ath9k: Race condition in accessing TX and RX buffers.
authorSenthil Balasubramanian <senthilkumar@atheros.com>
Thu, 13 Nov 2008 12:31:08 +0000 (18:01 +0530)
committerJohn W. Linville <linville@tuxdriver.com>
Tue, 25 Nov 2008 21:41:31 +0000 (16:41 -0500)
Race condition causes RX buffers to be accessed even before it is
initialized. The RX and TX buffers are initialized immediately after
the hardware is registered with mac80211. The mac80211 start callback
is ready to be fired once the device is registered for a case when the
wpa_supplicant is also running at the same time.

The same race condition is also possible for RKFILL registration
as RFKILL init happens after the device registration with mac80211
and it is possible that rfkill_register would be called even before
it is initialized.

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/ath9k/main.c

index 1ebf60627f7701b0fc5c22dad23513a199dea164..c928db9dc0f0b5846c2022582ce32d7ebecdd10d 100644 (file)
@@ -912,14 +912,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc)
                hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
                        &sc->sbands[IEEE80211_BAND_5GHZ];
 
                hw->wiphy->bands[IEEE80211_BAND_5GHZ] =
                        &sc->sbands[IEEE80211_BAND_5GHZ];
 
-       error = ieee80211_register_hw(hw);
-       if (error != 0) {
-               ath_rate_control_unregister();
-               goto bad;
-       }
+       /* initialize tx/rx engine */
+       error = ath_tx_init(sc, ATH_TXBUF);
+       if (error != 0)
+               goto detach;
 
 
-       /* Initialize LED control */
-       ath_init_leds(sc);
+       error = ath_rx_init(sc, ATH_RXBUF);
+       if (error != 0)
+               goto detach;
 
 #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE)
        /* Initialze h/w Rfkill */
 
 #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE)
        /* Initialze h/w Rfkill */
@@ -931,15 +931,14 @@ static int ath_attach(u16 devid, struct ath_softc *sc)
                goto detach;
 #endif
 
                goto detach;
 #endif
 
-       /* initialize tx/rx engine */
-
-       error = ath_tx_init(sc, ATH_TXBUF);
-       if (error != 0)
-               goto detach;
+       error = ieee80211_register_hw(hw);
+       if (error != 0) {
+               ath_rate_control_unregister();
+               goto bad;
+       }
 
 
-       error = ath_rx_init(sc, ATH_RXBUF);
-       if (error != 0)
-               goto detach;
+       /* Initialize LED control */
+       ath_init_leds(sc);
 
        return 0;
 detach:
 
        return 0;
 detach: