uwb: remove beacon cache entry after calling uwb_notify()
authorStefano Panella <stefano.panella@csr.com>
Tue, 23 Dec 2008 12:31:09 +0000 (12:31 +0000)
committerDavid Vrabel <david.vrabel@csr.com>
Tue, 23 Dec 2008 12:31:09 +0000 (12:31 +0000)
Removing the beacon cache entry from a uwb_dev can cause an oops if the
bce is released before the call to uwb_notify().

Signed-off-by: Stefano Panella <stefano.panella@csr.com>
Signed-off-by: David Vrabel <david.vrabel@csr.com>
drivers/uwb/beacon.c
drivers/uwb/lc-dev.c

index 0315093e221676cce2ad730561db1bffb02f2344..36bc3158006f5e21012e0d79af888ff27605c99b 100644 (file)
@@ -289,8 +289,6 @@ void uwb_beca_purge(struct uwb_rc *rc)
                expires = bce->ts_jiffies + msecs_to_jiffies(beacon_timeout_ms);
                if (time_after(jiffies, expires)) {
                        uwbd_dev_offair(bce);
                expires = bce->ts_jiffies + msecs_to_jiffies(beacon_timeout_ms);
                if (time_after(jiffies, expires)) {
                        uwbd_dev_offair(bce);
-                       list_del(&bce->node);
-                       uwb_bce_put(bce);
                }
        }
        mutex_unlock(&rc->uwb_beca.mutex);
                }
        }
        mutex_unlock(&rc->uwb_beca.mutex);
index f78087b85918cb29d9cfa52a16045934a2816733..e9fe1bb7eb232ccda5f3a4a48581bc3a8b6ef752 100644 (file)
@@ -375,6 +375,8 @@ int __uwb_dev_offair(struct uwb_dev *uwb_dev, struct uwb_rc *rc)
                 rc ? rc->uwb_dev.dev.parent->bus->name : "n/a",
                 rc ? dev_name(rc->uwb_dev.dev.parent) : "");
        uwb_dev_rm(uwb_dev);
                 rc ? rc->uwb_dev.dev.parent->bus->name : "n/a",
                 rc ? dev_name(rc->uwb_dev.dev.parent) : "");
        uwb_dev_rm(uwb_dev);
+       list_del(&uwb_dev->bce->node);
+       uwb_bce_put(uwb_dev->bce);
        uwb_dev_put(uwb_dev);   /* for the creation in _onair() */
 
        return 0;
        uwb_dev_put(uwb_dev);   /* for the creation in _onair() */
 
        return 0;