diff mbox series

[1/3] rtl8192cu: Fix deadlock

Message ID 20200622132113.14508-2-code@reto-schneider.ch (mailing list archive)
State Accepted
Commit ec89032cd148f8805c5adf5d38f1f382036f5a5c
Delegated to: Kalle Valo
Headers show
Series rtl8192cu: Fixes for leaks and deadlock | expand

Commit Message

Reto Schneider June 22, 2020, 1:21 p.m. UTC 
Prevent code from calling itself indirectly, causing the driver to hang
and consume 100% CPU.

Without this fix, the following script can bring down a single CPU
system:
```
while true; do
  rmmod rtl8192cu
  modprobe rtl8192cu
done
```

Signed-off-by: Reto Schneider <code@reto-schneider.ch>
---
 drivers/net/wireless/realtek/rtlwifi/usb.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Larry Finger June 22, 2020, 6:01 p.m. UTC | #1 
On 6/22/20 8:21 AM, Reto Schneider wrote:
> Prevent code from calling itself indirectly, causing the driver to hang
> and consume 100% CPU.
> 
> Without this fix, the following script can bring down a single CPU
> system:
> ```
> while true; do
>    rmmod rtl8192cu
>    modprobe rtl8192cu
> done
> ```
> 
> Signed-off-by: Reto Schneider <code@reto-schneider.ch>

I have one small comment. Patches for the rtlwifi family of drivers have patch 
subjects of the form [PATCH] rtlwifi: rtl8192cu: blah blah. I'll let Kalle 
decide if he wants ignore my comment, manually change the subjects, or request a 
V2. Otherwise all 3 patches are OK.

ACKed-by: Larry Finger <Larry.Finger@lwfinger.net>

Larry
Kalle Valo June 23, 2020, 9:20 a.m. UTC | #2 
Larry Finger <Larry.Finger@lwfinger.net> writes:

> On 6/22/20 8:21 AM, Reto Schneider wrote:
>> Prevent code from calling itself indirectly, causing the driver to hang
>> and consume 100% CPU.
>>
>> Without this fix, the following script can bring down a single CPU
>> system:
>> ```
>> while true; do
>>    rmmod rtl8192cu
>>    modprobe rtl8192cu
>> done
>> ```
>>
>> Signed-off-by: Reto Schneider <code@reto-schneider.ch>
>
> I have one small comment. Patches for the rtlwifi family of drivers
> have patch subjects of the form [PATCH] rtlwifi: rtl8192cu: blah blah.
> I'll let Kalle decide if he wants ignore my comment, manually change
> the subjects, or request a V2. Otherwise all 3 patches are OK.

I can fix the titles during commit.
Kalle Valo July 15, 2020, 10:37 a.m. UTC | #3 
Reto Schneider <code@reto-schneider.ch> wrote:

> Prevent code from calling itself indirectly, causing the driver to hang
> and consume 100% CPU.
> 
> Without this fix, the following script can bring down a single CPU
> system:
> ```
> while true; do
>   rmmod rtl8192cu
>   modprobe rtl8192cu
> done
> ```
> 
> Signed-off-by: Reto Schneider <code@reto-schneider.ch>
> ACKed-by: Larry Finger <Larry.Finger@lwfinger.net>

3 patches applied to wireless-drivers-next.git, thanks.

ec89032cd148 rtlwifi: rtl8192cu: Fix deadlock
03128643eb54 rtlwifi: rtl8192cu: Prevent leaking urb
a7f7c15e945a rtlwifi: rtl8192cu: Free ieee80211_hw if probing fails
diff mbox series

Patch

diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index c66c6dc00378..d3bbfc0171f6 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -680,8 +680,10 @@  static void _rtl_usb_cleanup_rx(struct ieee80211_hw *hw)
 	tasklet_kill(&rtlusb->rx_work_tasklet);
 	cancel_work_sync(&rtlpriv->works.lps_change_work);
 
-	flush_workqueue(rtlpriv->works.rtl_wq);
-	destroy_workqueue(rtlpriv->works.rtl_wq);
+	if (rtlpriv->works.rtl_wq) {
+		destroy_workqueue(rtlpriv->works.rtl_wq);
+		rtlpriv->works.rtl_wq = NULL;
+	}
 
 	skb_queue_purge(&rtlusb->rx_queue);