Commit f22cf689 authored by Cindy H Kao's avatar Cindy H Kao Committed by Inaky Perez-Gonzalez

wimax/i2400m: fix the race condition for accessing TX queue

The race condition happens when the TX queue is accessed by
the TX work while the same TX queue is being destroyed because
a bus reset is triggered either by debugfs entry or simply
by failing waking up the device from WiMAX IDLE mode.

This fix is to prevent the TX queue from being accessed by
multiple threads
Signed-off-by: default avatarCindy H Kao <cindy.h.kao@intel.com>
parent 570eb0ea
...@@ -99,7 +99,10 @@ enum { ...@@ -99,7 +99,10 @@ enum {
* *
* @tx_workqueue: workqeueue used for data TX; we don't use the * @tx_workqueue: workqeueue used for data TX; we don't use the
* system's workqueue as that might cause deadlocks with code in * system's workqueue as that might cause deadlocks with code in
* the bus-generic driver. * the bus-generic driver. The read/write operation to the queue
* is protected with spinlock (tx_lock in struct i2400m) to avoid
* the queue being destroyed in the middle of a the queue read/write
* operation.
* *
* @debugfs_dentry: dentry for the SDIO specific debugfs files * @debugfs_dentry: dentry for the SDIO specific debugfs files
* *
......
...@@ -114,13 +114,17 @@ void i2400ms_bus_tx_kick(struct i2400m *i2400m) ...@@ -114,13 +114,17 @@ void i2400ms_bus_tx_kick(struct i2400m *i2400m)
{ {
struct i2400ms *i2400ms = container_of(i2400m, struct i2400ms, i2400m); struct i2400ms *i2400ms = container_of(i2400m, struct i2400ms, i2400m);
struct device *dev = &i2400ms->func->dev; struct device *dev = &i2400ms->func->dev;
unsigned long flags;
d_fnstart(3, dev, "(i2400m %p) = void\n", i2400m); d_fnstart(3, dev, "(i2400m %p) = void\n", i2400m);
/* schedule tx work, this is because tx may block, therefore /* schedule tx work, this is because tx may block, therefore
* it has to run in a thread context. * it has to run in a thread context.
*/ */
spin_lock_irqsave(&i2400m->tx_lock, flags);
if (i2400ms->tx_workqueue != NULL)
queue_work(i2400ms->tx_workqueue, &i2400ms->tx_worker); queue_work(i2400ms->tx_workqueue, &i2400ms->tx_worker);
spin_unlock_irqrestore(&i2400m->tx_lock, flags);
d_fnend(3, dev, "(i2400m %p) = void\n", i2400m); d_fnend(3, dev, "(i2400m %p) = void\n", i2400m);
} }
...@@ -130,27 +134,40 @@ int i2400ms_tx_setup(struct i2400ms *i2400ms) ...@@ -130,27 +134,40 @@ int i2400ms_tx_setup(struct i2400ms *i2400ms)
int result; int result;
struct device *dev = &i2400ms->func->dev; struct device *dev = &i2400ms->func->dev;
struct i2400m *i2400m = &i2400ms->i2400m; struct i2400m *i2400m = &i2400ms->i2400m;
struct workqueue_struct *tx_workqueue;
unsigned long flags;
d_fnstart(5, dev, "(i2400ms %p)\n", i2400ms); d_fnstart(5, dev, "(i2400ms %p)\n", i2400ms);
INIT_WORK(&i2400ms->tx_worker, i2400ms_tx_submit); INIT_WORK(&i2400ms->tx_worker, i2400ms_tx_submit);
snprintf(i2400ms->tx_wq_name, sizeof(i2400ms->tx_wq_name), snprintf(i2400ms->tx_wq_name, sizeof(i2400ms->tx_wq_name),
"%s-tx", i2400m->wimax_dev.name); "%s-tx", i2400m->wimax_dev.name);
i2400ms->tx_workqueue = tx_workqueue =
create_singlethread_workqueue(i2400ms->tx_wq_name); create_singlethread_workqueue(i2400ms->tx_wq_name);
if (NULL == i2400ms->tx_workqueue) { if (tx_workqueue == NULL) {
dev_err(dev, "TX: failed to create workqueue\n"); dev_err(dev, "TX: failed to create workqueue\n");
result = -ENOMEM; result = -ENOMEM;
} else } else
result = 0; result = 0;
spin_lock_irqsave(&i2400m->tx_lock, flags);
i2400ms->tx_workqueue = tx_workqueue;
spin_unlock_irqrestore(&i2400m->tx_lock, flags);
d_fnend(5, dev, "(i2400ms %p) = %d\n", i2400ms, result); d_fnend(5, dev, "(i2400ms %p) = %d\n", i2400ms, result);
return result; return result;
} }
void i2400ms_tx_release(struct i2400ms *i2400ms) void i2400ms_tx_release(struct i2400ms *i2400ms)
{ {
if (i2400ms->tx_workqueue) { struct i2400m *i2400m = &i2400ms->i2400m;
destroy_workqueue(i2400ms->tx_workqueue); struct workqueue_struct *tx_workqueue;
unsigned long flags;
tx_workqueue = i2400ms->tx_workqueue;
spin_lock_irqsave(&i2400m->tx_lock, flags);
i2400ms->tx_workqueue = NULL; i2400ms->tx_workqueue = NULL;
} spin_unlock_irqrestore(&i2400m->tx_lock, flags);
if (tx_workqueue)
destroy_workqueue(tx_workqueue);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment