On Mon, Aug 08, 2011 at 05:58:26PM +0200, Johannes Berg wrote: > On Mon, 2011-08-08 at 16:19 +0200, Stanislaw Gruszka wrote: > > Is possible that usb hardware can be unplugged during or before resume. > > If so do not call ieee80211_reconfig(), which among other things arm > > sta_cleanup timer. Timer callback then operate on freed memory. > > > I have this warning with possible fallow up crash without physically > > unplugging device, but usb core rebind rt73usb with message: > > > > "rt73usb 1-2:1.0: no reset_resume for driver rt73usb?" > > > > What probably also need to be fixed in rt2x00. But I think fix in > > mac80211 is needed for possibility of physical remove. Not sure if this > > is best possible fix, through. Maybe just preventing arming sta_cleanup > > would be better, other things in ieee80211_reconfig() seems to work. > > But ... if sta_cleanup timer operates on freed memory, why doesn't > "local->registered"? I think I was unclear. The sta_cleanup timer callback, namely sta_info_cleanup(), can operate on freed memory. On ieee80211_unregister_hw() -> sta_info_stop() we delete this timer, but rdev/wiphy/local/hw structure is not freed. It's keep by reference counter. Then if ieee80211_reconfig() is called, we schedule sta_cleanup timer. After that, when sysfs drop reference counter we free rdev. Then sta_info_cleanup() crash kernel. Stanislaw -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
