From b5073ca2c859fe8763a0717abcfb5f5646d5a543 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Tue, 14 Apr 2015 12:17:34 +0000
Subject: mac80211: merge a number of upstream driver fixes/improvements

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45432
---
 ...x-race-condition-in-msgbuf-ioctl-processi.patch | 35 ++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 package/kernel/mac80211/patches/317-brcmfmac-Fix-race-condition-in-msgbuf-ioctl-processi.patch

(limited to 'package/kernel/mac80211/patches/317-brcmfmac-Fix-race-condition-in-msgbuf-ioctl-processi.patch')

diff --git a/package/kernel/mac80211/patches/317-brcmfmac-Fix-race-condition-in-msgbuf-ioctl-processi.patch b/package/kernel/mac80211/patches/317-brcmfmac-Fix-race-condition-in-msgbuf-ioctl-processi.patch
new file mode 100644
index 0000000..e005fe7
--- /dev/null
+++ b/package/kernel/mac80211/patches/317-brcmfmac-Fix-race-condition-in-msgbuf-ioctl-processi.patch
@@ -0,0 +1,35 @@
+From: Hante Meuleman <meuleman@broadcom.com>
+Date: Fri, 6 Mar 2015 18:40:41 +0100
+Subject: [PATCH] brcmfmac: Fix race condition in msgbuf ioctl processing.
+
+Msgbuf is using a wait_event_timeout to wait for the response on
+an ioctl. The wakeup routine uses waitqueue_active to see if
+wait_event_timeout has been called. There is a chance that the
+response arrives before wait_event_timeout is called, this
+will result in situation that wait_event_timeout never gets
+woken again and assumed result will be a timeout. This patch
+removes that errornous situation by always setting the
+ctl_completed var before checking for queue active.
+
+Reviewed-by: Arend Van Spriel <arend@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
+Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
+Signed-off-by: Arend van Spriel <arend@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+
+--- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
++++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
+@@ -481,10 +481,9 @@ static int brcmf_msgbuf_ioctl_resp_wait(
+ 
+ static void brcmf_msgbuf_ioctl_resp_wake(struct brcmf_msgbuf *msgbuf)
+ {
+-	if (waitqueue_active(&msgbuf->ioctl_resp_wait)) {
+-		msgbuf->ctl_completed = true;
++	msgbuf->ctl_completed = true;
++	if (waitqueue_active(&msgbuf->ioctl_resp_wait))
+ 		wake_up(&msgbuf->ioctl_resp_wait);
+-	}
+ }
+ 
+ 
-- 
cgit v1.1