From: Brian Norris <briannorris@chromium.org>
To: Amitkumar Karwar <akarwar@marvell.com>
Cc: linux-wireless@vger.kernel.org, Cathy Luo <cluo@marvell.com>,
Nishant Sarmukadam <nishants@marvell.com>,
rajatja@google.com, dmitry.torokhov@gmail.com,
Xinming Hu <huxm@marvell.com>
Subject: Re: [PATCH v3 4/5] mwifiex: wait firmware dump complete during card remove process
Date: Mon, 21 Nov 2016 09:36:05 -0800 [thread overview]
Message-ID: <20161121173602.GA147125@google.com> (raw)
In-Reply-To: <1479301749-14803-4-git-send-email-akarwar@marvell.com>
Hi,
On Wed, Nov 16, 2016 at 06:39:08PM +0530, Amitkumar Karwar wrote:
> From: Xinming Hu <huxm@marvell.com>
>
> Wait for firmware dump complete in card remove function.
> For sdio interface, there are two diffenrent cases,
> card reset trigger sdio_work and firmware dump trigger sdio_work.
> Do code rearrangement for distinguish between these two cases.
On second review of the SDIO card reset code (which I'll repeat is quite
ugly), you seem to be making a bad distinction here. What if there is a
firmware dump happening concurrently with your card-reset handling? You
*do* want to synchronize with the firmware dump before completing the
card reset, or else you might be freeing up internal card resources that
are still in use. See below.
>
> Signed-off-by: Xinming Hu <huxm@marvell.com>
> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
> ---
> v2: 1. Get rid of reset_triggered flag. Instead split the code and use
> __mwifiex_sdio_remove() (Brian Norris/Dmitry Torokhov)
> 2. "v1 4/5 mwifiex: firmware dump code rearrangement.." is dropped. So
> rebased accordingly.
> v3: same as [v2,5/5]. The improvement of 'moving pcie_work to card struct'
> suggested by Brian is taken care in next patch.
> ---
> drivers/net/wireless/marvell/mwifiex/pcie.c | 6 +++++-
> drivers/net/wireless/marvell/mwifiex/sdio.c | 15 ++++++++++++---
> 2 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
> index dd8f7aa..c8e69a4 100644
> --- a/drivers/net/wireless/marvell/mwifiex/pcie.c
> +++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
> @@ -51,6 +51,9 @@ static int mwifiex_pcie_probe_of(struct device *dev)
> return 0;
> }
>
> +static void mwifiex_pcie_work(struct work_struct *work);
> +static DECLARE_WORK(pcie_work, mwifiex_pcie_work);
> +
> static int
> mwifiex_map_pci_memory(struct mwifiex_adapter *adapter, struct sk_buff *skb,
> size_t size, int flags)
> @@ -254,6 +257,8 @@ static void mwifiex_pcie_remove(struct pci_dev *pdev)
> if (!adapter || !adapter->priv_num)
> return;
>
> + cancel_work_sync(&pcie_work);
> +
> if (user_rmmod && !adapter->mfg_mode) {
> mwifiex_deauthenticate_all(adapter);
>
> @@ -2722,7 +2727,6 @@ static void mwifiex_pcie_work(struct work_struct *work)
> mwifiex_pcie_device_dump_work(save_adapter);
> }
>
> -static DECLARE_WORK(pcie_work, mwifiex_pcie_work);
> /* This function dumps FW information */
> static void mwifiex_pcie_device_dump(struct mwifiex_adapter *adapter)
> {
> diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c
> index 16d1d30..78f2cc9 100644
> --- a/drivers/net/wireless/marvell/mwifiex/sdio.c
> +++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
> @@ -46,6 +46,9 @@
> */
> static u8 user_rmmod;
>
> +static void mwifiex_sdio_work(struct work_struct *work);
> +static DECLARE_WORK(sdio_work, mwifiex_sdio_work);
> +
> static struct mwifiex_if_ops sdio_ops;
> static unsigned long iface_work_flags;
>
> @@ -220,7 +223,7 @@ static int mwifiex_sdio_resume(struct device *dev)
> * This function removes the interface and frees up the card structure.
