From: "Luis R. Rodriguez" <lrodriguez@atheros.com>
To: Alan Jenkins <sourcejedi.lkml@googlemail.com>
Cc: Luis Rodriguez <Luis.Rodriguez@Atheros.com>,
"linville@tuxdriver.com" <linville@tuxdriver.com>,
"johannes@sipsolutions.net" <johannes@sipsolutions.net>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"stable@kernel.org" <stable@kernel.org>
Subject: Re: [PATCH] cfg80211: fix race condition with wiphy_apply_custom_regulatory()
Date: Tue, 5 May 2009 08:52:39 -0700 [thread overview]
Message-ID: <20090505155239.GA29741@tesla> (raw)
In-Reply-To: <9b2b86520905050847m5f3b33e2k7d71479888c078e4@mail.gmail.com>
On Tue, May 05, 2009 at 08:47:57AM -0700, Alan Jenkins wrote:
> On 5/4/09, Luis R. Rodriguez <lrodriguez@atheros.com> wrote:
> > On Sat, May 02, 2009 at 07:29:43AM -0700, Alan Jenkins wrote:
> >> On 5/1/09, Luis R. Rodriguez <lrodriguez@atheros.com> wrote:
> >> > We forgot to lock using the cfg80211_mutex in
> >> > wiphy_apply_custom_regulatory(). Without the lock
> >> > there is possible race between processing a reply from CRDA
> >> > and a driver calling wiphy_apply_custom_regulatory(). During
> >> > the processing of the reply from CRDA we free last_request and
> >> > wiphy_apply_custom_regulatory() eventually accesses an
> >> > element from last_request in the through freq_reg_info_regd().
> >> >
> >> > This is very difficult to reproduce (I haven't), it takes us
> >> > 3 hours and you need to be banging hard, but the race is obvious
> >> > by looking at the code.
> >> >
> >> > This should only affect those who use this caller, which currently
> >> > is ath5k, ath9k, and ar9170.
> >> >
> >> > EIP: 0060:[<f8ebec50>] EFLAGS: 00210282 CPU: 1
> >> > EIP is at freq_reg_info_regd+0x24/0x121 [cfg80211]
> >>
> >> This looks like the same bug I reported seeing on bootup (100% of the
> >> time). I'll test wireless-testing again for V9 of the rfkill rewrite,
> >> so at that point I'll try to confirm that this patch fixes my problem.
> >
> > Any luck?
>
> Ugh, sorry, I can't reproduce it to test the patch.
>
> I reported that it went away after making CFG80211 built-in, but I
> can't get it back now, even if I turn that back into a module. Maybe
> I overwrote the original config, or maybe I was being dumb and it only
> happened once in the first place. I'm confident I'm using the same
> source code (v2.6.30-rc2-21665-gca0be26, clean tree), so that's not
> it.
I don't think its easy to reproduce. Anyway thanks for testing.
Luis
prev parent reply other threads:[~2009-05-05 15:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-01 22:44 [PATCH] cfg80211: fix race condition with wiphy_apply_custom_regulatory() Luis R. Rodriguez
2009-05-02 14:29 ` Alan Jenkins
2009-05-04 17:53 ` Luis R. Rodriguez
2009-05-05 15:47 ` Alan Jenkins
2009-05-05 15:52 ` Luis R. Rodriguez [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090505155239.GA29741@tesla \
--to=lrodriguez@atheros.com \
--cc=Luis.Rodriguez@Atheros.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=sourcejedi.lkml@googlemail.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.