OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers
History
Emmanuel Grumbach b0e75f5df3 iwlwifi: mvm: fix setting channel in monitor mode 
commit 1c4abec0ba upstream.

There was a deadlock in monitor mode when we were setting the
channel if the channel was not 1.

======================================================
[ INFO: possible circular locking dependency detected ]
3.14.3 #4 Not tainted
-------------------------------------------------------
iw/3323 is trying to acquire lock:
 (&local->chanctx_mtx){+.+.+.}, at: [<ffffffffa062e2f2>] ieee80211_vif_release_channel+0x42/0xb0 [mac80211]

but task is already holding lock:
 (&local->iflist_mtx){+.+...}, at: [<ffffffffa0609e0a>] ieee80211_set_monitor_channel+0x5a/0x1b0 [mac80211]

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 (&local->iflist_mtx){+.+...}:
       [<ffffffff810d95bb>] __lock_acquire+0xb3b/0x13b0
       [<ffffffff810d9ee0>] lock_acquire+0xb0/0x1f0
       [<ffffffff817eb9c8>] mutex_lock_nested+0x78/0x4f0
       [<ffffffffa06225cf>] ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
       [<ffffffffa0518189>] iwl_mvm_recalc_multicast+0x49/0xa0 [iwlmvm]
       [<ffffffffa051822e>] iwl_mvm_configure_filter+0x4e/0x70 [iwlmvm]
       [<ffffffffa05e6d43>] ieee80211_configure_filter+0x153/0x5f0 [mac80211]
       [<ffffffffa05e71f5>] ieee80211_reconfig_filter+0x15/0x20 [mac80211]
       [snip]

-> #1 (&mvm->mutex){+.+.+.}:
       [<ffffffff810d95bb>] __lock_acquire+0xb3b/0x13b0
       [<ffffffff810d9ee0>] lock_acquire+0xb0/0x1f0
       [<ffffffff817eb9c8>] mutex_lock_nested+0x78/0x4f0
       [<ffffffffa0517246>] iwl_mvm_add_chanctx+0x56/0xe0 [iwlmvm]
       [<ffffffffa062ca1e>] ieee80211_new_chanctx+0x13e/0x410 [mac80211]
       [<ffffffffa062d953>] ieee80211_vif_use_channel+0x1c3/0x5a0 [mac80211]
       [<ffffffffa06035ab>] ieee80211_add_virtual_monitor+0x1ab/0x6b0 [mac80211]
       [<ffffffffa06052ea>] ieee80211_do_open+0xe6a/0x15a0 [mac80211]
       [<ffffffffa0605a79>] ieee80211_open+0x59/0x60 [mac80211]
       [snip]

-> #0 (&local->chanctx_mtx){+.+.+.}:
       [<ffffffff810d6cb7>] check_prevs_add+0x977/0x980
       [<ffffffff810d95bb>] __lock_acquire+0xb3b/0x13b0
       [<ffffffff810d9ee0>] lock_acquire+0xb0/0x1f0
       [<ffffffff817eb9c8>] mutex_lock_nested+0x78/0x4f0
       [<ffffffffa062e2f2>] ieee80211_vif_release_channel+0x42/0xb0 [mac80211]
       [<ffffffffa0609ec3>] ieee80211_set_monitor_channel+0x113/0x1b0 [mac80211]
       [<ffffffffa058fb37>] cfg80211_set_monitor_channel+0x77/0x2b0 [cfg80211]
       [<ffffffffa056e0b2>] __nl80211_set_channel+0x122/0x140 [cfg80211]
       [<ffffffffa0581374>] nl80211_set_wiphy+0x284/0xaf0 [cfg80211]
       [snip]

other info that might help us debug this:

Chain exists of:
  &local->chanctx_mtx --> &mvm->mutex --> &local->iflist_mtx

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&local->iflist_mtx);
                               lock(&mvm->mutex);
                               lock(&local->iflist_mtx);
  lock(&local->chanctx_mtx);

