On 04/08/2013 05:02 AM, David Howells wrote:
The procfs-based debug interface in:
drivers/staging/rtl8192e/rtl8192e/rtl_debug.c
seems to be very broken because:
(1) proc_get_stats_ap() walks ieee->network_list with no locking.
(2) There is no locking against normal driver operations whilst we wangle the
device registers. Admittedly, this may not modify the device state since
all the pages appear memory-mapped rather than bank-swapped - but if
there are any read-to-ack type regs, then this is bad.
(3) We send the device commands and await replies - again without locking
against the normal driver (eg. proc_get_cam_register_*()).
David,
That whole driver is quite broken.
My initial response would be to delete the whole procfs structure. I have one of
those devices, but I never use it. At the moment, I do not have time to add
locking and test the changes.
Larry
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
