From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AIpwx4+fNY9kDujFOQQ8mkq7S/OJW7Z63V60rg3M6zDOF74HFAonRyCcO4me0ZzKd2CrKNy0v0xa ARC-Seal: i=1; a=rsa-sha256; t=1523473245; cv=none; d=google.com; s=arc-20160816; b=iu6Lid8LD/6zru9p2CYeK97iCLkgMMa+ejsxyxbGmzVl9WJ6lPq0FihHzS0gCmHVj9 gJpsUv/ps5DzlL0PHMej/8/saQesfRvK7QRaeOwkdAmxW7e1DQ5zbLdNd+z3NAgqYejN zOLEKgjG6KqgyWHYwToepot70d1L3X9PAuA8sQUvNalZo25HNsywZaRdImQR40PJqpTK uGT3F8+wcnh+SizeGfNCSjsXsEhn8ztxksM0tdKOmT87oVRpoC0RIHcQDOfB33yAfI9Y LyNbveEbatJ0f6yLXZUwhIx8r/gs+6bwk55cM5xOmlpySIQPlrmM+46fdOfOy9TTFXQl jeOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=SA3D3kxdA8tWxqkSMBaULo9Ve89qKEEEobhCQ2cFkX8=; b=Ng5DsZI3nXX7cpvjeJ/HULw+qzESKYwniELWVXNmVbAIQu6BMnep5ZklEhwo6YstPm H+WJaQuWaE5tzjxnt1Y+JqMHHRVgG3Nebq3UkXTDeoEehL9hSHNhktiqSueM66yU4P1/ MBC57mfuqZUp1BprkbL2XPq5o/K/HCoYRAErCvLuN9ghVOx30aR3qC0jjDuxmJI2eH7P Z8SBmoKLVtcbPHv2B5fS/XZa/6PCu6TOGqoxw9q3snZN/Ne9bPBW4Fwxr5mQRF0kZcbs jU2SdtoMIgY6MOPoUYt0J/s/J4hTVXemyW0vnRuoU914dShUO2Cq0BkkAkriKbBlC9C8 cYiw== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.61.202 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.61.202 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stanislaw Gruszka , Enrico Mioso , Kalle Valo , Sasha Levin Subject: [PATCH 4.9 146/310] rt2x00: do not pause queue unconditionally on error path Date: Wed, 11 Apr 2018 20:34:45 +0200 Message-Id: <20180411183628.719272354@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180411183622.305902791@linuxfoundation.org> References: <20180411183622.305902791@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1597477481346398191?= X-GMAIL-MSGID: =?utf-8?q?1597477481346398191?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stanislaw Gruszka [ Upstream commit 6dd80efd75ce7c2dbd9f117cf585ee2b33a42ee1 ] Pausing queue without checking threshold is racy with txdone path. Moreover we do not need pause queue on any error, but only if queue is full - in case when we send RTS frame ( other cases of almost full queue are already handled in rt2x00queue_write_tx_frame() ). Patch fixes of theoretically possible problem of pausing empty queue. Signed-off-by: Stanislaw Gruszka Tested-by: Enrico Mioso Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) --- a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c @@ -142,15 +142,25 @@ void rt2x00mac_tx(struct ieee80211_hw *h if (!rt2x00dev->ops->hw->set_rts_threshold && (tx_info->control.rates[0].flags & (IEEE80211_TX_RC_USE_RTS_CTS | IEEE80211_TX_RC_USE_CTS_PROTECT))) { - if (rt2x00queue_available(queue) <= 1) - goto exit_fail; + if (rt2x00queue_available(queue) <= 1) { + /* + * Recheck for full queue under lock to avoid race + * conditions with rt2x00lib_txdone(). + */ + spin_lock(&queue->tx_lock); + if (rt2x00queue_threshold(queue)) + rt2x00queue_pause_queue(queue); + spin_unlock(&queue->tx_lock); + + goto exit_free_skb; + } if (rt2x00mac_tx_rts_cts(rt2x00dev, queue, skb)) - goto exit_fail; + goto exit_free_skb; } if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false))) - goto exit_fail; + goto exit_free_skb; /* * Pausing queue has to be serialized with rt2x00lib_txdone(). Note @@ -164,10 +174,6 @@ void rt2x00mac_tx(struct ieee80211_hw *h return; - exit_fail: - spin_lock(&queue->tx_lock); - rt2x00queue_pause_queue(queue); - spin_unlock(&queue->tx_lock); exit_free_skb: ieee80211_free_txskb(hw, skb); }