From db93e7b5bf9dea9175d5b213f9557758c56abbfc Mon Sep 17 00:00:00 2001 From: Senthil Balasubramanian Date: Thu, 13 Nov 2008 18:01:08 +0530 Subject: ath9k: Race condition in accessing TX and RX buffers. Race condition causes RX buffers to be accessed even before it is initialized. The RX and TX buffers are initialized immediately after the hardware is registered with mac80211. The mac80211 start callback is ready to be fired once the device is registered for a case when the wpa_supplicant is also running at the same time. The same race condition is also possible for RKFILL registration as RFKILL init happens after the device registration with mac80211 and it is possible that rfkill_register would be called even before it is initialized. Signed-off-by: Senthil Balasubramanian Signed-off-by: John W. Linville --- drivers/net/wireless/ath9k/main.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'drivers') diff --git a/drivers/net/wireless/ath9k/main.c b/drivers/net/wireless/ath9k/main.c index 1ebf60627f7..c928db9dc0f 100644 --- a/drivers/net/wireless/ath9k/main.c +++ b/drivers/net/wireless/ath9k/main.c @@ -912,14 +912,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc) hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &sc->sbands[IEEE80211_BAND_5GHZ]; - error = ieee80211_register_hw(hw); - if (error != 0) { - ath_rate_control_unregister(); - goto bad; - } + /* initialize tx/rx engine */ + error = ath_tx_init(sc, ATH_TXBUF); + if (error != 0) + goto detach; - /* Initialize LED control */ - ath_init_leds(sc); + error = ath_rx_init(sc, ATH_RXBUF); + if (error != 0) + goto detach; #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE) /* Initialze h/w Rfkill */ @@ -931,15 +931,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc) goto detach; #endif - /* initialize tx/rx engine */ - - error = ath_tx_init(sc, ATH_TXBUF); - if (error != 0) - goto detach; + error = ieee80211_register_hw(hw); + if (error != 0) { + ath_rate_control_unregister(); + goto bad; + } - error = ath_rx_init(sc, ATH_RXBUF); - if (error != 0) - goto detach; + /* Initialize LED control */ + ath_init_leds(sc); return 0; detach: -- cgit v1.2.3