Brian Norris 643acea629 mwifiex: re-register wiphy across reset ... In general, it's helpful to use the same code for device removal as for device reset, as this tends to have fewer bugs. Let's move the wiphy unregistration code into the common reset and removal code. In particular, it's very hard to properly handle the reset sequence when something fails. Currently, if mwifiex_reinit_sw() fails, we've failed to unregister the associated wiphy, and so running something as simple as "iw phy" can trigger an OOPS, as the wiphy still has hooks back into freed mwifiex data structures. For example, KASAN complained: [... see reset fail for other reasons ...] [ 1184.821158] mwifiex_pcie 0000:01:00.0: info: dnld wifi firmware from 174948 bytes [ 1186.870914] mwifiex_pcie 0000:01:00.0: info: FW download over, size 608396 bytes [ 1187.685990] mwifiex_pcie 0000:01:00.0: WLAN FW is active [ 1187.692673] mwifiex_pcie 0000:01:00.0: cmd_wait_q terminated: -512 [ 1187.699075] mwifiex_pcie 0000:01:00.0: info: _mwifiex_fw_dpc: unregister device [ 1187.713476] mwifiex: Failed to bring up adapter: -5 [ 1187.718644] mwifiex_pcie 0000:01:00.0: reinit failed: -5 [... run `iw phy` ...] [ 1212.902419] ================================================================== [ 1212.909806] BUG: KASAN: use-after-free in mwifiex_cfg80211_get_antenna+0x54/0xfc [mwifiex] at addr ffffffc0ad1a8028 [ 1212.920246] Read of size 1 by task iw/3127 [...] [ 1212.934946] page dumped because: kasan: bad access detected [...] [ 1212.950665] Call trace: [ 1212.953148] [<ffffffc00020a69c>] dump_backtrace+0x0/0x190 [ 1212.958572] [<ffffffc00020a96c>] show_stack+0x20/0x28 [ 1212.963648] [<ffffffc0005ce18c>] dump_stack+0xa4/0xcc [ 1212.968723] [<ffffffc0003c4430>] kasan_report+0x378/0x500 [ 1212.974140] [<ffffffc0003c3358>] __asan_load1+0x44/0x4c [ 1212.979462] [<ffffffbffc2e8360>] mwifiex_cfg80211_get_antenna+0x54/0xfc [mwifiex] [ 1212.987131] [<ffffffbffc084fc4>] nl80211_send_wiphy+0x75c/0x2de0 [cfg80211] [ 1212.994246] [<ffffffbffc094f60>] nl80211_dump_wiphy+0x32c/0x438 [cfg80211] [ 1213.001149] [<ffffffc000ab6404>] genl_lock_dumpit+0x48/0x64 [ 1213.006746] [<ffffffc000ab3474>] netlink_dump+0x178/0x398 [ 1213.012171] [<ffffffc000ab3d18>] __netlink_dump_start+0x1bc/0x260 [...] This all goes away if we just tear down the wiphy on the way down, and set it back up if/when we bring the device back up. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>		2017-07-28 17:47:46 +03:00
..
admtek	networking: make skb_push & __skb_push return void pointers	2017-06-16 11:48:40 -04:00
ath	ath10k: increase buffer len to print all wmi services	2017-07-06 15:18:44 +03:00
atmel	networking: introduce and use skb_put_data()	2017-06-16 11:48:37 -04:00
broadcom	drivers/net: Fix ptr_ret.cocci warnings.	2017-07-25 12:27:06 -07:00
cisco	wireless: airo: remove unnecessary static in writerids()	2017-07-19 16:33:57 -07:00
intel	wireless: iwlegacy: Constify attribute_group structures.	2017-07-18 12:04:56 -07:00
intersil	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2017-07-05 12:31:59 -07:00
marvell	mwifiex: re-register wiphy across reset	2017-07-28 17:47:46 +03:00
mediatek	networking: make skb_push & __skb_push return void pointers	2017-06-16 11:48:40 -04:00
quantenna	qtnfmac: fix uninitialized return code in ret	2017-06-28 20:50:12 +03:00
ralink	rt2x00: make const array glrt_table static	2017-07-13 09:23:56 -07:00
realtek	rtlwifi: kfree entry until after entry->bssid has been accessed	2017-07-27 13:58:18 +03:00
rsi	rsi: fix static checker warning	2017-07-28 17:27:19 +03:00
st	cw1200: add const to hwbus_ops structures	2017-06-28 21:17:46 +03:00
ti	wl1251: add a missing spin_lock_init()	2017-07-27 13:59:31 +03:00
zydas	networking: make skb_push & __skb_push return void pointers	2017-06-16 11:48:40 -04:00
Kconfig
mac80211_hwsim.c	networking: make skb_push & __skb_push return void pointers	2017-06-16 11:48:40 -04:00
mac80211_hwsim.h
Makefile
ray_cs.c
ray_cs.h
rayctl.h
rndis_wlan.c
wl3501_cs.c
wl3501.h