On Mon, 2012-06-04 at 21:33 -0700, Linus Torvalds wrote: > If the iwlwifi firmware loading calling iwl_ucode_callback() fails to > start up the wireless driver - which will happen if CONFIG_PM is not > enabled due to a mac80211 bug - iwlwifi will incorrectly try to > release the firmware twice. > > It already released the firmware and completed the firmware loading > event after copying it to the internal driver buffers, if the driver > startup fails it should not try to release it again. > > The double release causes very nasty vmalloc() corruption, and results > in some rather non-obvious page faults. To make matters worse, this > happens within the context of the firmware loader callback, usually a > kworker thread - and the killing of that thread then causes further > problems, making the original issue very hard to discern. > > The attached patch seems to fix it. Yes, this seems correct, but there appears to be a related race condition bug: due to the complete happening before iwl_dvm_ops.start() we could go into iwl_dvm_ops.stop() while start() is running which seems ... strange. I'll also move the complete() after the start() call. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
