[kernel/f14/master] hostap_cs-fix-sleeping-function-called-from-invalid-context.patch

Kyle McMartin kyle at fedoraproject.org
Tue Jan 18 20:00:55 UTC 2011 

commit 7aeac617c08179f4e9a051ada1fc62d7593bedd3
Author: Kyle McMartin <kyle at redhat.com>
Date:   Tue Jan 18 14:48:55 2011 -0500

    hostap_cs-fix-sleeping-function-called-from-invalid-context.patch

 ...ping-function-called-from-invalid-context.patch |   76 ++++++++++++++++++++
 kernel.spec                                        |   10 +++
 2 files changed, 86 insertions(+), 0 deletions(-)
---
diff --git a/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch b/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch
new file mode 100644
index 0000000..5d3a917
--- /dev/null
+++ b/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch
@@ -0,0 +1,76 @@
+From sgruszka at redhat.com Mon Jan 17 08:03:52 2011
+From: Stanislaw Gruszka <sgruszka at redhat.com>
+To: stable at kernel.org, kernel at lists.fedoraproject.org
+Subject: [PATCH 2.6.35.y] hostap_cs: fix sleeping function called from invalid context
+Date: Mon, 17 Jan 2011 14:03:36 +0100
+Message-Id: <1295269416-4870-1-git-send-email-sgruszka at redhat.com>
+
+commit 4e5518ca53be29c1ec3c00089c97bef36bfed515 upstream.
+
+pcmcia_request_irq() and pcmcia_enable_device() are intended
+to be called from process context (first function allocate memory
+with GFP_KERNEL, second take a mutex). We can not take spin lock
+and call them.
+
+It's safe to move spin lock after pcmcia_enable_device() as we
+still hold off IRQ until dev->base_addr is 0 and driver will
+not proceed with interrupts when is not ready.
+
+Patch resolves:
+https://bugzilla.redhat.com/show_bug.cgi?id=643758
+
+Reported-and-tested-by: rbugz at biobind.com
+Signed-off-by: Stanislaw Gruszka <sgruszka at redhat.com>
+---
+ drivers/net/wireless/hostap/hostap_cs.c |   15 ++++++---------
+ 1 files changed, 6 insertions(+), 9 deletions(-)
+
+diff --git a/drivers/net/wireless/hostap/hostap_cs.c b/drivers/net/wireless/hostap/hostap_cs.c
+index 29b31a6..4ebf63d 100644
+--- a/drivers/net/wireless/hostap/hostap_cs.c
++++ b/drivers/net/wireless/hostap/hostap_cs.c
+@@ -627,14 +627,13 @@ static int prism2_config(struct pcmcia_device *link)
+ 	hw_priv->link = link;
+ 
+ 	/*
+-	 * Make sure the IRQ handler cannot proceed until at least
+-	 * dev->base_addr is initialized.
++	 * We enable IRQ here, but IRQ handler will not proceed
++	 * until dev->base_addr is set below. This protect us from
++	 * receive interrupts when driver is not initialized.
+ 	 */
+-	spin_lock_irqsave(&local->irq_init_lock, flags);
+-
+ 	ret = pcmcia_request_irq(link, prism2_interrupt);
+ 	if (ret)
+-		goto failed_unlock;
++		goto failed;
+ 
+ 	/*
+ 	 * This actually configures the PCMCIA socket -- setting up
+@@ -643,11 +642,11 @@ static int prism2_config(struct pcmcia_device *link)
+ 	 */
+ 	ret = pcmcia_request_configuration(link, &link->conf);
+ 	if (ret)
+-		goto failed_unlock;
++		goto failed;
+ 
++	spin_lock_irqsave(&local->irq_init_lock, flags);
+ 	dev->irq = link->irq;
+ 	dev->base_addr = link->io.BasePort1;
+-
+ 	spin_unlock_irqrestore(&local->irq_init_lock, flags);
+ 
+ 	/* Finally, report what we've done */
+@@ -676,8 +675,6 @@ static int prism2_config(struct pcmcia_device *link)
+ 
+ 	return ret;
+ 
+- failed_unlock:
+-	 spin_unlock_irqrestore(&local->irq_init_lock, flags);
+  failed:
+ 	kfree(hw_priv);
+ 	prism2_release((u_long)link);
+-- 
+1.7.1
+
diff --git a/kernel.spec b/kernel.spec
index c069063..78d8e0a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -826,6 +826,9 @@ Patch13702: block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_u
 # RHBZ #669511
 Patch13703: btrfs-fix-typo-in-fallocate-to-make-it-honor-actual-size.patch
 
+# rhbz#643758
+Patch13704: hostap_cs-fix-sleeping-function-called-from-invalid-context.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1551,6 +1554,9 @@ ApplyPatch e1000e-82566DC-fails-to-get-link.patch
 # CVE-2010-4668
 ApplyPatch block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch
 
+# rhbz#643758
+ApplyPatch hostap_cs-fix-sleeping-function-called-from-invalid-context.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2137,6 +2143,10 @@ fi
 # and build.
 
 %changelog
+* Tue Jan 18 2011 Kyle McMartin <kmcmartin at redhat.com>
+- sgruszka: hostap_cs: fix sleeping function called in invalid
+  context (#643758)
+
 * Tue Jan 18 2011 Jarod Wilson <jarod at redhat.com> 2.6.35.10-78
 - Rebase v4l/dvb/rc bits to 2.6.38-rc1 code
 - Fix lirc_serial transmit (#658600)

More information about the scm-commits mailing list