[7/8] wil6210: prevent usage of incorrect TX hwtail

Message ID	1470138132-18071-8-git-send-email-qca_merez@qca.qualcomm.com (mailing list archive)
State	Accepted
Commit	dc90506f145875b9d88160802cc5fe06a7c79dda
Delegated to:	Kalle Valo
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Maya Erez <qca_merez@qca.qualcomm.com> To: Kalle Valo <kvalo@codeaurora.org> Cc: Maya Erez <qca_merez@qca.qualcomm.com>, linux-wireless@vger.kernel.org, wil6210@qca.qualcomm.com Subject: [PATCH 7/8] wil6210: prevent usage of incorrect TX hwtail Date: Tue, 2 Aug 2016 14:42:11 +0300 Message-Id: <1470138132-18071-8-git-send-email-qca_merez@qca.qualcomm.com> In-Reply-To: <1470138132-18071-1-git-send-email-qca_merez@qca.qualcomm.com> References: <1470138132-18071-1-git-send-email-qca_merez@qca.qualcomm.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk

Message ID

1470138132-18071-8-git-send-email-qca_merez@qca.qualcomm.com (mailing list archive)

State

Accepted

Commit

dc90506f145875b9d88160802cc5fe06a7c79dda

Delegated to:

Kalle Valo

Headers

show

Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	515B46048B for <patchwork-linux-wireless@patchwork.kernel.org>;
	Tue,  2 Aug 2016 17:49:41 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4653E284F4
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Tue,  2 Aug 2016 17:49:41 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 39563284F7; Tue,  2 Aug 2016 17:49:41 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DFCCA284F4
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Tue,  2 Aug 2016 17:49:40 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S935969AbcHBRr5 (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Tue, 2 Aug 2016 13:47:57 -0400
Received: from wolverine01.qualcomm.com ([199.106.114.254]:5618 "EHLO
	wolverine01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755364AbcHBLn6 (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Tue, 2 Aug 2016 07:43:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=qca.qualcomm.com; i=@qca.qualcomm.com; q=dns/txt;
	s=qcdkim; t=1470138238; x=1501674238;
	h=from:to:cc:subject:date:message-id:in-reply-to: references;
	bh=AI2lFcLaZ6O+rIuF1mh1TXpH0JlfqK2K8kNsg6y652s=;
	b=B4I7u0uuSwwX3TyT9H5hV2cb7jn3L8kW8JVBbjdIMJYdfy1j2gAT/L3T
	Htny38wa4dPk9Tv7QlyK1kckOolATqI6H4WMlORAQFMJtoTdJXlQZWSgn
	Z22FJ8f7/yKlXfSh/XXaB6ZRkBe+Xa7jcWq/TmTc5ZWNY/q3TRDN++yvt c=;
X-IronPort-AV: E=Sophos;i="5.28,460,1464678000"; d="scan'208";a="213445672"
Received: from unknown (HELO ironmsg02-L.qualcomm.com) ([10.53.140.109])
	by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
	02 Aug 2016 04:42:30 -0700
X-IronPort-AV: E=McAfee;i="5700,7163,8244"; a="749303555"
X-Amp-Result: CLEAN
Received: from lx-merez1.mea.qualcomm.com ([10.18.173.103])
	by ironmsg02-L.qualcomm.com with ESMTP; 02 Aug 2016 04:42:28 -0700
From: Maya Erez <qca_merez@qca.qualcomm.com>
To: Kalle Valo <kvalo@codeaurora.org>
Cc: Maya Erez <qca_merez@qca.qualcomm.com>,
	linux-wireless@vger.kernel.org, wil6210@qca.qualcomm.com
Subject: [PATCH 7/8] wil6210: prevent usage of incorrect TX hwtail
Date: Tue,  2 Aug 2016 14:42:11 +0300
Message-Id: <1470138132-18071-8-git-send-email-qca_merez@qca.qualcomm.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1470138132-18071-1-git-send-email-qca_merez@qca.qualcomm.com>
References: <1470138132-18071-1-git-send-email-qca_merez@qca.qualcomm.com>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Commit Message

Maya Erez Aug. 2, 2016, 11:42 a.m. UTC

txdata->enabled is used in order to determine if the TX vring
is valid. As the data transmit is handled in a different context,
in case txdata->enabled is set before vring->hwtail is updated,
an old or corrupted vring->hwtail can be used.
Protect setting of txdata->enabled and vring->hwtail to prevent a
case where TX vring start handling TX packets before setting
vring->hwtail.

Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
---
 drivers/net/wireless/ath/wil6210/txrx.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/wil6210/txrx.c b/drivers/net/wireless/ath/wil6210/txrx.c
index f2f6a40..4c38520 100644
--- a/drivers/net/wireless/ath/wil6210/txrx.c
+++ b/drivers/net/wireless/ath/wil6210/txrx.c
@@ -873,9 +873,12 @@  int wil_vring_init_tx(struct wil6210_priv *wil, int id, int size,
 		rc = -EINVAL;
 		goto out_free;
 	}
-	vring->hwtail = le32_to_cpu(reply.cmd.tx_vring_tail_ptr);
 
+	spin_lock_bh(&txdata->lock);
+	vring->hwtail = le32_to_cpu(reply.cmd.tx_vring_tail_ptr);
 	txdata->enabled = 1;
+	spin_unlock_bh(&txdata->lock);
+
 	if (txdata->dot1x_open && (agg_wsize >= 0))
 		wil_addba_tx_request(wil, id, agg_wsize);
 
@@ -950,9 +953,11 @@  int wil_vring_init_bcast(struct wil6210_priv *wil, int id, int size)
 		rc = -EINVAL;
 		goto out_free;
 	}
-	vring->hwtail = le32_to_cpu(reply.cmd.tx_vring_tail_ptr);
 
+	spin_lock_bh(&txdata->lock);
+	vring->hwtail = le32_to_cpu(reply.cmd.tx_vring_tail_ptr);
 	txdata->enabled = 1;
+	spin_unlock_bh(&txdata->lock);
 
 	return 0;
  out_free:

[7/8] wil6210: prevent usage of incorrect TX hwtail

Commit Message

Patch