iwlagn: fix a race in the unmapping of the TFDs
authorEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Mon, 10 Oct 2011 14:27:02 +0000 (07:27 -0700)
committerJohn W. Linville <linville@tuxdriver.com>
Fri, 14 Oct 2011 18:48:11 +0000 (14:48 -0400)
While inspecting the code, I saw that iwl_tx_queue_unmap modifies
the read pointer of the Tx queue without taking any locks. This means
that it can race with the reclaim flow. This can possibly lead to
a DMA warning complaining that we unmap the same buffer twice.

This is more a W/A than a fix since it is really weird to take
sta_lock inside iwl_tx_queue_unmap, but it can help until we revamp
the locking model in the transport layer.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/iwlwifi/iwl-trans-pcie.c

index 60067c7f0de0287f7071f014fd6f876c6b43de2e..f69aecb554e9a3cb592ade63d293ce5bee4af464 100644 (file)
@@ -406,6 +406,7 @@ static void iwl_tx_queue_unmap(struct iwl_trans *trans, int txq_id)
        struct iwl_tx_queue *txq = &trans_pcie->txq[txq_id];
        struct iwl_queue *q = &txq->q;
        enum dma_data_direction dma_dir;
+       unsigned long flags;
 
        if (!q->n_bd)
                return;
@@ -418,12 +419,14 @@ static void iwl_tx_queue_unmap(struct iwl_trans *trans, int txq_id)
        else
                dma_dir = DMA_TO_DEVICE;
 
+       spin_lock_irqsave(&trans->shrd->sta_lock, flags);
        while (q->write_ptr != q->read_ptr) {
                /* The read_ptr needs to bound by q->n_window */
                iwlagn_txq_free_tfd(trans, txq, get_cmd_index(q, q->read_ptr),
                                    dma_dir);
                q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd);
        }
+       spin_unlock_irqrestore(&trans->shrd->sta_lock, flags);
 }
 
 /**