Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1298121ybh; Thu, 16 Jul 2020 08:23:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwpeHQ1MpaKa/PjHQEkLnzUZ9je6G6bTAbeYDmO0HtiC5pMPSTCzn0tVCDO13XSI1xzx+zS X-Received: by 2002:a17:906:b0d3:: with SMTP id bk19mr4500914ejb.167.1594913000898; Thu, 16 Jul 2020 08:23:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594913000; cv=none; d=google.com; s=arc-20160816; b=qgPUojxmSd78Zv61VltYsTdRMPTpwzyuM79P7l8x0cCiT+nRF8GsKn3oo6v/OSF3oJ liCW33qyGAs4K6515D5Z79JREmghySpOrPRX4ucIW0rgqeZN/+lwngHMcIlnBDPayMCI 4BvsWNBbVPgOLE16xOTndkNrdJT1ApMzeXqDRrIynr2kSRrhA8spmP581vYz3jpftyYW dCZaTH+6VqtDzsvyfZNgFAN83+iXLjpN+msYkr7kkXJlfUXRQ0f03qymbpeFTG9X/xkj HBmvG/dRKkNbqR1wXjmaG/ra+p2SKhE76LP3LW/RZ0lGDmz8/EEuGEIOhmQdLoApPSrF Lmng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=SkAb+ZQCHMOj0PuOUxDCiufP7aMc1qYndOmat4SVlkE=; b=tpy56L1dyYt60IFuZVkjJouyg78A0ccW+7JMmhDWSqU7BR3NFjcEmHT7HwWURK4qny og8rdD2BLm3cITzjD1dvZDbFIKOrTj6nzChDmCLu2tE6qIKfH5VF8GESCrhIJ0ZZMYae 8BFkZSPolF6IBJZ+I8WMKm6dp/qvXM428IvIJpCL+SjGEuwBraLvz3mAlKSywNtsGsgT 7pE3c8BBeiZUBuJtnQEGdlQpc0vQnffz/a8ouioOopg/AazzMKz9x54w7iQT/OVbp4Gm 2qLFZQsLj3OYUIIRs/nXrQ69wWNDVuvGzHnlhNePiaRlvtiDWBJBoHLt3DIzoTzh1jbA +IBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=s7ZMHEaD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i26si3190162ejk.576.2020.07.16.08.22.57; Thu, 16 Jul 2020 08:23:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=s7ZMHEaD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729008AbgGPPTt (ORCPT + 99 others); Thu, 16 Jul 2020 11:19:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728515AbgGPPTs (ORCPT ); Thu, 16 Jul 2020 11:19:48 -0400 Received: from mail-pl1-x641.google.com (mail-pl1-x641.google.com [IPv6:2607:f8b0:4864:20::641]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62031C061755 for ; Thu, 16 Jul 2020 08:19:48 -0700 (PDT) Received: by mail-pl1-x641.google.com with SMTP id w17so3998531ply.11 for ; Thu, 16 Jul 2020 08:19:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=SkAb+ZQCHMOj0PuOUxDCiufP7aMc1qYndOmat4SVlkE=; b=s7ZMHEaD8l3hfQKladU34x3lpBaJxaoIxB++2ycJ1zXb3XIZbdSyy8xQv3VGmyKDCM fpRlsvCOtRQ/FvmjUOLy1u1qEj2svVDSflYceA2Yunq0V5Ho0X/FjIQWBi8Hgtdfjdm7 157Oww5hjIsgB/zLrBPaGTP9Ho30ggFcdq4Hx1nstOpGyWcUFUwG87PvdAfF5Z22h/c8 q5U2Sd/f22Hf5TTlvSi2wxR3zq43kHwtMGdWQHhTl+XK7d5AfjmILt21wsL9ogLWw3Wd 2y0OWsRf2+z+u6O1kw5oIXRQ66SIwX2ywhOlqTYTBnop1MnoYWFDMYiPbM/uZr7SSFpC ftFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=SkAb+ZQCHMOj0PuOUxDCiufP7aMc1qYndOmat4SVlkE=; b=hv/oiyYqkASNP5HVYkiEn/lck62tN8URxl8NOSL6Ghz6FOX6ofX1iMAJWLZYHZ+ieV NNizLZR0nfJI87EQf5QsV0RHyohP18hE5Pf81/9aWf/nRdupr+TLwY4pS594vOFC0BMI 4dFatBOvZqFR9bdMQETICdcJAlPb9PvS6MlfxkAUoEBSAU6mKQ+jBL1eIwmSLK6NPZ4P aO28DtkmOclSNg42XFSrTJjpgbGl3vE2q4Ih+M7FoCr5SSAGI1/VMLfL+6kVLsMjQUkF NNUXUcNOWcPTcMGKKE1RfhvMmgR6qV6rbm3eXaNJcCgsDPQipECS4gNO6kUMg3u4CWM4 ja1g== X-Gm-Message-State: AOAM533vHJ8xwSP4vdluJV3gZjfX0zO4h1VXpppvkE0tDoXcLnAQbd2p 08ELlVUv3/kmjsfod4WSQY0= X-Received: by 2002:a17:90a:e017:: with SMTP id u23mr5438552pjy.179.1594912787778; Thu, 16 Jul 2020 08:19:47 -0700 (PDT) Received: from thinkpad.teksavvy.com ([69.172.171.109]) by smtp.gmail.com with ESMTPSA id l17sm5502252pgn.48.2020.07.16.08.19.