• B
    mwifiex: fixup error cases in mwifiex_add_virtual_intf() · 8535107a
    Brian Norris 提交于
    If we fail to add an interface in mwifiex_add_virtual_intf(), we might
    hit a BUG_ON() in the networking code, because we didn't tear things
    down properly. Among the problems:
    
     (a) when failing to allocate workqueues, we fail to unregister the
         netdev before calling free_netdev()
     (b) even if we do try to unregister the netdev, we're still holding the
         rtnl lock, so the device never properly unregistered; we'll be at
         state NETREG_UNREGISTERING, and then hit free_netdev()'s:
    	BUG_ON(dev->reg_state != NETREG_UNREGISTERED);
     (c) we're allocating some dependent resources (e.g., DFS workqueues)
         after we've registered the interface; this may or may not cause
         problems, but it's good practice to allocate these before registering
     (d) we're not even trying to unwind anything when mwifiex_send_cmd() or
         mwifiex_sta_init_cmd() fail
    
    To fix these issues, let's:
    
     * add a stacked set of error handling labels, to keep error handling
       consistent and properly ordered (resolving (a) and (d))
     * move the workqueue allocations before the registration (to resolve
       (c); also resolves (b) by avoiding error cases where we have to
       unregister)
    
    [Incidentally, it's pretty easy to interrupt the alloc_workqueue() in,
    e.g., the following:
    
      iw phy phy0 interface add mlan0 type station
    
    by sending it SIGTERM.]
    
    This bugfix covers commits like commit 7d652034 ("mwifiex: channel
    switch support for mwifiex"), but parts of this bug exist all the way
    back to the introduction of dynamic interface handling in commit
    93a1df48 ("mwifiex: add cfg80211 handlers add/del_virtual_intf").
    
    Cc: <stable@vger.kernel.org>
    Signed-off-by: NBrian Norris <briannorris@chromium.org>
    Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
    8535107a
cfg80211.c 122.7 KB