 *** DEADLOCK ***

This deadlock actually occurs:
INFO: task iw:3323 blocked for more than 120 seconds.
      Not tainted 3.14.3 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
iw              D ffff8800c8afcd80  4192  3323   3322 0x00000000
 ffff880078fdb7e0 0000000000000046 ffff8800c8afcd80 ffff880078fdbfd8
 00000000001d5540 00000000001d5540 ffff8801141b0000 ffff8800c8afcd80
 ffff880078ff9e38 ffff880078ff9e38 ffff880078ff9e40 0000000000000246
Call Trace:
 [<ffffffff817ea841>] schedule_preempt_disabled+0x31/0x80
 [<ffffffff817ebaed>] mutex_lock_nested+0x19d/0x4f0
 [<ffffffffa06225cf>] ? ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
 [<ffffffffa06225cf>] ? ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
 [<ffffffffa052a680>] ? iwl_mvm_power_mac_update_mode+0xc0/0xc0 [iwlmvm]
 [<ffffffffa06225cf>] ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
 [<ffffffffa0529357>] _iwl_mvm_power_update_binding+0x27/0x80 [iwlmvm]
 [<ffffffffa0516eb1>] iwl_mvm_unassign_vif_chanctx+0x81/0xc0 [iwlmvm]
 [<ffffffffa062d3ff>] __ieee80211_vif_release_channel+0xdf/0x470 [mac80211]
 [<ffffffffa062e2fa>] ieee80211_vif_release_channel+0x4a/0xb0 [mac80211]
 [<ffffffffa0609ec3>] ieee80211_set_monitor_channel+0x113/0x1b0 [mac80211]
 [<ffffffffa058fb37>] cfg80211_set_monitor_channel+0x77/0x2b0 [cfg80211]
 [<ffffffffa056e0b2>] __nl80211_set_channel+0x122/0x140 [cfg80211]
 [<ffffffffa0581374>] nl80211_set_wiphy+0x284/0xaf0 [cfg80211]