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 08:19:47 -0700 (PDT) From: Rustam Kovhaev To: Larry Finger , Florian Schilhabel , Greg Kroah-Hartman Cc: Rustam Kovhaev , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, syzbot+80899a8a8efe8968cde7@syzkaller.appspotmail.com Subject: [PATCH] staging: rtl8712: handle firmware load failure Date: Thu, 16 Jul 2020 08:13:26 -0700 Message-Id: <20200716151324.1036204-1-rkovhaev@gmail.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org when firmware fails to load we should not call unregister_netdev() this patch fixes a race condition between rtl871x_load_fw_cb() and r871xu_dev_remove() and fixes the bug reported by syzbot Reported-by: syzbot+80899a8a8efe8968cde7@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=80899a8a8efe8968cde7 Signed-off-by: Rustam Kovhaev --- drivers/staging/rtl8712/hal_init.c | 3 ++- drivers/staging/rtl8712/usb_intf.c | 11 ++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/staging/rtl8712/hal_init.c b/drivers/staging/rtl8712/hal_init.c index 40145c0338e4..42c0a3c947f1 100644 --- a/drivers/staging/rtl8712/hal_init.c +++ b/drivers/staging/rtl8712/hal_init.c @@ -33,7 +33,6 @@ static void rtl871x_load_fw_cb(const struct firmware *firmware, void *context) { struct _adapter *adapter = context; - complete(&adapter->rtl8712_fw_ready); if (!firmware) { struct usb_device *udev = adapter->dvobjpriv.pusbdev; struct usb_interface *usb_intf = adapter->pusb_intf; @@ -41,11 +40,13 @@ static void rtl871x_load_fw_cb(const struct firmware *firmware, void *context) dev_err(&udev->dev, "r8712u: Firmware request failed\n"); usb_put_dev(udev); usb_set_intfdata(usb_intf, NULL); + complete(&adapter->rtl8712_fw_ready); return; } adapter->fw = firmware; /* firmware available - start netdev */ register_netdev(adapter->pnetdev); + complete(&adapter->rtl8712_fw_ready); } static const char firmware_file[] = "rtlwifi/rtl8712u.bin"; diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c index a87562f632a7..2fcd65260f4c 100644 --- a/drivers/staging/rtl8712/usb_intf.c +++ b/drivers/staging/rtl8712/usb_intf.c @@ -595,13 +595,17 @@ static void r871xu_dev_remove(struct usb_interface *pusb_intf) if (pnetdev) { struct _adapter *padapter = netdev_priv(pnetdev); - usb_set_intfdata(pusb_intf, NULL); - release_firmware(padapter->fw); /* never exit with a firmware callback pending */ wait_for_completion(&padapter->rtl8712_fw_ready); + pnetdev = usb_get_intfdata(pusb_intf); + usb_set_intfdata(pusb_intf, NULL); + if (!pnetdev) + goto firmware_load_fail; + release_firmware(padapter->fw); if (drvpriv.drv_registered) padapter->surprise_removed = true; - unregister_netdev(pnetdev); /* will call netdev_close() */ + if (pnetdev->reg_state != NETREG_UNINITIALIZED) + unregister_netdev(pnetdev); /* will call netdev_close() */ flush_scheduled_work(); udelay(1); /* Stop driver mlme relation timer */ @@ -614,6 +618,7 @@ static void r871xu_dev_remove(struct usb_interface *pusb_intf) */ usb_put_dev(udev); } +firmware_load_fail: /* If we didn't unplug usb dongle and remove/insert module, driver * fails on sitesurvey for the first time when device is up. * Reset usb port for sitesurvey fail issue. -- 2.27.0