linux - Torvalds' mirror for benchmark reasons

diff options

author	Sumit Garg <sumit.garg@linaro.org>	2020-04-07 15:40:55 +0530
committer	Johannes Berg <johannes.berg@intel.com>	2020-04-15 09:31:58 +0200
commit	52e04b4ce5d03775b6a78f3ed1097480faacc9fd (patch)
tree	52ed2229408e9a93884f3b6ade206abba0ef1428 /net/lapb
parent	a710d21451ff2917b9004b65ba2f0db6380671d5 (diff)
download	linux-52e04b4ce5d03775b6a78f3ed1097480faacc9fd.tar.gz linux-52e04b4ce5d03775b6a78f3ed1097480faacc9fd.tar.bz2 linux-52e04b4ce5d03775b6a78f3ed1097480faacc9fd.zip

mac80211: fix race in ieee80211_register_hw()

A race condition leading to a kernel crash is observed during invocation of ieee80211_register_hw() on a dragonboard410c device having wcn36xx driver built as a loadable module along with a wifi manager in user-space waiting for a wifi device (wlanX) to be active. Sequence diagram for a particular kernel crash scenario: user-space ieee80211_register_hw() ieee80211_tasklet_handler() ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | | | |<---phy0----wiphy_register() | |-----iwd if_add---->| | | |<---IRQ----(RX packet) | Kernel crash | | due to unallocated | | workqueue. | | | | | alloc_ordered_workqueue() | | | | | Misc wiphy init. | | | | | ieee80211_if_add() | | | | As evident from above sequence diagram, this race condition isn't specific to a particular wifi driver but rather the initialization sequence in ieee80211_register_hw() needs to be fixed. So re-order the initialization sequence and the updated sequence diagram would look like: user-space ieee80211_register_hw() ieee80211_tasklet_handler() ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | | | | alloc_ordered_workqueue() | | | | | Misc wiphy init. | | | | |<---phy0----wiphy_register() | |-----iwd if_add---->| | | |<---IRQ----(RX packet) | | | | ieee80211_if_add() | | | | Cc: stable@vger.kernel.org Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Link: https://lore.kernel.org/r/1586254255-28713-1-git-send-email-sumit.garg@linaro.org [Johannes: fix rtnl imbalances] Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Diffstat (limited to 'net/lapb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: