From: Emmanuel Grumbach Date: Mon, 10 Oct 2011 14:27:02 +0000 (-0700) Subject: iwlagn: fix a race in the unmapping of the TFDs X-Git-Tag: v3.2-rc1~129^2~83^2~71 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=984ecb9293b77901947f3ade5f7e1a70bfc7d940;p=profile%2Fivi%2Fkernel-adaptation-intel-automotive.git iwlagn: fix a race in the unmapping of the TFDs While inspecting the code, I saw that iwl_tx_queue_unmap modifies the read pointer of the Tx queue without taking any locks. This means that it can race with the reclaim flow. This can possibly lead to a DMA warning complaining that we unmap the same buffer twice. This is more a W/A than a fix since it is really weird to take sta_lock inside iwl_tx_queue_unmap, but it can help until we revamp the locking model in the transport layer. Signed-off-by: Emmanuel Grumbach Signed-off-by: Wey-Yi Guy Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c b/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c index 60067c7..f69aecb 100644 --- a/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c +++ b/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c @@ -406,6 +406,7 @@ static void iwl_tx_queue_unmap(struct iwl_trans *trans, int txq_id) struct iwl_tx_queue *txq = &trans_pcie->txq[txq_id]; struct iwl_queue *q = &txq->q; enum dma_data_direction dma_dir; + unsigned long flags; if (!q->n_bd) return; @@ -418,12 +419,14 @@ static void iwl_tx_queue_unmap(struct iwl_trans *trans, int txq_id) else dma_dir = DMA_TO_DEVICE; + spin_lock_irqsave(&trans->shrd->sta_lock, flags); while (q->write_ptr != q->read_ptr) { /* The read_ptr needs to bound by q->n_window */ iwlagn_txq_free_tfd(trans, txq, get_cmd_index(q, q->read_ptr), dma_dir); q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd); } + spin_unlock_irqrestore(&trans->shrd->sta_lock, flags); } /**