mac80211: fix iflist_mtx/mtx locking in radar detection

The scan code creates an iflist_mtx -> mtx locking dependency, and a few other places, notably radar detection, were creating the opposite dependency, causing lockdep to complain. As scan and radar detection are mutually exclusive, the deadlock can't really happen in practice, but it's still bad form. A similar issue exists in the monitor mode code, but this is only used by channel-context drivers right now and those have to have hardware scan, so that also can't happen. Still, fix these issues by making some of the channel context code require the mtx to be held rather than acquiring it, thus allowing the monitor/radar callers to keep the iflist_mtx->mtx lock ordering. While at it, also fix access to the local->scanning variable in the radar code, and document that radar_detect_enabled is now properly protected by the mtx. All this would now introduce an ABBA deadlock between the DFS work cancelling and local->mtx, so change the locking there a bit to not need to use cancel_delayed_work_sync() but be able to just use cancel_delayed_work(). The work is also safely stopped/removed when the interface is stopped, so no extra changes are needed. Reported-by: Kalle Valo <kvalo@qca.qualcomm.com> Tested-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2013-12-18 03:43:33 -0500
committer: Johannes Berg <johannes.berg@intel.com> 2013-12-19 07:33:33 -0500
commit: 34a3740d6b392896b71e36cd5cd68837a8f94a5c (patch)
tree: 128f9a3e35af1e7fc768b55fc7173cac9e1a3b08 /net/mac80211/ibss.c
parent: 6924d0138acdf5026ee4463134d98e139fe025a2 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index d6ba841437b6..771080ec7212 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -293,14 +293,17 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
                radar_required = true;
        }
+        mutex_lock(&local->mtx);
        ieee80211_vif_release_channel(sdata);
        if (ieee80211_vif_use_channel(sdata, &chandef,
                                      ifibss->fixed_channel ?
                                        IEEE80211_CHANCTX_SHARED :
                                        IEEE80211_CHANCTX_EXCLUSIVE)) {
                sdata_info(sdata, "Failed to join IBSS, no channel context\n");
+                mutex_unlock(&local->mtx);
                return;
        }
+        mutex_unlock(&local->mtx);
        memcpy(ifibss->bssid, bssid, ETH_ALEN);
@@ -363,7 +366,9 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
                sdata->vif.bss_conf.ssid_len = 0;
                RCU_INIT_POINTER(ifibss->presp, NULL);
                kfree_rcu(presp, rcu_head);
+                mutex_lock(&local->mtx);
                ieee80211_vif_release_channel(sdata);
+                mutex_unlock(&local->mtx);
                sdata_info(sdata, "Failed to join IBSS, driver failure: %d\n",
                           err);
                return;
@@ -747,7 +752,9 @@ static void ieee80211_ibss_disconnect(struct ieee80211_sub_if_data *sdata)
        ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
                                                BSS_CHANGED_IBSS);
        drv_leave_ibss(local, sdata);
+        mutex_lock(&local->mtx);
        ieee80211_vif_release_channel(sdata);
+        mutex_unlock(&local->mtx);
 }
 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
author	Johannes Berg <johannes.berg@intel.com>	2013-12-18 03:43:33 -0500
committer	Johannes Berg <johannes.berg@intel.com>	2013-12-19 07:33:33 -0500
commit	34a3740d6b392896b71e36cd5cd68837a8f94a5c (patch)
tree	128f9a3e35af1e7fc768b55fc7173cac9e1a3b08 /net/mac80211/ibss.c
parent	6924d0138acdf5026ee4463134d98e139fe025a2 (diff)