mwifiex: add NULL checks in driver unload path
authorAmitkumar Karwar <akarwar@marvell.com>
Sat, 4 Feb 2012 04:34:02 +0000 (20:34 -0800)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 6 Feb 2012 16:34:02 +0000 (11:34 -0500)
If driver load is failed, sometimes few pointers may remain
uninitialized ex. priv->wdev, priv->netdev, adapter->sleep_cfm
This will cause NULL pointer dereferance while unloading the
driver.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/mwifiex/init.c
drivers/net/wireless/mwifiex/main.c

index e05b417a3fae8b54d5e632f477dc5885c8a2697f..1d0ec57a0143d8f0a2b15cfbb2220ba065171045 100644 (file)
@@ -382,7 +382,8 @@ mwifiex_free_adapter(struct mwifiex_adapter *adapter)
 
        adapter->if_ops.cleanup_if(adapter);
 
-       dev_kfree_skb_any(adapter->sleep_cfm);
+       if (adapter->sleep_cfm)
+               dev_kfree_skb_any(adapter->sleep_cfm);
 }
 
 /*
index 84be196188ccc75bfbaf97f1e7bd8c4ab2fd654b..b728f54451e48e65bf4bef4841d0bd69f2e03492 100644 (file)
@@ -822,7 +822,9 @@ int mwifiex_remove_card(struct mwifiex_adapter *adapter, struct semaphore *sem)
                        continue;
 
                rtnl_lock();
-               mwifiex_del_virtual_intf(priv->wdev->wiphy, priv->netdev);
+               if (priv->wdev && priv->netdev)
+                       mwifiex_del_virtual_intf(priv->wdev->wiphy,
+                                                priv->netdev);
                rtnl_unlock();
        }
 
@@ -830,9 +832,11 @@ int mwifiex_remove_card(struct mwifiex_adapter *adapter, struct semaphore *sem)
        if (!priv)
                goto exit_remove;
 
-       wiphy_unregister(priv->wdev->wiphy);
-       wiphy_free(priv->wdev->wiphy);
-       kfree(priv->wdev);
+       if (priv->wdev) {
+               wiphy_unregister(priv->wdev->wiphy);
+               wiphy_free(priv->wdev->wiphy);
+               kfree(priv->wdev);
+       }
 
        mwifiex_terminate_workqueue(adapter);