Searched hist:fe5c271e (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/drivers/net/wireless/ath/wil6210/ |
| H A D | wmi.c | fe5c271e Thu Jan 28 11:24:04 CST 2016 Maya Erez <qca_merez@qca.qualcomm.com> wil6210: protect synchronous wmi commands handling
In case there are multiple WMI commands with the same reply_id,
the following scenario can occur:
- Driver sends the first command to the device
- The reply didn’t get on time and there is timeout
- Reply_id, reply_buf and reply_size are set to 0
- Driver sends second wmi command with the same reply_id as the first
- Driver sets wil->reply_id
- Reply for the first wmi command arrives and handled by wmi_recv_cmd
- As its ID fits the reply_id but the reply_buf is not set yet it is
handled as a reply with event handler, and WARN_ON is printed
This patch guarantee atomic setting of all the reply variables and
prevents the above scenario.
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
fe5c271e Thu Jan 28 11:24:04 CST 2016 Maya Erez <qca_merez@qca.qualcomm.com> wil6210: protect synchronous wmi commands handling
In case there are multiple WMI commands with the same reply_id,
the following scenario can occur:
- Driver sends the first command to the device
- The reply didn’t get on time and there is timeout
- Reply_id, reply_buf and reply_size are set to 0
- Driver sends second wmi command with the same reply_id as the first
- Driver sets wil->reply_id
- Reply for the first wmi command arrives and handled by wmi_recv_cmd
- As its ID fits the reply_id but the reply_buf is not set yet it is
handled as a reply with event handler, and WARN_ON is printed
This patch guarantee atomic setting of all the reply variables and
prevents the above scenario.
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|