From: Vaishali Thakkar <vaishali.thakkar@oracle.com>
To: Pavel Andrianov <andrianov@ispras.ru>,
Larry Finger <Larry.Finger@lwfinger.net>
Cc: Chaoming Li <chaoming_li@realsil.com.cn>,
Kalle Valo <kvalo@codeaurora.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org
Subject: Re: [ldv-project] [net] rtl8188ee: a potential race condition
Date: Fri, 24 Jun 2016 19:47:21 +0530 [thread overview]
Message-ID: <576D40F1.9040009@oracle.com> (raw)
In-Reply-To: <575A788C.5020509@ispras.ru>
On Friday 10 June 2016 01:51 PM, Pavel Andrianov wrote:
> Hi!
>
> There is a potential data race in drivers/net/wireless/realtek/rtlwifi/rtl8188ee/rtl8188ee.ko.
>
> In the function rtl88ee_gpio_radio_on_off_checking the flag ppsc->rfchange_inprogress is set with a spinlock protection. In the function rtl_ps_set_rf_state the flag is read also under a spinlock. But the function rtl88e_dm_watchdog read it without any locks. As a result rtl88e_dm_watchdog may execute the succeeding code while changing (with the flag rfchange_inprogress == true). I do not exactly determine the consequences, but likely they are not good if there exists such check. Could anybody more confident confirm this?
>
> The function rtl_ps_set_rf_state is always called with its parameter [protect_or_not == false]. Is this flag really necessary, if the value 'true' is never used? The function is also set the flag ppsc->rfchange_inprogress and may affect the rtl88e_dm_watchdog as in the previous case.
I think the patch was sent sometime ago for removing the parameter. But I am not sure why it's not applied.
May be Larry can have better idea about this.
Here, is link to the patch: http://linux-wireless.vger.kernel.narkive.com/mu4t9xxr/patch-3-4-rtlwifi-rtl8192cu-remove-unused-parameter
--
Vaishali
next prev parent reply other threads:[~2016-06-24 14:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-10 8:21 [ldv-project] [net] rtl8188ee: a potential race condition Pavel Andrianov
2016-06-24 14:17 ` Vaishali Thakkar [this message]
2016-06-24 14:46 ` Larry Finger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=576D40F1.9040009@oracle.com \
--to=vaishali.thakkar@oracle.com \
--cc=Larry.Finger@lwfinger.net \
--cc=andrianov@ispras.ru \
--cc=chaoming_li@realsil.com.cn \
--cc=kvalo@codeaurora.org \
--cc=ldv-project@linuxtesting.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.