"priv" is stored at the end of the wiphy structure, which is freed
during the call to lbs_cfg_free(). It must not be touched afterwards.
Remove the unnecessary NULL assignment causing this memory corruption.
Signed-off-by: Daniel Drake <[email protected]>
---
drivers/net/wireless/libertas/main.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
Please apply for 2.6.37
diff --git a/drivers/net/wireless/libertas/main.c b/drivers/net/wireless/libertas/main.c
index 46b88b1..fcd1bbf 100644
--- a/drivers/net/wireless/libertas/main.c
+++ b/drivers/net/wireless/libertas/main.c
@@ -915,8 +915,6 @@ void lbs_remove_card(struct lbs_private *priv)
lbs_free_adapter(priv);
lbs_cfg_free(priv);
-
- priv->dev = NULL;
free_netdev(dev);
lbs_deb_leave(LBS_DEB_MAIN);
--
1.7.3.2
On Wed, 2010-11-24 at 16:00 +0000, Daniel Drake wrote:
> "priv" is stored at the end of the wiphy structure, which is freed
> during the call to lbs_cfg_free(). It must not be touched afterwards.
>
> Remove the unnecessary NULL assignment causing this memory corruption.
>
> Signed-off-by: Daniel Drake <[email protected]>
Acked-by: Dan Williams <[email protected]>
> ---
> drivers/net/wireless/libertas/main.c | 2 --
> 1 files changed, 0 insertions(+), 2 deletions(-)
>
> Please apply for 2.6.37
>
> diff --git a/drivers/net/wireless/libertas/main.c b/drivers/net/wireless/libertas/main.c
> index 46b88b1..fcd1bbf 100644
> --- a/drivers/net/wireless/libertas/main.c
> +++ b/drivers/net/wireless/libertas/main.c
> @@ -915,8 +915,6 @@ void lbs_remove_card(struct lbs_private *priv)
>
> lbs_free_adapter(priv);
> lbs_cfg_free(priv);
> -
> - priv->dev = NULL;
> free_netdev(dev);
>
> lbs_deb_leave(LBS_DEB_MAIN);