| 1234567891011121314151617181920212223242526272829303132333435 |
- From: Hante Meuleman <[email protected]>
- Date: Fri, 6 Mar 2015 18:40:41 +0100
- Subject: [PATCH] brcmfmac: Fix race condition in msgbuf ioctl processing.
- Msgbuf is using a wait_event_timeout to wait for the response on
- an ioctl. The wakeup routine uses waitqueue_active to see if
- wait_event_timeout has been called. There is a chance that the
- response arrives before wait_event_timeout is called, this
- will result in situation that wait_event_timeout never gets
- woken again and assumed result will be a timeout. This patch
- removes that errornous situation by always setting the
- ctl_completed var before checking for queue active.
- Reviewed-by: Arend Van Spriel <[email protected]>
- Reviewed-by: Pieter-Paul Giesberts <[email protected]>
- Signed-off-by: Hante Meuleman <[email protected]>
- Signed-off-by: Arend van Spriel <[email protected]>
- Signed-off-by: Kalle Valo <[email protected]>
- ---
- --- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
- +++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
- @@ -481,10 +481,9 @@ static int brcmf_msgbuf_ioctl_resp_wait(
-
- static void brcmf_msgbuf_ioctl_resp_wake(struct brcmf_msgbuf *msgbuf)
- {
- - if (waitqueue_active(&msgbuf->ioctl_resp_wait)) {
- - msgbuf->ctl_completed = true;
- + msgbuf->ctl_completed = true;
- + if (waitqueue_active(&msgbuf->ioctl_resp_wait))
- wake_up(&msgbuf->ioctl_resp_wait);
- - }
- }
-
-
|
