus Schaller --- drivers/net/wireless/libertas/if_sdio.c | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-) diff --git a/drivers/net/wireless/libertas/if_sdio.c b/drivers/net/wireless/libertas/if_sdio.c index 4557833..a04eb41 100644 --- a/drivers/net/wireless/libertas/if_sdio.c +++ b/drivers/net/wireless/libertas/if_sdio.c @@ -769,6 +769,19 @@ static int if_sdio_prog_firmware(struct if_sdio_card *card) return 0; } + /* This is missing in lbs_get_firmware_async() + * and therefore a second call using the same priv structure + * may find a stale helper_fw entry that has already been + * released by release_firmware(helper) in + * if_sdio_do_prog_firmware(). + * Or doing that release in if_sdio_do_prog_firmware() + * is a duplicate and should not be there. + * Anyways, this can happen if a ifconfig up / down / up + * sequence is issued. + */ + + card->priv->helper_fw = NULL; + ret = lbs_get_firmware_async(card->priv, &card->func->dev, card->model, fw_table, if_sdio_do_prog_firmware); -- 1.7.7.4