source: branches/chaos_calmer/package/kernel/mac80211/patches/351-0032-brcmfmac-Change-vif_event_lock-to-spinlock.patch @ 49407

Last change on this file since 49407 was 49407, checked in by rmilecki, 12 months ago

mac80211: brcmfmac: backport changes from 2016-09-27

This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.

Signed-off-by: Rafał Miłecki <rafal@…>

File size: 8.9 KB
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c

    From b64abcb7dae6060c67ab0e548da3ef923c49641d Mon Sep 17 00:00:00 2001
    From: "mhiramat@kernel.org" <mhiramat@kernel.org>
    Date: Mon, 15 Aug 2016 18:41:12 +0900
    Subject: [PATCH] brcmfmac: Change vif_event_lock to spinlock
    
    Change vif_event_lock to spinlock from mutex, since this lock is
    used in wait_event_timeout() via vif_event_equals(). This caused
    a warning report as below.
    
    As far as I can see, this lock protects regions where updating
    structure members, not function calls. Also, since those
    regions are not called from interrupt handlers (of course, it
    was a mutex), spin_lock is used instead of spin_lock_irqsave.
    
    [  186.678550] ------------[ cut here ]------------
    [  186.678556] WARNING: CPU: 2 PID: 7140 at /home/mhiramat/ksrc/linux/kernel/sched/core.c:7545 __might_sleep+0x7c/0x80
    [  186.678560] do not call blocking ops when !TASK_RUNNING; state=2 set at [<ffffffff980d9090>] prepare_to_wait_event+0x60/0x100
    [  186.678560] Modules linked in: brcmfmac xt_CHECKSUM rfcomm ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_addrtype br_netfilter xt_tcpudp ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_raw ip6table_security ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_raw iptable_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_filter ip_tables x_tables bnep nls_iso8859_1 i2c_designware_platform i2c_designware_core snd_hda_codec_hdmi snd_hda_codec_realtek dcdbas snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal intel_powerclamp coretemp
    [  186.678594]  snd_pcm crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 joydev glue_helper snd_hwdep lrw gf128mul uvcvideo ablk_helper snd_seq_midi cryptd snd_seq_midi_event snd_rawmidi videobuf2_vmalloc videobuf2_memops snd_seq input_leds videobuf2_v4l2 cfg80211 videobuf2_core snd_timer videodev serio_raw btusb snd_seq_device media btrtl rtsx_pci_ms snd mei_me memstick hid_multitouch mei soundcore brcmutil idma64 virt_dma intel_lpss_pci processor_thermal_device intel_soc_dts_iosf hci_uart btbcm btqca btintel bluetooth int3403_thermal dell_smo8800 intel_lpss_acpi intel_lpss int3402_thermal int340x_thermal_zone intel_hid mac_hid int3400_thermal shpchp sparse_keymap acpi_pad acpi_thermal_rel acpi_als kfifo_buf industrialio kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq
    [  186.678631]  usbhid nouveau ttm i915 rtsx_pci_sdmmc mxm_wmi i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm ahci rtsx_pci nvme nvme_core libahci i2c_hid hid pinctrl_sunrisepoint video wmi pinctrl_intel fjes [last unloaded: brcmfmac]
    [  186.678646] CPU: 2 PID: 7140 Comm: wpa_supplicant Not tainted 4.8.0-rc1+ #8
