mwifiex: Don't release cmd_pending_q_lock while iterating
authorDouglas Anderson <dianders@chromium.org>
Fri, 12 May 2017 16:42:00 +0000 (09:42 -0700)
committerKalle Valo <kvalo@codeaurora.org>
Fri, 19 May 2017 06:01:55 +0000 (09:01 +0300)
Just like in the previous patch ("mwifiex: Don't release
tx_ba_stream_tbl_lock while iterating"), in
mwifiex_cancel_all_pending_cmd() we were itearting over a list protected
by a spinlock.  Again, it is not safe to release the spinlock while
iterating.  Don't do it.

Luckily in this case there should be no need to release the spinlock.
This is evidenced by:

1. The only function called while the spinlock was released was
   mwifiex_recycle_cmd_node()
2. Aside from atomic functions (which are safe to call), the only
   function called by mwifiex_recycle_cmd_node() was
   mwifiex_insert_cmd_to_free_q().
3. It can be seen in mwifiex_cancel_pending_scan_cmd() that it's OK to
   call mwifiex_insert_cmd_to_free_q() while holding a different
   spinlock (scan_pending_q_lock), so in general holding a spinlock
   should be OK.
4. It doesn't appear that mwifiex_insert_cmd_to_free_q() has any
   interaction with the cmd_pending_q_lock

No known bugs are fixed with this change, but as with other similar
changes this could fix random list corruption.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/marvell/mwifiex/cmdevt.c

index 0c3b217247b145a9f823f9f73d1233070e87f542..5fd6c53d7b06e7d4170f5bde44ac3b3330d9f549 100644 (file)
@@ -1056,12 +1056,10 @@ mwifiex_cancel_all_pending_cmd(struct mwifiex_adapter *adapter)
        list_for_each_entry_safe(cmd_node, tmp_node,
                                 &adapter->cmd_pending_q, list) {
                list_del(&cmd_node->list);
-               spin_unlock_irqrestore(&adapter->cmd_pending_q_lock, flags);
 
                if (cmd_node->wait_q_enabled)
                        adapter->cmd_wait_q.status = -1;
                mwifiex_recycle_cmd_node(adapter, cmd_node);
-               spin_lock_irqsave(&adapter->cmd_pending_q_lock, flags);
        }
        spin_unlock_irqrestore(&adapter->cmd_pending_q_lock, flags);
        spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, cmd_flags);