Re: [PATCH] net: wireless: iwlegacy: Fix possible data races in il4965_send_rxon_assoc()

From: Jia-Ju Bai
Date: Thu Oct 04 2018 - 04:52:30 EST


Thanks for your reply :)


On 2018/10/4 15:59, Stanislaw Gruszka wrote:
On Wed, Oct 03, 2018 at 10:07:45PM +0800, Jia-Ju Bai wrote:
These possible races are detected by a runtime testing.
To fix these races, the mutex lock is used in il4965_send_rxon_assoc()
to protect the data.
Really ? I'm surprised by that, see below.

My runtime testing shows that il4965_send_rxon_assoc() and il4965_configure_filter() are concurrently executed.
But after seeing your reply, I need to carefully check whether my runtime testing is right, because I think you are right.
In fact, I only monitored the iwl4965 driver, but did not monitor the iwlegacy driver, so I will do the testing again with monitoring the lwlegacy driver.


@@ -1297,6 +1297,7 @@ il4965_send_rxon_assoc(struct il_priv *il)
const struct il_rxon_cmd *rxon1 = &il->staging;
const struct il_rxon_cmd *rxon2 = &il->active;
+ mutex_lock(&il->mutex);
if (rxon1->flags == rxon2->flags &&
For 4965 driver il4965_send_rxon_assoc() is only called by
il_mac_bss_info_changed() and il4965_commit_rxon().

il_mac_bss_info_changed() acquire il->mutex and
callers of il4965_commit_rxon() acquire il->mutex
(but I did not check all of them).

So I wonder how this patch did not cause the deadlock ?

Oh, sorry, anyway, my patch will cause double locks...

Anyway what can be done is adding:

lockdep_assert_held(&il->mutex);

il4965_commit_rxon() to check if we hold the mutex.

I agree.


Best wishes,
Jia-Ju Bai