From: Hante Meuleman Date: Fri, 6 Mar 2015 17:40:41 +0000 (+0100) Subject: brcmfmac: Fix race condition in msgbuf ioctl processing. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d375bc8a85a49bf4d2897f59fab4d4afb34d5d44;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git brcmfmac: Fix race condition in msgbuf ioctl processing. Msgbuf is using a wait_event_timeout to wait for the response on an ioctl. The wakeup routine uses waitqueue_active to see if wait_event_timeout has been called. There is a chance that the response arrives before wait_event_timeout is called, this will result in situation that wait_event_timeout never gets woken again and assumed result will be a timeout. This patch removes that errornous situation by always setting the ctl_completed var before checking for queue active. Reviewed-by: Arend Van Spriel Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo --- diff --git a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c index 6262612dec45..4ec9811f49c8 100644 --- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c +++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c @@ -481,10 +481,9 @@ static int brcmf_msgbuf_ioctl_resp_wait(struct brcmf_msgbuf *msgbuf) static void brcmf_msgbuf_ioctl_resp_wake(struct brcmf_msgbuf *msgbuf) { - if (waitqueue_active(&msgbuf->ioctl_resp_wait)) { - msgbuf->ctl_completed = true; + msgbuf->ctl_completed = true; + if (waitqueue_active(&msgbuf->ioctl_resp_wait)) wake_up(&msgbuf->ioctl_resp_wait); - } }