From: Pavel Andrianov <andrianov@ispras.ru>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Chaoming Li <chaoming_li@realsil.com.cn>,
Kalle Valo <kvalo@codeaurora.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org,
Vaishali Thakkar <vaishali.thakkar@oracle.com>,
ldv-project@linuxtesting.org
Subject: [ldv-project] [net] rtl8188ee: a potential race condition
Date: Fri, 10 Jun 2016 12:21:32 +0400 [thread overview]
Message-ID: <575A788C.5020509@ispras.ru> (raw)
Hi!
There is a potential data race in
drivers/net/wireless/realtek/rtlwifi/rtl8188ee/rtl8188ee.ko.
In the function rtl88ee_gpio_radio_on_off_checking the flag
ppsc->rfchange_inprogress is set with a spinlock protection. In the
function rtl_ps_set_rf_state the flag is read also under a spinlock. But
the function rtl88e_dm_watchdog read it without any locks. As a result
rtl88e_dm_watchdog may execute the succeeding code while changing (with
the flag rfchange_inprogress == true). I do not exactly determine the
consequences, but likely they are not good if there exists such check.
Could anybody more confident confirm this?
The function rtl_ps_set_rf_state is always called with its parameter
[protect_or_not == false]. Is this flag really necessary, if the value
'true' is never used? The function is also set the flag
ppsc->rfchange_inprogress and may affect the rtl88e_dm_watchdog as in
the previous case.
--
Pavel Andrianov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org
e-mail: andrianov@ispras.ru
next reply other threads:[~2016-06-10 9:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-10 8:21 Pavel Andrianov [this message]
2016-06-24 14:17 ` [ldv-project] [net] rtl8188ee: a potential race condition Vaishali Thakkar
2016-06-24 14:46 ` Larry Finger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=575A788C.5020509@ispras.ru \
--to=andrianov@ispras.ru \
--cc=Larry.Finger@lwfinger.net \
--cc=chaoming_li@realsil.com.cn \
--cc=kvalo@codeaurora.org \
--cc=ldv-project@linuxtesting.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=vaishali.thakkar@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.