36 lines
1.3 KiB
Diff
36 lines
1.3 KiB
Diff
From: Hante Meuleman <meuleman@broadcom.com>
|
|
Date: Fri, 6 Mar 2015 18:40:41 +0100
|
|
Subject: [PATCH] brcmfmac: Fix race condition in msgbuf ioctl processing.
|
|
|
|
Msgbuf is using a wait_event_timeout to wait for the response on
|
|
an ioctl. The wakeup routine uses waitqueue_active to see if
|
|
wait_event_timeout has been called. There is a chance that the
|
|
response arrives before wait_event_timeout is called, this
|
|
will result in situation that wait_event_timeout never gets
|
|
woken again and assumed result will be a timeout. This patch
|
|
removes that errornous situation by always setting the
|
|
ctl_completed var before checking for queue active.
|
|
|
|
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
|
|
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
|
|
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
|
|
Signed-off-by: Arend van Spriel <arend@broadcom.com>
|
|
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
---
|
|
|
|
--- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
|
|
+++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
|
|
@@ -481,10 +481,9 @@ static int brcmf_msgbuf_ioctl_resp_wait(
|
|
|
|
static void brcmf_msgbuf_ioctl_resp_wake(struct brcmf_msgbuf *msgbuf)
|
|
{
|
|
- if (waitqueue_active(&msgbuf->ioctl_resp_wait)) {
|
|
- msgbuf->ctl_completed = true;
|
|
+ msgbuf->ctl_completed = true;
|
|
+ if (waitqueue_active(&msgbuf->ioctl_resp_wait))
|
|
wake_up(&msgbuf->ioctl_resp_wait);
|
|
- }
|
|
}
|
|
|
|
|