    [  186.678647] Hardware name: Dell Inc. XPS 15 9550/0N7TVV, BIOS 01.02.00 04/07/2016
    [  186.678648]  0000000000000000 ffff9d8c64b5b900 ffffffff98442f23 ffff9d8c64b5b950
    [  186.678651]  0000000000000000 ffff9d8c64b5b940 ffffffff9808b22b 00001d790000000d
    [  186.678653]  ffffffff98c75e78 000000000000026c 0000000000000000 ffff9d8c2706d058
    [  186.678655] Call Trace:
    [  186.678659]  [<ffffffff98442f23>] dump_stack+0x85/0xc2
    [  186.678666]  [<ffffffff9808b22b>] __warn+0xcb/0xf0
    [  186.678668]  [<ffffffff9808b29f>] warn_slowpath_fmt+0x4f/0x60
    [  186.678671]  [<ffffffff980d9090>] ? prepare_to_wait_event+0x60/0x100
    [  186.678672]  [<ffffffff980d9090>] ? prepare_to_wait_event+0x60/0x100
    [  186.678674]  [<ffffffff980b922c>] __might_sleep+0x7c/0x80
    [  186.678680]  [<ffffffff988b0853>] mutex_lock_nested+0x33/0x3b0
    [  186.678682]  [<ffffffff980e5d8d>] ? trace_hardirqs_on+0xd/0x10
    [  186.678689]  [<ffffffffc0c57d2d>] brcmf_cfg80211_wait_vif_event+0xcd/0x130 [brcmfmac]
    [  186.678691]  [<ffffffff980d9190>] ? wake_atomic_t_function+0x60/0x60
    [  186.678697]  [<ffffffffc0c628e9>] brcmf_p2p_del_vif+0xf9/0x220 [brcmfmac]
    [  186.678702]  [<ffffffffc0c57fab>] brcmf_cfg80211_del_iface+0x21b/0x270 [brcmfmac]
    [  186.678716]  [<ffffffffc0b0539e>] nl80211_del_interface+0xfe/0x3a0 [cfg80211]
    [  186.678718]  [<ffffffff987ca335>] genl_family_rcv_msg+0x1b5/0x370
    [  186.678720]  [<ffffffff980e5d8d>] ? trace_hardirqs_on+0xd/0x10
    [  186.678721]  [<ffffffff987ca56d>] genl_rcv_msg+0x7d/0xb0
    [  186.678722]  [<ffffffff987ca4f0>] ? genl_family_rcv_msg+0x370/0x370
    [  186.678724]  [<ffffffff987c9a47>] netlink_rcv_skb+0x97/0xb0
    [  186.678726]  [<ffffffff987ca168>] genl_rcv+0x28/0x40
    [  186.678727]  [<ffffffff987c93c3>] netlink_unicast+0x1d3/0x2f0
    [  186.678729]  [<ffffffff987c933b>] ? netlink_unicast+0x14b/0x2f0
    [  186.678731]  [<ffffffff987c97cb>] netlink_sendmsg+0x2eb/0x3a0
    [  186.678733]  [<ffffffff9876dad8>] sock_sendmsg+0x38/0x50
    [  186.678734]  [<ffffffff9876e4df>] ___sys_sendmsg+0x27f/0x290
    [  186.678737]  [<ffffffff9828b935>] ? mntput_no_expire+0x5/0x3f0
    [  186.678739]  [<ffffffff9828b9be>] ? mntput_no_expire+0x8e/0x3f0
    [  186.678741]  [<ffffffff9828b935>] ? mntput_no_expire+0x5/0x3f0
    [  186.678743]  [<ffffffff9828bd44>] ? mntput+0x24/0x40
    [  186.678744]  [<ffffffff98267830>] ? __fput+0x190/0x200
    [  186.678746]  [<ffffffff9876f125>] __sys_sendmsg+0x45/0x80
    [  186.678748]  [<ffffffff9876f172>] SyS_sendmsg+0x12/0x20
    [  186.678749]  [<ffffffff988b5680>] entry_SYSCALL_64_fastpath+0x23/0xc1
    [  186.678751]  [<ffffffff980e2b8f>] ? trace_hardirqs_off_caller+0x1f/0xc0
    [  186.678752] ---[ end trace e224d66c5d8408b5 ]---
    
    Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
    Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
    Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
    ---
     .../broadcom/brcm80211/brcmfmac/cfg80211.c         | 26 +++++++++++-----------
     .../broadcom/brcm80211/brcmfmac/cfg80211.h         |  2 +-
     2 files changed, 14 insertions(+), 14 deletions(-)
    
