From c76ec27051e48fed76ded90a64e28c96e21e16c2 Mon Sep 17 00:00:00 2001 From: Mohammed Shafi Shajakhan Date: Fri, 16 Nov 2012 18:22:40 +0530 Subject: [PATCH] --- yaml --- r: 352745 b: refs/heads/master c: de2070fc4aa7c0205348010f500f5abce012e67b h: refs/heads/master i: 352743: 2276a70e07caefb91baa0deaa4b2d3a9705cffa5 v: v3 --- [refs] | 2 +- trunk/drivers/net/wireless/ath/ath6kl/htc_pipe.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/[refs] b/[refs] index 62a83d1459a6..f7690285d8c6 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: e16ccfeefbba6a268d00eb04145a172ad6e51cd8 +refs/heads/master: de2070fc4aa7c0205348010f500f5abce012e67b diff --git a/trunk/drivers/net/wireless/ath/ath6kl/htc_pipe.c b/trunk/drivers/net/wireless/ath/ath6kl/htc_pipe.c index 73a38f9392f9..281390178e3d 100644 --- a/trunk/drivers/net/wireless/ath/ath6kl/htc_pipe.c +++ b/trunk/drivers/net/wireless/ath/ath6kl/htc_pipe.c @@ -967,6 +967,22 @@ static int ath6kl_htc_pipe_rx_complete(struct ath6kl *ar, struct sk_buff *skb, u16 payload_len; int status = 0; + /* + * ar->htc_target can be NULL due to a race condition that can occur + * during driver initialization(we do 'ath6kl_hif_power_on' before + * initializing 'ar->htc_target' via 'ath6kl_htc_create'). + * 'ath6kl_hif_power_on' assigns 'ath6kl_recv_complete' as + * usb_complete_t/callback function for 'usb_fill_bulk_urb'. + * Thus the possibility of ar->htc_target being NULL + * via ath6kl_recv_complete -> ath6kl_usb_io_comp_work. + */ + if (WARN_ON_ONCE(!target)) { + ath6kl_err("Target not yet initialized\n"); + status = -EINVAL; + goto free_skb; + } + + netdata = skb->data; netlen = skb->len;