When running modprobe rt73usb, and then rmmod rt73usb, and then
iwconfig, the wlan0 device does not disappear. When repeating this
process again, we get a kernel Oops errors and "BUG: unable to handle
kernel paging request..." message in the kernel log.
The reason for this is that there is an error in rt2x00rfkill_free(),
which is called in the process of removing the device
(rt2x00lib_remove_dev() in rt2x00dev.c).
rt2x00rfkill_free() clears the RFKILL_STATE_ALLOCATED bit , which is
bit number 1 () in rt2x00dev->flags instead of in
rt2x00dev->rfkill_state. As a result, when checking the
DEVICE_STATE_REGISTERED_HW bit (bit number 1 in rt2x00dev->flags) in
rt2x00lib_remove_hw() it is **unset**, and we wrongly **don't** call
ieee80211_unregister_hw().
This patch corrects this: the parameter for __test_and_clear_bit() in
rt2x00rfkill_free() should be &rt2x00dev->rfkill_state and not
&rt2x00dev->flags.
Signed-off-by: Rami Rosen <[email protected]>
---
(wireless-testing).
diff --git a/drivers/net/wireless/rt2x00/rt2x00rfkill.c
b/drivers/net/wireless/rt2x00/rt2x00rfkill.c
index 0b089ec..735a22d 100644
--- a/drivers/net/wireless/rt2x00/rt2x00rfkill.c
+++ b/drivers/net/wireless/rt2x00/rt2x00rfkill.c
@@ -118,7 +118,7 @@ void rt2x00rfkill_allocate(struct rt2x00_dev *rt2x00dev)
void rt2x00rfkill_free(struct rt2x00_dev *rt2x00dev)
{
- if (!__test_and_clear_bit(RFKILL_STATE_ALLOCATED, &rt2x00dev->flags))
+ if (!__test_and_clear_bit(RFKILL_STATE_ALLOCATED, &rt2x00dev->rfkill_state))
return;
input_free_polled_device(rt2x00dev->rfkill_poll_dev);
On Tuesday 13 January 2009, Rami Rosen wrote:
> When running modprobe rt73usb, and then rmmod rt73usb, and then
> iwconfig, the wlan0 device does not disappear. When repeating this
> process again, we get a kernel Oops errors and "BUG: unable to handle
> kernel paging request..." message in the kernel log.
>
> The reason for this is that there is an error in rt2x00rfkill_free(),
> which is called in the process of removing the device
> (rt2x00lib_remove_dev() in rt2x00dev.c).
> rt2x00rfkill_free() clears the RFKILL_STATE_ALLOCATED bit , which is
> bit number 1 () in rt2x00dev->flags instead of in
> rt2x00dev->rfkill_state. As a result, when checking the
> DEVICE_STATE_REGISTERED_HW bit (bit number 1 in rt2x00dev->flags) in
> rt2x00lib_remove_hw() it is **unset**, and we wrongly **don't** call
> ieee80211_unregister_hw().
>
> This patch corrects this: the parameter for __test_and_clear_bit() in
> rt2x00rfkill_free() should be &rt2x00dev->rfkill_state and not
> &rt2x00dev->flags.
>
> Signed-off-by: Rami Rosen <[email protected]>
Acked-by: Ivo van Doorn <[email protected]>
> ---
> (wireless-testing).
>
> diff --git a/drivers/net/wireless/rt2x00/rt2x00rfkill.c
> b/drivers/net/wireless/rt2x00/rt2x00rfkill.c
> index 0b089ec..735a22d 100644
> --- a/drivers/net/wireless/rt2x00/rt2x00rfkill.c
> +++ b/drivers/net/wireless/rt2x00/rt2x00rfkill.c
> @@ -118,7 +118,7 @@ void rt2x00rfkill_allocate(struct rt2x00_dev *rt2x00dev)
>
> void rt2x00rfkill_free(struct rt2x00_dev *rt2x00dev)
> {
> - if (!__test_and_clear_bit(RFKILL_STATE_ALLOCATED, &rt2x00dev->flags))
> + if (!__test_and_clear_bit(RFKILL_STATE_ALLOCATED, &rt2x00dev->rfkill_state))
> return;
>
> input_free_polled_device(rt2x00dev->rfkill_poll_dev);
>