From c521d7e0ff05257bb9128ab7e68b8e2c084ed361 Mon Sep 17 00:00:00 2001
From: WeitaoWangoc <WeitaoWang-oc@zhaoxin.com>
Date: Tue, 27 Oct 2020 11:16:20 +0800
Subject: rtlwifi: Fix non-canonical address access issues

During realtek USB wireless NIC initialization, it's unexpected
disconnection will cause urb sumbmit fail. On the one hand,
_rtl_usb_cleanup_rx will be called to clean up rx stuff, especially for
rtl_wq. On the other hand, disconnection will cause rtl_usb_disconnect
and _rtl_usb_cleanup_rx to be called. So, rtl_wq will be flush/destroy
twice, which will cause non-canonical address 0xdead000000000122 access
and general protection fault.

Fixed this issue by remove _rtl_usb_cleanup_rx when urb sumbmit fail.

Signed-off-by: WeitaoWangoc <WeitaoWang-oc@zhaoxin.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1603768580-2798-1-git-send-email-WeitaoWang-oc@zhaoxin.com
---
 drivers/net/wireless/realtek/rtlwifi/usb.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 06e073defad6..d62b87f010c9 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -731,7 +731,6 @@ static int _rtl_usb_receive(struct ieee80211_hw *hw)
 
 err_out:
 	usb_kill_anchored_urbs(&rtlusb->rx_submitted);
-	_rtl_usb_cleanup_rx(hw);
 	return err;
 }
 
-- 
cgit v1.2.3-59-g8ed1b