Details

Issue of the Implementation # L0116

Brief

drivers/net/wireless/ath/ath9k/hif_usb.c: data race between request_firmware_nowait() callback and suspend()

Detailed Description

ath9k_hif_usb_probe() requests firmware asynchronically and there is some initialization postponed till firmware is ready. In particular, ath9k_hif_usb_firmware_cb() callback initializes hif_dev->tx.tx_buf and hif_dev->tx.tx_pending lists.
At the same time, ath9k_hif_usb_suspend() iterates that lists through ath9k_hif_usb_dealloc_urbs(). If suspend happens before request_firmware_nowait() callback is called, it can lead to oops.
Similar issue could be in ath9k_hif_usb_disconnect(), but it is prevented using hif_dev->fw_done completion and HIF_USB_READY flag.

Component

linux-kernel 3.10

Accepted

https://lkml.org/lkml/2013/7/1/520
commit

Status

Fixed in kernel 3.11-rc2

[Home]

Русский

About Us

Projects