Brian Norris <briannorris@xxxxxxxxxxxx> writes: > Hi Ganapathi, > > On Fri, Jun 01, 2018 at 04:11:20PM +0530, Ganapathi Bhat wrote: >> Race condition is observed during rmmod of mwifiex_usb: >> >> 1. The rmmod thread will call mwifiex_usb_disconnect(), download >> SHUTDOWN command and do wait_event_interruptible_timeout(), >> waiting for response. >> >> 2. The main thread will handle the response and will do a >> wake_up_interruptible(), unblocking rmmod thread. >> >> 3. On getting unblocked, rmmod thread will make rx_cmd.urb = NULL in >> mwifiex_usb_free(). >> >> 4. The main thread will try to resubmit rx_cmd.urb in >> mwifiex_usb_submit_rx_urb(), which is NULL. >> >> To fix this, move mwifiex_usb_free() from mwifiex_usb_disconnect >> to mwifiex_unregister_dev(). Function mwifiex_unregister_dev() is >> called after flushing the command and RX work queues. >> >> Signed-off-by: Brian Norris <briannorris@xxxxxxxxxxxx> > > ^^ I'm not sure if that line is quite accurate. While I nearly spelled > out what the patch would look like, you wrote it. > > Anyway, patch seems good to me, assuming it tests out OK for you: > > Reviewed-by: Brian Norris <briannorris@xxxxxxxxxxxx> > > and if Kalle hasn't applied this yet, an alternative to Signed-off-by: > > Suggested-by: Brian Norris <briannorris@xxxxxxxxxxxx> Ok, I'll change that. -- Kalle Valo
