[OLPC-devel] libertas driver usb issues
Dan Williams
dcbw at redhat.com
Mon Jun 26 07:58:52 EDT 2006
Hi,
One thing I noticed over the weekend was that you can't hot-unplug the
card without rmmod-ding the driver first. Otherwise, you get a NULL
pointer dereference in this call chain:
wlan_cleanup_module()
sbi_unregister()
PrepareAndSendCommand()
BUG kernel NULL pointer dereference
Here's the problem; to me, it looks like there's some really dodgy
stuff going on in if_usb.c WRT static global variables there. For
instance, at the top see:
static wlan_private *pwlanpriv;
*) The _only_ reason pwlanpriv is kept around as a global is so that
command in sbi_unregister() can get run, which resets the card when the
module gets unplugged.
static struct usb_card_rec usb_cardp;
*) usb_cardp gets kept around to preserve the interface abstraction
between wlan_main.c and if_usb.c, presumably because you can use other
interfaces like CF/MMC or whatever.
The reason the pointer deref happens above is that if you remove the
card before rmmod-ding the driver, a bunch of hot-unplug stuff
(correctly) gets run, which pretty much invalidates the stored global
pwlanpriv. Thus, when sbi_unregister() runs at module exit, there's no
card to reset. This should probably get moved to the card probe stage
or something.
These globals should probably be removed and refactored into the
device's usb_intfdata() (which is actually already used to store
_another_ wlan_private structure for the card). Some work necessary
here.
Furthermore, it doesn't look like we could ever attach > 1 marvel USB
device and have this driver work?
Dan
More information about the Devel
mailing list