diff mbox series

Revert "wifi: ath9k: use devm for request_irq()"

Message ID 20240808103758.11696-1-toke@toke.dk
State New
Headers show
Series Revert "wifi: ath9k: use devm for request_irq()" | expand

Commit Message

Toke Høiland-Jørgensen Aug. 8, 2024, 10:37 a.m. UTC
From: Toke Høiland-Jørgensen <toke@redhat.com>

This reverts commit 92da4ce847bc5d942ddfdb102dba92f4e2797a59.

Felix pointed out that moving to devm for request_irq() can lead to a use after
free, and that avoiding that means having explicit frees that makes the devm
thing pretty pointless. So let's just revert the patch.

Link: https://lore.kernel.org/r/201f06b6-14f5-41bb-8897-49665cf14b66@nbd.name
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
---
 drivers/net/wireless/ath/ath9k/ahb.c | 7 +++++--
 drivers/net/wireless/ath/ath9k/pci.c | 9 ++++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

Comments

Kalle Valo Aug. 10, 2024, 7:22 a.m. UTC | #1
Toke Høiland-Jørgensen <toke@toke.dk> wrote:

> This reverts commit 92da4ce847bc5d942ddfdb102dba92f4e2797a59.
> 
> Felix pointed out that moving to devm for request_irq() can lead to a use after
> free, and that avoiding that means having explicit frees that makes the devm
> thing pretty pointless. So let's just revert the patch.
> 
> Link: https://lore.kernel.org/r/201f06b6-14f5-41bb-8897-49665cf14b66@nbd.name
> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>

Patch applied to ath-next branch of ath.git, thanks.

89fbe672bd0e Revert "wifi: ath9k: use devm for request_irq()"
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath9k/ahb.c b/drivers/net/wireless/ath/ath9k/ahb.c
index 29f67ded8fe2..1a6697b6e3b4 100644
--- a/drivers/net/wireless/ath/ath9k/ahb.c
+++ b/drivers/net/wireless/ath/ath9k/ahb.c
@@ -118,7 +118,7 @@  static int ath_ahb_probe(struct platform_device *pdev)
 	sc->mem = mem;
 	sc->irq = irq;
 
-	ret = devm_request_irq(&pdev->dev, irq, ath_isr, IRQF_SHARED, "ath9k", sc);
+	ret = request_irq(irq, ath_isr, IRQF_SHARED, "ath9k", sc);
 	if (ret) {
 		dev_err(&pdev->dev, "request_irq failed\n");
 		goto err_free_hw;
@@ -127,7 +127,7 @@  static int ath_ahb_probe(struct platform_device *pdev)
 	ret = ath9k_init_device(id->driver_data, sc, &ath_ahb_bus_ops);
 	if (ret) {
 		dev_err(&pdev->dev, "failed to initialize device\n");
-		goto err_free_hw;
+		goto err_irq;
 	}
 
 	ah = sc->sc_ah;
@@ -137,6 +137,8 @@  static int ath_ahb_probe(struct platform_device *pdev)
 
 	return 0;
 
+ err_irq:
+	free_irq(irq, sc);
  err_free_hw:
 	ieee80211_free_hw(hw);
 	return ret;
@@ -150,6 +152,7 @@  static void ath_ahb_remove(struct platform_device *pdev)
 		struct ath_softc *sc = hw->priv;
 
 		ath9k_deinit_device(sc);
+		free_irq(sc->irq, sc);
 		ieee80211_free_hw(sc->hw);
 	}
 }
diff --git a/drivers/net/wireless/ath/ath9k/pci.c b/drivers/net/wireless/ath/ath9k/pci.c
index ccf73886199a..1ff53520f0a3 100644
--- a/drivers/net/wireless/ath/ath9k/pci.c
+++ b/drivers/net/wireless/ath/ath9k/pci.c
@@ -965,9 +965,9 @@  static int ath_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 	}
 
 	if (!msi_enabled)
-		ret = devm_request_irq(&pdev->dev, pdev->irq, ath_isr, IRQF_SHARED, "ath9k", sc);
+		ret = request_irq(pdev->irq, ath_isr, IRQF_SHARED, "ath9k", sc);
 	else
-		ret = devm_request_irq(&pdev->dev, pdev->irq, ath_isr, 0, "ath9k", sc);
+		ret = request_irq(pdev->irq, ath_isr, 0, "ath9k", sc);
 
 	if (ret) {
 		dev_err(&pdev->dev, "request_irq failed\n");
@@ -979,7 +979,7 @@  static int ath_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 	ret = ath9k_init_device(id->device, sc, &ath_pci_bus_ops);
 	if (ret) {
 		dev_err(&pdev->dev, "Failed to initialize device\n");
-		goto err_irq;
+		goto err_init;
 	}
 
 	sc->sc_ah->msi_enabled = msi_enabled;
@@ -991,6 +991,8 @@  static int ath_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 
 	return 0;
 
+err_init:
+	free_irq(sc->irq, sc);
 err_irq:
 	ieee80211_free_hw(hw);
 	return ret;
@@ -1004,6 +1006,7 @@  static void ath_pci_remove(struct pci_dev *pdev)
 	if (!is_ath9k_unloaded)
 		sc->sc_ah->ah_flags |= AH_UNPLUGGED;
 	ath9k_deinit_device(sc);
+	free_irq(sc->irq, sc);
 	ieee80211_free_hw(sc->hw);
 }