Return-path: Received: from mail-wm0-f41.google.com ([74.125.82.41]:35504 "EHLO mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751070AbdEaMPu (ORCPT ); Wed, 31 May 2017 08:15:50 -0400 Received: by mail-wm0-f41.google.com with SMTP id b84so116697768wmh.0 for ; Wed, 31 May 2017 05:15:50 -0700 (PDT) Subject: Re: [PATCH] b43legacy: Fix a sleep-in-atomic bug in b43legacy_op_bss_info_changed To: Kalle Valo , Jia-Ju Bai Cc: Larry.Finger@lwfinger.net, linux-wireless@vger.kernel.org, b43-dev@lists.infradead.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <1496225353-5544-1-git-send-email-baijiaju1990@163.com> <877f0xnwyk.fsf@kamboji.qca.qualcomm.com> From: Arend van Spriel Message-ID: <471e5030-0a9a-e9bb-855c-90dcd506f466@broadcom.com> (sfid-20170531_141630_161771_C6B139FC) Date: Wed, 31 May 2017 14:15:47 +0200 MIME-Version: 1.0 In-Reply-To: <877f0xnwyk.fsf@kamboji.qca.qualcomm.com> Content-Type: text/plain; charset=utf-8 Sender: linux-wireless-owner@vger.kernel.org List-ID: On 31-05-17 12:26, Kalle Valo wrote: > Jia-Ju Bai writes: > >> The driver may sleep under a spin lock, and the function call path is: >> b43legacy_op_bss_info_changed (acquire the lock by spin_lock_irqsave) >> b43legacy_synchronize_irq >> synchronize_irq --> may sleep >> >> To fix it, the lock is released before b43legacy_synchronize_irq, and the >> lock is acquired again after this function. >> >> Signed-off-by: Jia-Ju Bai >> --- >> drivers/net/wireless/broadcom/b43legacy/main.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/drivers/net/wireless/broadcom/b43legacy/main.c b/drivers/net/wireless/broadcom/b43legacy/main.c >> index f1e3dad..31ead21 100644 >> --- a/drivers/net/wireless/broadcom/b43legacy/main.c >> +++ b/drivers/net/wireless/broadcom/b43legacy/main.c >> @@ -2859,7 +2859,9 @@ static void b43legacy_op_bss_info_changed(struct ieee80211_hw *hw, >> b43legacy_write32(dev, B43legacy_MMIO_GEN_IRQ_MASK, 0); >> >> if (changed & BSS_CHANGED_BSSID) { >> + spin_unlock_irqrestore(&wl->irq_lock, flags); >> b43legacy_synchronize_irq(dev); >> + spin_lock_irqsave(&wl->irq_lock, flags); > > To me this looks like a fragile workaround and not a real fix. You can > easily add new race conditions with releasing the lock like this. Hi Jia-Ju, Agree with Kalle as I was about to say the same thing. You really need to determine what is protected by the irq_lock. Here you are using the lock because you are about to change wl->bssid a bit further down. Did not check the entire function but it seems the lock perimeter is too wide. Regards, Arend