From: Nobuhiro Iwamatsu nobuhiro1.iwamatsu@toshiba.co.jp
The fixes made in commit: 4ae5798004d8 ("iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap") is not enough in 4.4.y tree.. This still have problems with null references. This provides the correct fix. Also, this is a problem only in 4.4.y. This patch has been applied to other LTS trees, but with the correct fixes.
Fixes: 4ae5798004d8 ("iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap") Cc: stable@vger.kernel.org Cc: Emmanuel Grumbach emmanuel.grumbach@intel.com Cc: Luca Coelho luciano.coelho@intel.com Cc: Kalle Valo kvalo@codeaurora.org Cc: Sasha Levin sashal@kernel.org Signed-off-by: Nobuhiro Iwamatsu (CIP) nobuhiro1.iwamatsu@toshiba.co.jp Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/net/wireless/iwlwifi/pcie/tx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/iwlwifi/pcie/tx.c +++ b/drivers/net/wireless/iwlwifi/pcie/tx.c @@ -583,13 +583,15 @@ static void iwl_pcie_txq_unmap(struct iw { struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); struct iwl_txq *txq = &trans_pcie->txq[txq_id]; - struct iwl_queue *q = &txq->q; + struct iwl_queue *q;
if (!txq) { IWL_ERR(trans, "Trying to free a queue that wasn't allocated?\n"); return; }
+ q = &txq->q; + spin_lock_bh(&txq->lock); while (q->write_ptr != q->read_ptr) { IWL_DEBUG_TX_REPLY(trans, "Q %d Free %d\n",