Commit d375bc8a authored Mar 06, 2015 by Hante Meuleman Committed by Kalle Valo Mar 13, 2015

brcmfmac: Fix race condition in msgbuf ioctl processing.



Msgbuf is using a wait_event_timeout to wait for the response on
an ioctl. The wakeup routine uses waitqueue_active to see if
wait_event_timeout has been called. There is a chance that the
response arrives before wait_event_timeout is called, this
will result in situation that wait_event_timeout never gets
woken again and assumed result will be a timeout. This patch
removes that errornous situation by always setting the
ctl_completed var before checking for queue active.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

parent 449e58b8

drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -481,11 +481,10 @@ static int brcmf_msgbuf_ioctl_resp_wait(struct brcmf_msgbuf *msgbuf)

		static void brcmf_msgbuf_ioctl_resp_wake(struct brcmf_msgbuf *msgbuf)
		{
		if (waitqueue_active(&msgbuf->ioctl_resp_wait)) {
		msgbuf->ctl_completed = true;
		if (waitqueue_active(&msgbuf->ioctl_resp_wait))
		wake_up(&msgbuf->ioctl_resp_wait);
		}
		}


		static int brcmf_msgbuf_query_dcmd(struct brcmf_pub *drvr, int ifidx,