[PATCH 4.17 090/336] iwlwifi: pcie: fix race in Rx buffer allocator

From: Greg Kroah-Hartman
Date: Wed Aug 01 2018 - 14:19:29 EST


4.17-stable review patch. If anyone has any objections, please let me know.

------------------

From: Shaul Triebitz <shaul.triebitz@xxxxxxxxx>

[ Upstream commit 0f22e40053bd5378ad1e3250e65c574fd61c0cd6 ]

Make sure the rx_allocator worker is canceled before running the
rx_init routine. rx_init frees and re-allocates all rxb's pages. The
rx_allocator worker also allocates pages for the used rxb's. Running
rx_init and rx_allocator simultaniously causes a kernel panic. Fix
that by canceling the work in rx_init.

Signed-off-by: Shaul Triebitz <shaul.triebitz@xxxxxxxxx>
Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -901,6 +901,8 @@ static int _iwl_pcie_rx_init(struct iwl_
}
def_rxq = trans_pcie->rxq;

+ cancel_work_sync(&rba->rx_alloc);
+
spin_lock(&rba->lock);
atomic_set(&rba->req_pending, 0);
atomic_set(&rba->req_ready, 0);