Patch "drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drivers-staging-rtl8723bs-fix-locking-in-_rtw_join_t.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 00b5e95c9e77b4ab58a5684ea0167844b1133ba8
Author: Hans de Goede <hdegoede@xxxxxxxxxx>
Date:   Tue Feb 21 15:53:23 2023 +0100

    drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
    
    [ Upstream commit 215792eda008f6a1e7ed9d77fa20d582d22bb114 ]
    
    Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in
    rtw_joinbss_event_prehandle()") besides fixing the deadlock also
    modified _rtw_join_timeout_handler() to use spin_[un]lock_irq()
    instead of spin_[un]lock_bh().
    
    _rtw_join_timeout_handler() calls rtw_do_join() which takes
    pmlmepriv->scanned_queue.lock using spin_[un]lock_bh(). This
    spin_unlock_bh() call re-enables softirqs which triggers an oops in
    kernel/softirq.c: __local_bh_enable_ip() when it calls
    lockdep_assert_irqs_enabled():
    
    [  244.506087] WARNING: CPU: 2 PID: 0 at kernel/softirq.c:376 __local_bh_enable_ip+0xa6/0x100
    ...
    [  244.509022] Call Trace:
    [  244.509048]  <IRQ>
    [  244.509100]  _rtw_join_timeout_handler+0x134/0x170 [r8723bs]
    [  244.509468]  ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]
    [  244.509772]  ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]
    [  244.510076]  call_timer_fn+0x95/0x2a0
    [  244.510200]  __run_timers.part.0+0x1da/0x2d0
    
    This oops is causd by the switch to spin_[un]lock_irq() which disables
    the IRQs for the entire duration of _rtw_join_timeout_handler().
    
    Disabling the IRQs is not necessary since all code taking this lock
    runs from either user contexts or from softirqs, switch back to
    spin_[un]lock_bh() to fix this.
    
    Fixes: 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()")
    Cc: Duoming Zhou <duoming@xxxxxxxxxx>
    Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230221145326.7808-1-hdegoede@xxxxxxxxxx
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme.c b/drivers/staging/rtl8723bs/core/rtw_mlme.c
index 26c40042d2bed..f85ef7dd61b24 100644
--- a/drivers/staging/rtl8723bs/core/rtw_mlme.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme.c
@@ -1547,7 +1547,7 @@ void _rtw_join_timeout_handler(struct timer_list *t)
 	if (adapter->bDriverStopped || adapter->bSurpriseRemoved)
 		return;
 
-	spin_lock_irq(&pmlmepriv->lock);
+	spin_lock_bh(&pmlmepriv->lock);
 
 	if (rtw_to_roam(adapter) > 0) { /* join timeout caused by roaming */
 		while (1) {
@@ -1575,7 +1575,7 @@ void _rtw_join_timeout_handler(struct timer_list *t)
 
 	}
 
-	spin_unlock_irq(&pmlmepriv->lock);
+	spin_unlock_bh(&pmlmepriv->lock);
 }
 
 /*



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux