On Tue, Aug 09, 2011 at 11:28:01AM +0200, Johannes Berg wrote: > On Tue, 2011-08-09 at 11:23 +0200, Stanislaw Gruszka wrote: > > > > But ... if sta_cleanup timer operates on freed memory, why doesn't > > > "local->registered"? > > > > I think I was unclear. The sta_cleanup timer callback, namely > > sta_info_cleanup(), can operate on freed memory. On > > ieee80211_unregister_hw() -> sta_info_stop() we delete this timer, but > > rdev/wiphy/local/hw structure is not freed. It's keep by reference > > counter. > > You mean by device_del(&rdev->wiphy.dev) right? Yes. > > Then if ieee80211_reconfig() is called, we schedule > > sta_cleanup timer. After that, when sysfs drop reference counter we > > free rdev. Then sta_info_cleanup() crash kernel. > > Ok let me get this straight -- even after device_del() we get a resume > callback from the core subsystem? That doesn't seem right. No, ieee80211_reconfig() is called before device_del() (but can be called right after ieee80211_unregister_hw() and perhaps ieee80211_free_hw). Stanislaw -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