> */
> static void
> -mwifiex_sdio_remove(struct sdio_func *func)
> +__mwifiex_sdio_remove(struct sdio_func *func)
> {
> struct sdio_mmc_card *card;
> struct mwifiex_adapter *adapter;
> @@ -249,6 +252,13 @@ static int mwifiex_sdio_resume(struct device *dev)
> mwifiex_remove_card(adapter);
> }
>
> +static void
> +mwifiex_sdio_remove(struct sdio_func *func)
> +{
> + cancel_work_sync(&sdio_work);
> + __mwifiex_sdio_remove(func);
> +}
> +
> /*
> * SDIO suspend.
> *
> @@ -2227,7 +2237,7 @@ static void mwifiex_recreate_adapter(struct sdio_mmc_card *card)
> * discovered and initializes them from scratch.
> */
>
> - mwifiex_sdio_remove(func);
> + __mwifiex_sdio_remove(func);
^^ So here, you're trying to avoid syncing with the card-reset work
event, except that function will free up all your resources (including
the static save_adapter). Thus, you're explicitly allowing a
use-after-free error here. That seems unwise.
Instead, you should actually retain the invariant that you're doing a
full remove/reinitialize here, which includes doing the *same*
cancel_work_sync() here in mwifiex_recreate_adapter() as you would in
any other remove().
IOW, kill the __mwifiex_sdio_remove() and just call
mwifiex_sdio_remove() as you were.
That also means that you can do the same per-adapter cleanup in the
following patch as you do for PCIe.
Brian
>
> /*
> * Normally, we would let the driver core take care of releasing these.
> @@ -2568,7 +2578,6 @@ static void mwifiex_sdio_work(struct work_struct *work)
> mwifiex_sdio_card_reset_work(save_adapter);
> }
>
> -static DECLARE_WORK(sdio_work, mwifiex_sdio_work);
> /* This function resets the card */
> static void mwifiex_sdio_card_reset(struct mwifiex_adapter *adapter)
> {
> --
> 1.9.1
>
next prev parent reply other threads:[~2016-11-21 17:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-16 13:09 [PATCH v3 1/5] mwifiex: don't wait for main_process in shutdown_drv Amitkumar Karwar
2016-11-16 13:09 ` [PATCH v3 2/5] mwifiex: do not free firmware dump memory " Amitkumar Karwar
2016-11-16 13:09 ` [PATCH v3 3/5] mwifiex: get rid of drv_info* adapter variables Amitkumar Karwar
2016-11-16 13:09 ` [PATCH v3 4/5] mwifiex: wait firmware dump complete during card remove process Amitkumar Karwar
2016-11-16 19:01 ` Brian Norris
2016-11-21 17:36 ` Brian Norris [this message]
2016-11-24 12:14 ` Amitkumar Karwar
2016-11-28 21:27 ` Brian Norris
2016-11-30 12:39 ` Amitkumar Karwar
2016-11-30 18:33 ` Brian Norris
2016-12-01 14:02 ` Amitkumar Karwar
2017-01-04 2:12 ` Brian Norris
2016-11-16 13:09 ` [PATCH v3 5/5] mwifiex: move pcie_work and related variables inside card Amitkumar Karwar
2017-01-12 14:45 ` [v3,1/5] mwifiex: don't wait for main_process in shutdown_drv Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161121173602.GA147125@google.com \
--to=briannorris@chromium.org \
--cc=akarwar@marvell.com \
--cc=cluo@marvell.com \
--cc=dmitry.torokhov@gmail.com \
--cc=huxm@marvell.com \
--cc=linux-wireless@vger.kernel.org \
--cc=nishants@marvell.com \
--cc=rajatja@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).