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=75541

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-06-07 10:28:23 -07:00
..
accessibility
acpi ACPI / EC: Process rather than discard events in acpi_ec_clear 2014-06-07 10:28:12 -07:00
amba
ata pata_at91: fix ata_host_activate() failure handling 2014-06-07 10:28:08 -07:00
atm
auxdisplay
base drivercore: deferral race condition fix 2014-06-07 10:28:11 -07:00
bcma
block rbd: fix error paths in rbd_img_request_fill() 2014-05-31 13:20:28 -07:00
bluetooth Revert "Bluetooth: Enable autosuspend for Intel Bluetooth device" 2014-06-07 10:28:16 -07:00
bus bus: mvebu-mbus: allow several windows with the same target/attribute 2014-06-07 10:28:22 -07:00
cdrom
char ipmi: Reset the KCS timeout when starting error recovery 2014-06-07 10:28:10 -07:00
clk clk: vexpress: NULL dereference on error path 2014-06-07 10:28:19 -07:00
clocksource clocksource: Exynos_mct: Register clock event after request_irq() 2014-06-07 10:28:08 -07:00
connector
cpufreq MIPS/loongson2_cpufreq: Fix CPU clock rate setting 2014-06-07 10:28:07 -07:00
cpuidle
crypto
dca
devfreq
dio
dma dma: edma: fix incorrect SG list handling 2014-05-13 13:32:55 +02:00
edac
eisa
extcon
firewire Merge branch 'for-3.14-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2014-03-08 11:51:13 -08:00
firmware efi: Pass correct file handle to efi_file_{read,close} 2014-05-06 07:59:29 -07:00
fmc
gpio gpio: mxs: Allow for recursive enable_irq_wake() call 2014-05-13 13:32:54 +02:00
gpu drm/nouveau/pm/fan: drop the fan lock in fan_update() before rescheduling 2014-06-07 10:28:18 -07:00
hid HID: add NO_INIT_REPORTS quirk for Synaptics Touch Pad V 103S 2014-05-31 13:20:29 -07:00
hsi
hv Drivers: hv: vmbus: Negotiate version 3.0 when running on ws2012r2 hosts 2014-05-06 07:59:29 -07:00
hwmon hwmon: (emc1403) Support full range of known chip revision numbers 2014-06-07 10:28:11 -07:00
hwspinlock
i2c i2c: i801: enable Intel BayTrail SMBUS 2014-06-07 10:28:19 -07:00
ide
idle
iio iio:imu:mpu6050: Fixed segfault in Invensens MPU driver due to null dereference 2014-06-07 10:28:15 -07:00
infiniband iser-target: Add missing se_cmd put for WRITE_PENDING in tx_comp_err 2014-05-06 07:59:34 -07:00
input Input: synaptics - change min/max quirk table to pnp-id matching 2014-06-07 10:28:21 -07:00
iommu
ipack
irqchip irqchip: armada-370-xp: Fix releasing of MSIs 2014-06-07 10:28:13 -07:00
isdn isdnloop: several buffer overflows 2014-04-14 06:50:04 -07:00
leds leds: leds-pwm: properly clean up after probe failure 2014-06-07 10:28:18 -07:00
lguest
macintosh
mailbox
md md: avoid possible spinning md thread at shutdown. 2014-06-07 10:28:12 -07:00
media media: media-device: fix infoleak in ioctl media_enum_entities() 2014-06-07 10:28:19 -07:00
memory memory: mvebu-devbus: fix the conversion of the bus width 2014-06-07 10:28:22 -07:00
memstick
message
mfd mfd: twl-core: Fix accessibility of some twl4030 audio registers 2014-05-06 07:59:26 -07:00
misc mei: ignore client writing state during cb completion 2014-05-06 07:59:25 -07:00
mmc mmc: sdhci-bcm-kona: fix build errors when built-in 2014-05-13 13:32:56 +02:00
mtd mtd: sm_ftl: heap corruption in sm_create_sysfs_attributes() 2014-05-13 13:32:55 +02:00
net iwlwifi: mvm: fix setting channel in monitor mode 2014-06-07 10:28:23 -07:00
nfc
ntb
nubus
of of/irq: do irq resolution in platform_get_irq 2014-06-07 10:28:07 -07:00
oprofile
parisc
parport
pci PCI: mvebu: split PCIe BARs into multiple MBus windows when needed 2014-06-07 10:28:22 -07:00
pcmcia
phy
pinctrl pinctrl: as3722: fix handling of GPIO invert bit 2014-05-13 13:32:54 +02:00
platform thinkpad_acpi: Fix inconsistent mute LED after resume 2014-05-13 13:32:56 +02:00
pnp PNP / ACPI: Do not return errors if _DIS or _SRS are not present 2014-06-07 10:28:12 -07:00
power
powercap
pps
ps3
ptp
pwm
rapidio
regulator regulator: arizona-ldo1: Correct default regulator init_data 2014-05-06 07:59:26 -07:00
remoteproc
reset
rpmsg
rtc drivers/rtc/rtc-hym8563.c: set uie_unsupported 2014-06-07 10:28:10 -07:00
s390 s390/chsc: fix SEI usage on old FW levels 2014-05-13 13:32:49 +02:00
sbus
scsi SCSI: megaraid: missing bounds check in mimd_to_kioc() 2014-05-31 13:20:27 -07:00
sfi
sh
sn
spi spi: dw: Don't call kfree for memory allocated by devm_kzalloc 2014-05-06 07:59:24 -07:00
ssb
staging staging: r8188eu: Calling rtw_get_stainfo() with a NULL sta_addr will return NULL 2014-05-06 07:59:26 -07:00
target target/tcm_fc: Fix use-after-free of ft_tpg 2014-05-06 07:59:29 -07:00
tc
thermal
tty 8250_core: Fix unwanted TX chars write 2014-06-07 10:28:08 -07:00
uio
usb USB: Nokia 5300 should be treated as unusual dev 2014-06-07 10:28:16 -07:00
uwb
vfio
vhost vhost: validate vhost_get_vq_desc return value 2014-03-28 16:10:35 -04:00
video tgafb: fix data copying 2014-05-13 13:32:54 +02:00
virt
virtio virtio_balloon: don't softlockup on huge balloon changes. 2014-05-13 13:32:48 +02:00
vlynq
vme
w1 w1: fix w1_send_slave dropping a slave id 2014-05-06 07:59:26 -07:00
watchdog
xen xen/events/fifo: correctly align bitops 2014-05-31 13:20:29 -07:00
zorro
Kconfig
Makefile