* [PATCH] cw1200: Fix a sleep-in-atomic bug in cw1200_tx_confirm_cb and cw1200_cqm_bssloss_sm
@ 2017-06-01 2:36 Jia-Ju Bai
2017-06-01 9:48 ` Kalle Valo
0 siblings, 1 reply; 2+ messages in thread
From: Jia-Ju Bai @ 2017-06-01 2:36 UTC (permalink / raw)
To: pizza, kvalo; +Cc: linux-wireless, netdev, linux-kernel, Jia-Ju Bai
The driver may sleep under a spin lock, and the function call path is:
cw1200_tx_confirm_cb (acquire the lock by spin_lock)
__cw1200_cqm_bssloss_sm
cancel_work_sync --> may sleep
cw1200_cqm_bssloss_sm
__cw1200_cqm_bssloss_sm
cancel_work_sync --> may sleep
To fix it, the lock is released before cancel_work_sync, and the lock
is acquired again after this function.
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
---
drivers/net/wireless/st/cw1200/sta.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/st/cw1200/sta.c b/drivers/net/wireless/st/cw1200/sta.c
index a522248..d5f7698 100644
--- a/drivers/net/wireless/st/cw1200/sta.c
+++ b/drivers/net/wireless/st/cw1200/sta.c
@@ -154,7 +154,9 @@ void __cw1200_cqm_bssloss_sm(struct cw1200_common *priv,
int tx = 0;
priv->delayed_link_loss = 0;
+ spin_unlock(&priv->bss_loss_lock);
cancel_work_sync(&priv->bss_params_work);
+ spin_lock(&priv->bss_loss_lock);
pr_debug("[STA] CQM BSSLOSS_SM: state: %d init %d good %d bad: %d txlock: %d uj: %d\n",
priv->bss_loss_state,
--
1.7.9.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: cw1200: Fix a sleep-in-atomic bug in cw1200_tx_confirm_cb and cw1200_cqm_bssloss_sm
2017-06-01 2:36 [PATCH] cw1200: Fix a sleep-in-atomic bug in cw1200_tx_confirm_cb and cw1200_cqm_bssloss_sm Jia-Ju Bai
@ 2017-06-01 9:48 ` Kalle Valo
0 siblings, 0 replies; 2+ messages in thread
From: Kalle Valo @ 2017-06-01 9:48 UTC (permalink / raw)
To: Jia-Ju Bai; +Cc: pizza, linux-wireless, netdev, linux-kernel, Jia-Ju Bai
Jia-Ju Bai <baijiaju1990@163.com> wrote:
> The driver may sleep under a spin lock, and the function call path is:
> cw1200_tx_confirm_cb (acquire the lock by spin_lock)
> __cw1200_cqm_bssloss_sm
> cancel_work_sync --> may sleep
>
> cw1200_cqm_bssloss_sm
> __cw1200_cqm_bssloss_sm
> cancel_work_sync --> may sleep
>
> To fix it, the lock is released before cancel_work_sync, and the lock
> is acquired again after this function.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
I assume that you haven't tested this on a real device and only compile tested.
You should mention that in the commit log.
Releasing a lock held by calling function is evil. Did you do any lock analysis
or are you just blindly releasing locks to fix a warning in your tool?
Also I would like to have an ack from a reviewer before I can take patches like
this.
Patch set to Changes Requested.
--
https://patchwork.kernel.org/patch/9758613/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-06-01 9:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-01 2:36 [PATCH] cw1200: Fix a sleep-in-atomic bug in cw1200_tx_confirm_cb and cw1200_cqm_bssloss_sm Jia-Ju Bai
2017-06-01 9:48 ` Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).