LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] net: wireless: ath: ath9k: Fix a possible data race in ath_chanctx_set_next
@ 2018-05-08  8:06 Jia-Ju Bai
  2018-05-08 14:51 ` Kalle Valo
  0 siblings, 1 reply; 3+ messages in thread
From: Jia-Ju Bai @ 2018-05-08  8:06 UTC (permalink / raw)
  To: ath9k-devel, kvalo; +Cc: linux-wireless, netdev, linux-kernel, Jia-Ju Bai

The write operation to "sc->next_chan" is protected by
the lock on line 1287, but the read operation to
this data on line 1262 is not protected by the lock.
Thus, there may exist a data race for "sc->next_chan".

To fix this data race, the read operation to "sc->next_chan" 
should be also protected by the lock.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 drivers/net/wireless/ath/ath9k/channel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath9k/channel.c b/drivers/net/wireless/ath/ath9k/channel.c
index 1b05b5d7a038..ed3cd5523481 100644
--- a/drivers/net/wireless/ath/ath9k/channel.c
+++ b/drivers/net/wireless/ath/ath9k/channel.c
@@ -1257,12 +1257,12 @@ void ath_chanctx_set_next(struct ath_softc *sc, bool force)
 			"Stopping current chanctx: %d\n",
 			sc->cur_chan->chandef.center_freq1);
 		sc->cur_chan->stopped = true;
-		spin_unlock_bh(&sc->chan_lock);
 
 		if (sc->next_chan == &sc->offchannel.chan) {
 			getrawmonotonic(&ts);
 			measure_time = true;
 		}
+		spin_unlock_bh(&sc->chan_lock);
 
 		ath9k_chanctx_stop_queues(sc, sc->cur_chan);
 		queues_stopped = true;
-- 
2.17.0

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] net: wireless: ath: ath9k: Fix a possible data race in ath_chanctx_set_next
  2018-05-08  8:06 [PATCH] net: wireless: ath: ath9k: Fix a possible data race in ath_chanctx_set_next Jia-Ju Bai
@ 2018-05-08 14:51 ` Kalle Valo
  2018-05-08 15:08   ` Toke Høiland-Jørgensen
  0 siblings, 1 reply; 3+ messages in thread
From: Kalle Valo @ 2018-05-08 14:51 UTC (permalink / raw)
  To: Jia-Ju Bai; +Cc: ath9k-devel, linux-wireless, netdev, linux-kernel

Jia-Ju Bai <baijiaju1990@gmail.com> writes:

> The write operation to "sc->next_chan" is protected by
> the lock on line 1287, but the read operation to
> this data on line 1262 is not protected by the lock.
> Thus, there may exist a data race for "sc->next_chan".
>
> To fix this data race, the read operation to "sc->next_chan" 
> should be also protected by the lock.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>

I need this reviewed by someone else before I'm willing to take it.

-- 
Kalle Valo

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] net: wireless: ath: ath9k: Fix a possible data race in ath_chanctx_set_next
  2018-05-08 14:51 ` Kalle Valo
@ 2018-05-08 15:08   ` Toke Høiland-Jørgensen
  0 siblings, 0 replies; 3+ messages in thread
From: Toke Høiland-Jørgensen @ 2018-05-08 15:08 UTC (permalink / raw)
  To: Kalle Valo, Jia-Ju Bai; +Cc: ath9k-devel, linux-wireless, netdev, linux-kernel

Kalle Valo <kvalo@codeaurora.org> writes:

> Jia-Ju Bai <baijiaju1990@gmail.com> writes:
>
>> The write operation to "sc->next_chan" is protected by
>> the lock on line 1287, but the read operation to
>> this data on line 1262 is not protected by the lock.
>> Thus, there may exist a data race for "sc->next_chan".
>>
>> To fix this data race, the read operation to "sc->next_chan" 
>> should be also protected by the lock.
>>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
>
> I need this reviewed by someone else before I'm willing to take it.

Only possible issue I can see is that it puts a call to
getrawmonotonic() under the spinlock. Not sure if that has any bad
implications...

-Toke

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-05-08 15:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-08  8:06 [PATCH] net: wireless: ath: ath9k: Fix a possible data race in ath_chanctx_set_next Jia-Ju Bai
2018-05-08 14:51 ` Kalle Valo
2018-05-08 15:08   ` Toke Høiland-Jørgensen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).