summaryrefslogtreecommitdiff
path: root/package/kernel/mac80211/patches/317-brcmfmac-Fix-race-condition-in-msgbuf-ioctl-processi.patch
blob: e005fe73d29a8048ad6b33657ecd91a36b008d4e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
From: Hante Meuleman <meuleman@broadcom.com>
Date: Fri, 6 Mar 2015 18:40:41 +0100
Subject: [PATCH] brcmfmac: Fix race condition in msgbuf ioctl processing.

Msgbuf is using a wait_event_timeout to wait for the response on
an ioctl. The wakeup routine uses waitqueue_active to see if
wait_event_timeout has been called. There is a chance that the
response arrives before wait_event_timeout is called, this
will result in situation that wait_event_timeout never gets
woken again and assumed result will be a timeout. This patch
removes that errornous situation by always setting the
ctl_completed var before checking for queue active.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---

--- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c
@@ -481,10 +481,9 @@ static int brcmf_msgbuf_ioctl_resp_wait(
 
 static void brcmf_msgbuf_ioctl_resp_wake(struct brcmf_msgbuf *msgbuf)
 {
-	if (waitqueue_active(&msgbuf->ioctl_resp_wait)) {
-		msgbuf->ctl_completed = true;
+	msgbuf->ctl_completed = true;
+	if (waitqueue_active(&msgbuf->ioctl_resp_wait))
 		wake_up(&msgbuf->ioctl_resp_wait);
-	}
 }