linux_dsm_epyc7002/drivers/net/wireless
Kosuke Tatsukawa a7decc44a0 brcmfmac: fix waitqueue_active without memory barrier in brcmfmac driver
brcmf_msgbuf_ioctl_resp_wake() seems to be missing a memory barrier
which might cause the waker to not notice the waiter and miss sending a
wake_up as in the following figure.

  brcmf_msgbuf_ioctl_resp_wake		    brcmf_msgbuf_ioctl_resp_wait
------------------------------------------------------------------------
if (waitqueue_active(&msgbuf->ioctl_resp_wait))
/* The CPU might reorder the test for
   the waitqueue up here, before
   prior writes complete */
   	   	     	 	       /* wait_event_timeout */
				        /* __wait_event_timeout */
					 /* ___wait_event */
					 prepare_to_wait_event(&wq, &__wait,
					   state);
					 if (msgbuf->ctl_completed)
					 ...
msgbuf->ctl_completed = true;
					 schedule_timeout(__ret))
------------------------------------------------------------------------

There are three other place in drivers/net/wireless/brcm80211/brcmfmac/
which have similar code.  The attached patch removes the call to
waitqueue_active() leaving just wake_up() behind.  This fixes the
problem because the call to spin_lock_irqsave() in wake_up() will be an
ACQUIRE operation.

I found this issue when I was looking through the linux source code
for places calling waitqueue_active() before wake_up*(), but without
preceding memory barriers, after sending a patch to fix a similar
issue in drivers/tty/n_tty.c  (Details about the original issue can be
found here: https://lkml.org/lkml/2015/9/28/849).

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2015-12-11 13:51:59 +02:00
..
admtek adm80211: move under admtek vendor directory 2015-11-17 19:49:19 +02:00
ath brcfmac 2015-12-08 12:39:15 -05:00
atmel atmel: move under atmel vendor directory 2015-11-18 11:19:07 +02:00
broadcom brcmfmac: fix waitqueue_active without memory barrier in brcmfmac driver 2015-12-11 13:51:59 +02:00
cisco wireless: airo: re-use mac_pton() 2015-11-30 14:59:28 +02:00
intel iwlegacy: mark il_adjust_beacon_interval as noinline 2015-12-11 13:50:14 +02:00
intersil prism54: fix compare_const_fl.cocci warnings 2015-12-11 13:47:47 +02:00
marvell mwifiex: fix semicolon.cocci warnings 2015-12-11 13:40:21 +02:00
mediatek mediatek: unify Kconfig with other vendors 2015-11-18 14:28:31 +02:00
ralink rt2x00: type bug in _rt2500usb_register_read() 2015-11-30 14:57:49 +02:00
realtek rtlwifi: fix memory leak for USB device 2015-12-11 13:48:42 +02:00
rsi rsi: add vendor Kconfig entry 2015-11-18 14:28:31 +02:00
st cw1200: remove some dead code 2015-12-11 13:15:08 +02:00
ti wlcore: split wl12xx/wl18xx sg parameters 2015-12-11 13:10:59 +02:00
zydas zd1211rw: move under zydas vendor directory 2015-11-18 14:28:30 +02:00
Kconfig mac80211_hwsim: move Kconfig entry for sorting alphabetically 2015-11-18 15:23:36 +02:00
mac80211_hwsim.c mac80211_hwsim: check ATTR_FREQ for wmediumd (netlink) packets 2015-12-04 14:43:32 +01:00
mac80211_hwsim.h
Makefile ath: unify Kconfig with other vendors 2015-11-18 14:28:31 +02:00
ray_cs.c ray_cs: Change 1 to true for bool type variable. 2015-06-02 23:30:14 +03:00
ray_cs.h
rayctl.h
rndis_wlan.c rndis_wlan: fix checking for default value 2015-09-22 16:14:32 -07:00
wl3501_cs.c
wl3501.h