ath9k_htc: Handle WMI timeouts properly
authorSujith <Sujith.Manoharan@atheros.com>
Fri, 16 Apr 2010 06:24:01 +0000 (11:54 +0530)
committerJohn W. Linville <linville@tuxdriver.com>
Fri, 16 Apr 2010 19:47:12 +0000 (15:47 -0400)
If a WMI command has timed out for some reason,
a late WMI response would end up updating the
response region of a new WMI request that has been
issued in the meantime.

Fix this race condition by dropping a WMI response
if a new WMI command has been issued.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/ath/ath9k/wmi.c
drivers/net/wireless/ath/ath9k/wmi.h

index 355e0dbf3c66169ae9b6283f84bf519773a042be..afbf63daf5519eae640be49c5cc9259588c384ae 100644 (file)
@@ -204,6 +204,14 @@ static void ath9k_wmi_ctrl_rx(void *priv, struct sk_buff *skb,
                return;
        }
 
+       /* Check if there has been a timeout. */
+       spin_lock(&wmi->wmi_lock);
+       if (cmd_id != wmi->last_cmd_id) {
+               spin_unlock(&wmi->wmi_lock);
+               goto free_skb;
+       }
+       spin_unlock(&wmi->wmi_lock);
+
        /* WMI command response */
        ath9k_wmi_rsp_callback(wmi, skb);
 
@@ -266,6 +274,7 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
        struct sk_buff *skb;
        u8 *data;
        int time_left, ret = 0;
+       unsigned long flags;
 
        if (!wmi)
                return -EINVAL;
@@ -297,6 +306,10 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
        if (ret)
                goto out;
 
+       spin_lock_irqsave(&wmi->wmi_lock, flags);
+       wmi->last_cmd_id = cmd_id;
+       spin_unlock_irqrestore(&wmi->wmi_lock, flags);
+
        time_left = wait_for_completion_timeout(&wmi->cmd_wait, timeout);
        if (!time_left) {
                ath_print(common, ATH_DBG_WMI,
index fd8c9c5f4a05f84ee18f875d63f911a0576d328b..611357158ecfb1ca3a1fe5c0dff3f326dbb442b7 100644 (file)
@@ -97,6 +97,7 @@ struct wmi {
        enum htc_endpoint_id ctrl_epid;
        struct mutex op_mutex;
        struct completion cmd_wait;
+       enum wmi_cmd_id last_cmd_id;
        u16 tx_seq_id;
        u8 *cmd_rsp_buf;
        u32 cmd_rsp_len;