cfg80211: fix deadlock with rfkill/sched_scan by adding new mutex

There was a deadlock when rfkill-blocking a wireless interface, because we were locking the rdev mutex on NETDEV_GOING_DOWN to stop sched_scans that were eventually running. The rfkill block code was already holding a mutex under rdev: kernel: ======================================================= kernel: [ INFO: possible circular locking dependency detected ] kernel: 3.0.0-rc1-00049-g1fa7b6a #57 kernel: ------------------------------------------------------- kernel: kworker/0:1/4525 is trying to acquire lock: kernel: (&rdev->mtx){+.+.+.}, at: [<ffffffff8164c831>] cfg80211_netdev_notifier_call+0x131/0x5b0 kernel: kernel: but task is already holding lock: kernel: (&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff8164dcef>] cfg80211_rfkill_set_block+0x4f/0xa0 kernel: kernel: which lock already depends on the new lock. To fix this, add a new mutex specifically for sched_scan, to protect the sched_scan_req element in the rdev struct, instead of using the global rdev mutex. Reported-by: Duane Griffin <duaneg@dghda.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Luciano Coelho <coelho@ti.com> 2011-06-30 01:32:41 -0400
committer: John W. Linville <linville@tuxdriver.com> 2011-07-05 14:42:36 -0400
commit: c10841ca722a0bc960dc541c51582773f9a24f98 (patch)
tree: f1e5901db0a530cfd4008f718a908a86bddcb333 /net/wireless/scan.c
parent: 37000b305bff81bb1ee2f7f37b1319b670a08f76 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 7a6c67667d70..ae0c2256ba3b 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -100,14 +100,14 @@ void __cfg80211_sched_scan_results(struct work_struct *wk)
        rdev = container_of(wk, struct cfg80211_registered_device,
                            sched_scan_results_wk);
-        cfg80211_lock_rdev(rdev);
+        mutex_lock(&rdev->sched_scan_mtx);
        /* we don't have sched_scan_req anymore if the scan is stopping */
        if (rdev->sched_scan_req)
                nl80211_send_sched_scan_results(rdev,
                                                rdev->sched_scan_req->dev);
-        cfg80211_unlock_rdev(rdev);
+        mutex_unlock(&rdev->sched_scan_mtx);
 }
 void cfg80211_sched_scan_results(struct wiphy *wiphy)
@@ -123,9 +123,9 @@ void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
 {
        struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
-        cfg80211_lock_rdev(rdev);
+        mutex_lock(&rdev->sched_scan_mtx);
        __cfg80211_stop_sched_scan(rdev, true);
-        cfg80211_unlock_rdev(rdev);
+        mutex_unlock(&rdev->sched_scan_mtx);
 }
 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
@@ -135,7 +135,7 @@ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
        int err;
        struct net_device *dev;
-        ASSERT_RDEV_LOCK(rdev);
+        lockdep_assert_held(&rdev->sched_scan_mtx);
        if (!rdev->sched_scan_req)
                return 0;
author	Luciano Coelho <coelho@ti.com>	2011-06-30 01:32:41 -0400
committer	John W. Linville <linville@tuxdriver.com>	2011-07-05 14:42:36 -0400
commit	c10841ca722a0bc960dc541c51582773f9a24f98 (patch)
tree	f1e5901db0a530cfd4008f718a908a86bddcb333 /net/wireless/scan.c
parent	37000b305bff81bb1ee2f7f37b1319b670a08f76 (diff)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 7a6c67667d70..ae0c2256ba3b 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c
@@ -100,14 +100,14 @@ void __cfg80211_sched_scan_results(struct work_struct *wk)
100	rdev = container_of(wk, struct cfg80211_registered_device,	100	rdev = container_of(wk, struct cfg80211_registered_device,
101	sched_scan_results_wk);	101	sched_scan_results_wk);
102		102
103	cfg80211_lock_rdev(rdev);	103	mutex_lock(&rdev->sched_scan_mtx);
104		104
105	/* we don't have sched_scan_req anymore if the scan is stopping */	105	/* we don't have sched_scan_req anymore if the scan is stopping */
106	if (rdev->sched_scan_req)	106	if (rdev->sched_scan_req)
107	nl80211_send_sched_scan_results(rdev,	107	nl80211_send_sched_scan_results(rdev,
108	rdev->sched_scan_req->dev);	108	rdev->sched_scan_req->dev);
109		109
110	cfg80211_unlock_rdev(rdev);	110	mutex_unlock(&rdev->sched_scan_mtx);
111	}	111	}
112		112
113	void cfg80211_sched_scan_results(struct wiphy *wiphy)	113	void cfg80211_sched_scan_results(struct wiphy *wiphy)
@@ -123,9 +123,9 @@ void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
123	{	123	{
124	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);	124	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
125		125
126	cfg80211_lock_rdev(rdev);	126	mutex_lock(&rdev->sched_scan_mtx);
127	__cfg80211_stop_sched_scan(rdev, true);	127	__cfg80211_stop_sched_scan(rdev, true);
128	cfg80211_unlock_rdev(rdev);	128	mutex_unlock(&rdev->sched_scan_mtx);
129	}	129	}
130	EXPORT_SYMBOL(cfg80211_sched_scan_stopped);	130	EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
131		131
@@ -135,7 +135,7 @@ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
135	int err;	135	int err;
136	struct net_device *dev;	136	struct net_device *dev;
137		137
138	ASSERT_RDEV_LOCK(rdev);	138	lockdep_assert_held(&rdev->sched_scan_mtx);
139		139
140	if (!rdev->sched_scan_req)	140	if (!rdev->sched_scan_req)
141	return 0;	141	return 0;