From 4f29b348bdc08e6a30242f0d14d6672019ffd1bb Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Sat, 25 Jun 2016 13:37:46 -0500 Subject: [PATCH] rtlwifi: rtl8723ae: Fix potential race condition Flag rfchange_inprogress in struct rtl_ps_ctl is protected by a spinlock in most routines but not in rtl8723e_dm_watchdog(), which could lead to a race condition. The necessary locking to prevent this condition is added. Reported-by: Pavel Andrianov Signed-off-by: Larry Finger Cc: Pavel Andrianov Signed-off-by: Kalle Valo --- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c index 4c1c96c96a5a..3900e106de31 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c @@ -816,6 +816,7 @@ void rtl8723e_dm_watchdog(struct ieee80211_hw *hw) if (ppsc->p2p_ps_info.p2p_ps_mode) fw_ps_awake = false; + spin_lock(&rtlpriv->locks.rf_ps_lock); if ((ppsc->rfpwr_state == ERFON) && ((!fw_current_inpsmode) && fw_ps_awake) && (!ppsc->rfchange_inprogress)) { @@ -829,6 +830,7 @@ void rtl8723e_dm_watchdog(struct ieee80211_hw *hw) rtl8723e_dm_bt_coexist(hw); rtl8723e_dm_check_edca_turbo(hw); } + spin_unlock(&rtlpriv->locks.rf_ps_lock); if (rtlpriv->btcoexist.init_set) rtl_write_byte(rtlpriv, 0x76e, 0xc); }