b43: Workaround circular locking in hw-tkip key update callback

commit 96869a39399269a776a94812e9fff3d38b47d838 upstream The TKIP key update callback is called from the RX path, where the driver mutex is already locked. This results in a circular locking bug. Avoid this by removing the lock. Johannes noted that there is a separate bug: The callback still breaks on SDIO hardware, because SDIO hardware access needs to sleep, but we are not allowed to sleep in the callback due to mac80211's RCU locking. Signed-off-by: Michael Buesch <mb@bu3sch.de> Tested-by: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: kecsa@kutfo.hit.bme.hu Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Michael Buesch <mb@bu3sch.de> 2010-03-19 11:38:33 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2010-04-01 19:02:14 -0400
commit: cb81a2ace8bd4354cc40ff341543a9791719383c (patch)
tree: b58c5a2aae434114e74f2400f1d1c75d5756d79b
parent: cf724d19f2e56135927eadc1154940d3f42f9f0e (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
index b59166c67626..629c166cc512 100644
--- a/drivers/net/wireless/b43/main.c
+++ b/drivers/net/wireless/b43/main.c
@@ -852,19 +852,16 @@ static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
        if (B43_WARN_ON(!modparam_hwtkip))
                return;
-        mutex_lock(&wl->mutex);
+        /* This is only called from the RX path through mac80211, where
+         * our mutex is already locked. */
+        B43_WARN_ON(!mutex_is_locked(&wl->mutex));
        dev = wl->current_dev;
-        if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
+        B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
-                goto out_unlock;
        keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
        rx_tkip_phase1_write(dev, index, iv32, phase1key);
        keymac_write(dev, index, addr);
-out_unlock:
-        mutex_unlock(&wl->mutex);
 }
 static void do_key_write(struct b43_wldev *dev,
author	Michael Buesch <mb@bu3sch.de>	2010-03-19 11:38:33 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2010-04-01 19:02:14 -0400
commit	cb81a2ace8bd4354cc40ff341543a9791719383c (patch)
tree	b58c5a2aae434114e74f2400f1d1c75d5756d79b
parent	cf724d19f2e56135927eadc1154940d3f42f9f0e (diff)

diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c index b59166c67626..629c166cc512 100644 --- a/drivers/net/wireless/b43/main.c +++ b/drivers/net/wireless/b43/main.c
@@ -852,19 +852,16 @@ static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
852	if (B43_WARN_ON(!modparam_hwtkip))	852	if (B43_WARN_ON(!modparam_hwtkip))
853	return;	853	return;
854		854
855	mutex_lock(&wl->mutex);	855	/* This is only called from the RX path through mac80211, where
856		856	* our mutex is already locked. */
		857	B43_WARN_ON(!mutex_is_locked(&wl->mutex));
857	dev = wl->current_dev;	858	dev = wl->current_dev;
858	if (!dev \|\| b43_status(dev) < B43_STAT_INITIALIZED)	859	B43_WARN_ON(!dev \|\| b43_status(dev) < B43_STAT_INITIALIZED);
859	goto out_unlock;
860		860
861	keymac_write(dev, index, NULL); /* First zero out mac to avoid race */	861	keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
862		862
863	rx_tkip_phase1_write(dev, index, iv32, phase1key);	863	rx_tkip_phase1_write(dev, index, iv32, phase1key);
864	keymac_write(dev, index, addr);	864	keymac_write(dev, index, addr);
865
866	out_unlock:
867	mutex_unlock(&wl->mutex);
868	}	865	}
869		866
870	static void do_key_write(struct b43_wldev *dev,	867	static void do_key_write(struct b43_wldev *dev,