From: Brian Norris <briannorris@chromium.org>
To: Xinming Hu <huxm@marvell.com>
Cc: Linux Wireless <linux-wireless@vger.kernel.org>,
Kalle Valo <kvalo@codeaurora.org>,
Dmitry Torokhov <dtor@google.com>,
rajatja@google.com, Zhiyuan Yang <yangzy@marvell.com>,
Tim Song <songtao@marvell.com>, Cathy Luo <cluo@marvell.com>,
James Cao <jcao@marvell.com>, Ganapathi Bhat <gbhat@marvell.com>,
Ellie Reeves <ellierevves@gmail.com>
Subject: Re: [PATCH] mwifiex: cancel pcie/sdio work in remove/shutdown handler
Date: Mon, 8 Jan 2018 10:11:18 -0800 [thread overview]
Message-ID: <20180108181117.GA129772@google.com> (raw)
In-Reply-To: <1513164473-13827-1-git-send-email-huxm@marvell.com>
Hi,
On Wed, Dec 13, 2017 at 07:27:53PM +0800, Xinming Hu wrote:
> The last command used to shutdown firmware might be timeout,
> and trigger firmware dump in asynchronous pcie/sdio work.
>
> The remove/shutdown handler will continue free core data
> structure private/adapter, which might be dereferenced in
> pcie/sdio work, finally crash the kernel.
>
> Sync and Cancel pcie/sdio work, could be a fix for above
> cornel case. In this way, the last command timeout could
s/cornel/corner/
> be handled properly.
>
> Signed-off-by: Xinming Hu <huxm@marvell.com>
> ---
> drivers/net/wireless/marvell/mwifiex/pcie.c | 2 ++
> drivers/net/wireless/marvell/mwifiex/sdio.c | 2 ++
> 2 files changed, 4 insertions(+)
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
> index f666cb2..23209c5 100644
> --- a/drivers/net/wireless/marvell/mwifiex/pcie.c
> +++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
> @@ -310,6 +310,8 @@ static void mwifiex_pcie_remove(struct pci_dev *pdev)
> mwifiex_init_shutdown_fw(priv, MWIFIEX_FUNC_SHUTDOWN);
> }
>
> + cancel_work_sync(&card->work);
> +
Just FYI, this "fix" is not a real fix. It will likely paper over some
of your bugs (where, e.g., the FW shutdown command times out in the
previous couple of lines), but this highlights the fact that there are
other races that could trigger the same behavior. You're not fixing
those.
For example, what if somebody initiates a scan or other nl80211 command
between the above line and mwifiex_remove_card()? That command could
potentially time out too.
The proper fix would be to institute some kind of mutual exclusion
(locking) between mwifiex_shutdown_sw() and mwifiex_remove_card(), so
that they can't occur at the same time.
Unfortunately, I only paid attention to this after Kalle already applied
this patch. Personally, I'd prefer this patch not get applied, since
it's a bad solution to an obvious problem, which instead leaves a subtle
problem that perhaps no one will bother fixing.
Brian
> mwifiex_remove_card(adapter);
> }
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c
> index a828801..2488587 100644
> --- a/drivers/net/wireless/marvell/mwifiex/sdio.c
> +++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
> @@ -399,6 +399,8 @@ static int mwifiex_check_winner_status(struct mwifiex_adapter *adapter)
> mwifiex_init_shutdown_fw(priv, MWIFIEX_FUNC_SHUTDOWN);
> }
>
> + cancel_work_sync(&card->work);
> +
> mwifiex_remove_card(adapter);
> }
>
> --
> 1.9.1
>
next prev parent reply other threads:[~2018-01-08 18:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-13 11:27 [PATCH] mwifiex: cancel pcie/sdio work in remove/shutdown handler Xinming Hu
2018-01-08 17:38 ` Kalle Valo
2018-01-08 18:11 ` Brian Norris [this message]
2018-01-09 7:39 ` [PATCH] " Kalle Valo
-- strict thread matches above, loose matches on Subject: below --
2018-01-10 12:30 Re: " Xinming Hu
2018-01-12 2:25 ` Brian Norris
2018-01-12 19:06 ` Brian Norris
2018-01-13 9:54 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180108181117.GA129772@google.com \
--to=briannorris@chromium.org \
--cc=cluo@marvell.com \
--cc=dtor@google.com \
--cc=ellierevves@gmail.com \
--cc=gbhat@marvell.com \
--cc=huxm@marvell.com \
--cc=jcao@marvell.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=rajatja@google.com \
--cc=songtao@marvell.com \
--cc=yangzy@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).