From 0f66c31eb6c457a8013c7093fd3204e7d8808115 Mon Sep 17 00:00:00 2001 From: Jérôme Pouiller Date: Fri, 10 Apr 2020 15:32:21 +0200 Subject: staging: wfx: fix race between configure_filter and remove_interface MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit wfx_remove_interface() and wfx_configure_filter() can be run concurrently. Therefore, this patch protect access to the list of interfaces from wfx_configure_filter(). Notice that wfx_configure_filter() now lock "conf_lock" and "scan_lock". Beside that, wfx_hw_scan_work() also access to the same locks. So we have to lock them in same order to avoid any deadlock. Signed-off-by: Jérôme Pouiller Link: https://lore.kernel.org/r/20200410133239.438347-2-Jerome.Pouiller@silabs.com Signed-off-by: Greg Kroah-Hartman --- drivers/staging/wfx/scan.c | 4 ++-- drivers/staging/wfx/sta.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'drivers/staging') diff --git a/drivers/staging/wfx/scan.c b/drivers/staging/wfx/scan.c index 6e1e50048651..0c7f4eef045c 100644 --- a/drivers/staging/wfx/scan.c +++ b/drivers/staging/wfx/scan.c @@ -86,8 +86,8 @@ void wfx_hw_scan_work(struct work_struct *work) struct ieee80211_scan_request *hw_req = wvif->scan_req; int chan_cur, ret; - mutex_lock(&wvif->scan_lock); mutex_lock(&wvif->wdev->conf_mutex); + mutex_lock(&wvif->scan_lock); update_probe_tmpl(wvif, &hw_req->req); wfx_fwd_probe_req(wvif, true); chan_cur = 0; @@ -96,8 +96,8 @@ void wfx_hw_scan_work(struct work_struct *work) if (ret > 0) chan_cur += ret; } while (ret > 0 && chan_cur < hw_req->req.n_channels); - mutex_unlock(&wvif->wdev->conf_mutex); mutex_unlock(&wvif->scan_lock); + mutex_unlock(&wvif->wdev->conf_mutex); __ieee80211_scan_completed_compat(wvif->wdev->hw, ret < 0); } diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c index 4d5dbfc24f52..380e5319472a 100644 --- a/drivers/staging/wfx/sta.c +++ b/drivers/staging/wfx/sta.c @@ -242,6 +242,7 @@ void wfx_configure_filter(struct ieee80211_hw *hw, *total_flags &= FIF_OTHER_BSS | FIF_FCSFAIL | FIF_PROBE_REQ; + mutex_lock(&wdev->conf_mutex); while ((wvif = wvif_iterate(wdev, wvif)) != NULL) { mutex_lock(&wvif->scan_lock); wvif->filter_bssid = (*total_flags & @@ -251,6 +252,7 @@ void wfx_configure_filter(struct ieee80211_hw *hw, wfx_update_filtering(wvif); mutex_unlock(&wvif->scan_lock); } + mutex_unlock(&wdev->conf_mutex); } static int wfx_update_pm(struct wfx_vif *wvif) -- cgit v1.2.3