• Emmanuel Grumbach's avatar
    iwlwifi: don't handle masked interrupt · af720fc6
    Emmanuel Grumbach authored
    commit 25a17265 upstream.
    
    This can lead to a panic if the driver isn't ready to
    handle them. Since our interrupt line is shared, we can get
    an interrupt at any time (and CONFIG_DEBUG_SHIRQ checks
    that even when the interrupt is being freed).
    
    If the op_mode has gone away, we musn't call it. To avoid
    this the transport disables the interrupts when the hw is
    stopped and the op_mode is leaving.
    If there is an event that would cause an interrupt the INTA
    register is updated regardless of the enablement of the
    interrupts: even if the interrupts are disabled, the INTA
    will be changed, but the device won't issue an interrupt.
    But the ISR can be called at any time, so we ought ignore
    the value in the INTA otherwise we can call the op_mode
    after it was freed.
    
    I found this bug when the op_mode_start failed, and called
    iwl_trans_stop_hw(trans, true). Then I played with the
    RFKILL button, and removed the module.
    While removing the module, the IRQ is freed, and the ISR is
    called (CONFIG_DEBUG_SHIRQ enabled). Panic.
    Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
    Reviewed-by: default avatarGregory Greenman <gregory.greenman@intel.com>
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    [bwh: Backported to 3.2:
     - Adjust context
     - Pass bus(trans), not trans, to iwl_{read,write}32()]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    [wujg: Backported to 3.4:
     - adjust context
     - Pass trans to iwl_{read,write}32()}]
    Signed-off-by: default avatarJianguo Wu <wujianguo@huawei.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    af720fc6
iwl-trans-pcie-rx.c 42.5 KB