source: branches/chaos_calmer/package/kernel/mac80211/patches/351-0031-brcmfmac-Check-rtnl_lock-is-locked-when-removing-int.patch @ 49407

Last change on this file since 49407 was 49407, checked in by rmilecki, 12 months ago

mac80211: brcmfmac: backport changes from 2016-09-27

This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.

Signed-off-by: Rafał Miłecki <rafal@…>

File size: 5.3 KB
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c

    From 15dacf880e49ce3ecee05eb1a0c6b8e363dbacdc Mon Sep 17 00:00:00 2001
    From: "mhiramat@kernel.org" <mhiramat@kernel.org>
    Date: Mon, 15 Aug 2016 18:40:57 +0900
    Subject: [PATCH] brcmfmac: Check rtnl_lock is locked when removing interface
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    Check rtnl_lock is locked in brcmf_p2p_ifp_removed() by passing
    rtnl_locked flag. Actually the caller brcmf_del_if() checks whether
    the rtnl_lock is locked, but doesn't pass it to brcmf_p2p_ifp_removed().
    
    Without this fix, wpa_supplicant goes softlockup with rtnl_lock
    holding (this means all other process using netlink are locked up too)
    
    e.g.
    [ 4495.876627] INFO: task wpa_supplicant:7307 blocked for more than 10 seconds.
    [ 4495.876632]       Tainted: G        W       4.8.0-rc1+ #8
    [ 4495.876635] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
    [ 4495.876638] wpa_supplicant  D ffff974c647b39a0     0  7307      1 0x00000000
    [ 4495.876644]  ffff974c647b39a0 0000000000000000 ffff974c00000000 ffff974c7dc59c58
    [ 4495.876651]  ffff974c6b7417c0 ffff974c645017c0 ffff974c647b4000 ffffffff86f16c08
    [ 4495.876657]  ffff974c645017c0 0000000000000246 00000000ffffffff ffff974c647b39b8
    [ 4495.876664] Call Trace:
    [ 4495.876671]  [<ffffffff868aeccc>] schedule+0x3c/0x90
    [ 4495.876676]  [<ffffffff868af065>] schedule_preempt_disabled+0x15/0x20
    [ 4495.876682]  [<ffffffff868b0996>] mutex_lock_nested+0x176/0x3b0
    [ 4495.876686]  [<ffffffff867a2067>] ? rtnl_lock+0x17/0x20
    [ 4495.876690]  [<ffffffff867a2067>] rtnl_lock+0x17/0x20
    [ 4495.876720]  [<ffffffffc0ae9a5d>] brcmf_p2p_ifp_removed+0x4d/0x70 [brcmfmac]
    [ 4495.876741]  [<ffffffffc0aebde6>] brcmf_remove_interface+0x196/0x1b0 [brcmfmac]
    [ 4495.876760]  [<ffffffffc0ae9901>] brcmf_p2p_del_vif+0x111/0x220 [brcmfmac]
    [ 4495.876777]  [<ffffffffc0adefab>] brcmf_cfg80211_del_iface+0x21b/0x270 [brcmfmac]
    [ 4495.876820]  [<ffffffffc097b39e>] nl80211_del_interface+0xfe/0x3a0 [cfg80211]
    [ 4495.876825]  [<ffffffff867ca335>] genl_family_rcv_msg+0x1b5/0x370
    [ 4495.876832]  [<ffffffff860e5d8d>] ? trace_hardirqs_on+0xd/0x10
    [ 4495.876836]  [<ffffffff867ca56d>] genl_rcv_msg+0x7d/0xb0
    [ 4495.876839]  [<ffffffff867ca4f0>] ? genl_family_rcv_msg+0x370/0x370
    [ 4495.876846]  [<ffffffff867c9a47>] netlink_rcv_skb+0x97/0xb0
    [ 4495.876849]  [<ffffffff867ca168>] genl_rcv+0x28/0x40
    [ 4495.876854]  [<ffffffff867c93c3>] netlink_unicast+0x1d3/0x2f0
    [ 4495.876860]  [<ffffffff867c933b>] ? netlink_unicast+0x14b/0x2f0
    [ 4495.876866]  [<ffffffff867c97cb>] netlink_sendmsg+0x2eb/0x3a0
    [ 4495.876870]  [<ffffffff8676dad8>] sock_sendmsg+0x38/0x50
    [ 4495.876874]  [<ffffffff8676e4df>] ___sys_sendmsg+0x27f/0x290
    [ 4495.876882]  [<ffffffff8628b935>] ? mntput_no_expire+0x5/0x3f0
    [ 4495.876888]  [<ffffffff8628b9be>] ? mntput_no_expire+0x8e/0x3f0
    [ 4495.876894]  [<ffffffff8628b935>] ? mntput_no_expire+0x5/0x3f0
    [ 4495.876899]  [<ffffffff8628bd44>] ? mntput+0x24/0x40
    [ 4495.876904]  [<ffffffff86267830>] ? __fput+0x190/0x200
    [ 4495.876909]  [<ffffffff8676f125>] __sys_sendmsg+0x45/0x80
    [ 4495.876914]  [<ffffffff8676f172>] SyS_sendmsg+0x12/0x20
    [ 4495.876918]  [<ffffffff868b5680>] entry_SYSCALL_64_fastpath+0x23/0xc1
    [ 4495.876924]  [<ffffffff860e2b8f>] ? trace_hardirqs_off_caller+0x1f/0xc0
    
    Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
    Acked-by: Rafał Miłecki <rafal@milecki.pl>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
    ---
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 2 +-
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c  | 8 +++++---
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h  | 2 +-
     3 files changed, 7 insertions(+), 5 deletions(-)
    
    a b static void brcmf_del_if(struct brcmf_pu 
    743743                 * serious troublesome side effects. The p2p module will clean 
    744744                 * up the ifp if needed. 
    745745                 */ 
    746                 brcmf_p2p_ifp_removed(ifp); 
     746                brcmf_p2p_ifp_removed(ifp, rtnl_locked); 
    747747                kfree(ifp); 
    748748        } 
    749749} 
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c

    a b int brcmf_p2p_del_vif(struct wiphy *wiph 
    22992299        return err; 
    23002300} 
    23012301 
    2302 void brcmf_p2p_ifp_removed(struct brcmf_if *ifp) 
     2302void brcmf_p2p_ifp_removed(struct brcmf_if *ifp, bool rtnl_locked) 
    23032303{ 
    23042304        struct brcmf_cfg80211_info *cfg; 
    23052305        struct brcmf_cfg80211_vif *vif; 
    void brcmf_p2p_ifp_removed(struct brcmf_ 
    23082308        vif = ifp->vif; 
    23092309        cfg = wdev_to_cfg(&vif->wdev); 
    23102310        cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif = NULL; 
    2311         rtnl_lock(); 
     2311        if (!rtnl_locked) 
     2312                rtnl_lock(); 
    23122313        cfg80211_unregister_wdev(&vif->wdev); 
    2313         rtnl_unlock(); 
     2314        if (!rtnl_locked) 
     2315                rtnl_unlock(); 
    23142316        brcmf_free_vif(vif); 
    23152317} 
    23162318 
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.h

    a b struct wireless_dev *brcmf_p2p_add_vif(s 
    155155int brcmf_p2p_del_vif(struct wiphy *wiphy, struct wireless_dev *wdev); 
    156156int brcmf_p2p_ifchange(struct brcmf_cfg80211_info *cfg, 
    157157                       enum brcmf_fil_p2p_if_types if_type); 
    158 void brcmf_p2p_ifp_removed(struct brcmf_if *ifp); 
     158void brcmf_p2p_ifp_removed(struct brcmf_if *ifp, bool rtnl_locked); 
    159159int brcmf_p2p_start_device(struct wiphy *wiphy, struct wireless_dev *wdev); 
    160160void brcmf_p2p_stop_device(struct wiphy *wiphy, struct wireless_dev *wdev); 
    161161int brcmf_p2p_scan_prep(struct wiphy *wiphy, 
Note: See TracBrowser for help on using the repository browser.