From: Aaron Durbin <adurbin@xxxxxxxxxxxx>
The current mwifiex pcie driver assumed that it would get
its cmdrsp_complete() callback called before another command
was sent to unmap the command's skbuff. However, that is not
true. The mwifiex_check_ps_cond() will send a sleep command
to the card without having adapter->curr_cmd set. Within the
workqueue's state machine the adapter's state would be set
to allow commands (curr_cmd = NULL && cmd_sent = false) after
having receieved the response from the sleep command. The
card->cmd_buf would then be overridden with the new command
but the first command's skbuff was not unmapped. This leaks
mapped skbuffs when a bounce buffer is employed.
To rectify this unmap the card->cmd_buf when the response is
received from the card instead of waiting for the
cmdrsp_complete() callback.
Signed-off-by: Aaron Durbin <adurbin@xxxxxxxxxxxx>
Reviewed-by: Paul Stewart <pstew@xxxxxxxxxxxx>
Reviewed-by: Avinash Patil <patila@xxxxxxxxxxx>
Signed-off-by: Bing Zhao <bzhao@xxxxxxxxxxx>
---
drivers/net/wireless/mwifiex/pcie.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
index 4e1c6b2..d11d4ac 100644
--- a/drivers/net/wireless/mwifiex/pcie.c
+++ b/drivers/net/wireless/mwifiex/pcie.c
@@ -1513,6 +1513,13 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter)
mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_FROMDEVICE);
+ /* Unmap the command as a response has been received. */
+ if (card->cmd_buf) {
+ mwifiex_unmap_pci_memory(adapter, card->cmd_buf,
+ PCI_DMA_TODEVICE);
+ card->cmd_buf = NULL;
+ }
+
pkt_len = *((__le16 *)skb->data);
rx_len = le16_to_cpu(pkt_len);
skb_trim(skb, rx_len);
@@ -1569,7 +1576,6 @@ static int mwifiex_pcie_cmdrsp_complete(struct mwifiex_adapter *adapter,
struct sk_buff *skb)
{
struct pcie_service_card *card = adapter->card;
- struct sk_buff *skb_tmp;
if (skb) {
card->cmdrsp_buf = skb;
@@ -1579,12 +1585,6 @@ static int mwifiex_pcie_cmdrsp_complete(struct mwifiex_adapter *adapter,
return -1;
}
- skb_tmp = card->cmd_buf;
- if (skb_tmp) {
- mwifiex_unmap_pci_memory(adapter, skb_tmp, PCI_DMA_FROMDEVICE);
- card->cmd_buf = NULL;
- }
-
return 0;
}
--
1.8.2.3
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
