2023-06-07 16:28:16

by Dmitry Antipov

[permalink] [raw]
Subject: [PATCH 2/3] wifi: brcmfmac: handle possible completion timeouts

Handle possible 'wait_for_completion_timeout()' errors in
'brcmf_p2p_af_searching_channel()', ' brcmf_p2p_tx_action_frame()'
and 'brcmf_p2p_del_vif()', adjust related code.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Antipov <[email protected]>
---
.../broadcom/brcm80211/brcmfmac/p2p.c | 30 ++++++++++++-------
1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
index d4492d02e4ea..9e383e6cab21 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
@@ -1173,8 +1173,10 @@ static s32 brcmf_p2p_af_searching_channel(struct brcmf_p2p_info *p2p)
retry);
/* search peer on peer's listen channel */
schedule_work(&afx_hdl->afx_work);
- wait_for_completion_timeout(&afx_hdl->act_frm_scan,
- P2P_AF_FRM_SCAN_MAX_WAIT);
+ if (!wait_for_completion_timeout(&afx_hdl->act_frm_scan,
+ P2P_AF_FRM_SCAN_MAX_WAIT))
+ /* timed out */
+ afx_hdl->peer_chan = P2P_INVALID_CHANNEL;
if ((afx_hdl->peer_chan != P2P_INVALID_CHANNEL) ||
(!test_bit(BRCMF_P2P_STATUS_FINDING_COMMON_CHANNEL,
&p2p->status)))
@@ -1186,8 +1188,10 @@ static s32 brcmf_p2p_af_searching_channel(struct brcmf_p2p_info *p2p)
/* listen on my listen channel */
afx_hdl->is_listen = true;
schedule_work(&afx_hdl->afx_work);
- wait_for_completion_timeout(&afx_hdl->act_frm_scan,
- P2P_AF_FRM_SCAN_MAX_WAIT);
+ if (!wait_for_completion_timeout
+ (&afx_hdl->act_frm_scan, P2P_AF_FRM_SCAN_MAX_WAIT))
+ /* timed out */
+ afx_hdl->peer_chan = P2P_INVALID_CHANNEL;
}
if ((afx_hdl->peer_chan != P2P_INVALID_CHANNEL) ||
(!test_bit(BRCMF_P2P_STATUS_FINDING_COMMON_CHANNEL,
@@ -1580,14 +1584,20 @@ static s32 brcmf_p2p_tx_action_frame(struct brcmf_p2p_info *p2p,
(p2p->wait_for_offchan_complete) ?
"off-channel" : "on-channel");

- wait_for_completion_timeout(&p2p->send_af_done, P2P_AF_MAX_WAIT_TIME);
-
+ if (!wait_for_completion_timeout(&p2p->send_af_done,
+ P2P_AF_MAX_WAIT_TIME)) {
+ err = -ETIMEDOUT;
+ goto clear;
+ }
if (test_bit(BRCMF_P2P_STATUS_ACTION_TX_COMPLETED, &p2p->status)) {
- brcmf_dbg(TRACE, "TX action frame operation is success\n");
+ err = 0;
+ brcmf_dbg(TRACE, "TX action frame operation has succeeded\n");
} else {
err = -EIO;
brcmf_dbg(TRACE, "TX action frame operation has failed\n");
}
+
+clear:
/* clear status bit for action tx */
clear_bit(BRCMF_P2P_STATUS_ACTION_TX_COMPLETED, &p2p->status);
clear_bit(BRCMF_P2P_STATUS_ACTION_TX_NOACK, &p2p->status);
@@ -2404,10 +2414,10 @@ int brcmf_p2p_del_vif(struct wiphy *wiphy, struct wireless_dev *wdev)
brcmf_dbg(INFO, "P2P: GO_NEG_PHASE status cleared\n");

if (wait_for_disable)
- wait_for_completion_timeout(&cfg->vif_disabled,
- BRCMF_P2P_DISABLE_TIMEOUT);
+ err = (wait_for_completion_timeout(&cfg->vif_disabled,
+ BRCMF_P2P_DISABLE_TIMEOUT)
+ ? 0 : -ETIMEDOUT);

- err = 0;
if (iftype != NL80211_IFTYPE_P2P_DEVICE) {
brcmf_vif_clear_mgmt_ies(vif);
err = brcmf_p2p_release_p2p_if(vif);
--
2.40.1