    a b static s32 brcmf_notify_vif_event(struct 
    55555555                  ifevent->action, ifevent->flags, ifevent->ifidx, 
    55565556                  ifevent->bsscfgidx); 
    55575557 
    5558         mutex_lock(&event->vif_event_lock); 
     5558        spin_lock(&event->vif_event_lock); 
    55595559        event->action = ifevent->action; 
    55605560        vif = event->vif; 
    55615561 
    static s32 brcmf_notify_vif_event(struct 
    55635563        case BRCMF_E_IF_ADD: 
    55645564                /* waiting process may have timed out */ 
    55655565                if (!cfg->vif_event.vif) { 
    5566                         mutex_unlock(&event->vif_event_lock); 
     5566                        spin_unlock(&event->vif_event_lock); 
    55675567                        return -EBADF; 
    55685568                } 
    55695569 
    static s32 brcmf_notify_vif_event(struct 
    55745574                        ifp->ndev->ieee80211_ptr = &vif->wdev; 
    55755575                        SET_NETDEV_DEV(ifp->ndev, wiphy_dev(cfg->wiphy)); 
    55765576                } 
    5577                 mutex_unlock(&event->vif_event_lock); 
     5577                spin_unlock(&event->vif_event_lock); 
    55785578                wake_up(&event->vif_wq); 
    55795579                return 0; 
    55805580 
    55815581        case BRCMF_E_IF_DEL: 
    5582                 mutex_unlock(&event->vif_event_lock); 
     5582                spin_unlock(&event->vif_event_lock); 
    55835583                /* event may not be upon user request */ 
    55845584                if (brcmf_cfg80211_vif_event_armed(cfg)) 
    55855585                        wake_up(&event->vif_wq); 
    55865586                return 0; 
    55875587 
    55885588        case BRCMF_E_IF_CHANGE: 
    5589                 mutex_unlock(&event->vif_event_lock); 
     5589                spin_unlock(&event->vif_event_lock); 
    55905590                wake_up(&event->vif_wq); 
    55915591                return 0; 
    55925592 
    55935593        default: 
    5594                 mutex_unlock(&event->vif_event_lock); 
     5594                spin_unlock(&event->vif_event_lock); 
    55955595                break; 
    55965596        } 
    55975597        return -EINVAL; 
    static void wl_deinit_priv(struct brcmf_ 
    57125712static void init_vif_event(struct brcmf_cfg80211_vif_event *event) 
    57135713{ 
    57145714        init_waitqueue_head(&event->vif_wq); 
    5715         mutex_init(&event->vif_event_lock); 
     5715        spin_lock_init(&event->vif_event_lock); 
    57165716} 
    57175717 
    57185718static s32 brcmf_dongle_roam(struct brcmf_if *ifp) 
    static inline bool vif_event_equals(stru 
    66076607{ 
    66086608        u8 evt_action; 
    66096609 
    6610         mutex_lock(&event->vif_event_lock); 
     6610        spin_lock(&event->vif_event_lock); 
    66116611        evt_action = event->action; 
    6612         mutex_unlock(&event->vif_event_lock); 
     6612        spin_unlock(&event->vif_event_lock); 
    66136613        return evt_action == action; 
    66146614} 
    66156615 
    void brcmf_cfg80211_arm_vif_event(struct 
    66186618{ 
    66196619        struct brcmf_cfg80211_vif_event *event = &cfg->vif_event; 
    66206620 
    6621         mutex_lock(&event->vif_event_lock); 
     6621        spin_lock(&event->vif_event_lock); 
    66226622        event->vif = vif; 
    66236623        event->action = 0; 
    6624         mutex_unlock(&event->vif_event_lock); 
     6624        spin_unlock(&event->vif_event_lock); 
    66256625} 
    66266626 
    66276627bool brcmf_cfg80211_vif_event_armed(struct brcmf_cfg80211_info *cfg) 
    bool brcmf_cfg80211_vif_event_armed(stru 
    66296629        struct brcmf_cfg80211_vif_event *event = &cfg->vif_event; 
    66306630        bool armed; 
    66316631 
    6632         mutex_lock(&event->vif_event_lock); 
     6632        spin_lock(&event->vif_event_lock); 
    66336633        armed = event->vif != NULL; 
    6634         mutex_unlock(&event->vif_event_lock); 
     6634        spin_unlock(&event->vif_event_lock); 
    66356635 
    66366636        return armed; 
    66376637} 
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h

    a b struct escan_info { 
    227227 */ 
    228228struct brcmf_cfg80211_vif_event { 
    229229        wait_queue_head_t vif_wq; 
    230         struct mutex vif_event_lock; 
     230        spinlock_t vif_event_lock; 
    231231        u8 action; 
    232232        struct brcmf_cfg80211_vif *vif; 
    233233}; 
Note: See TracBrowser for help on using the repository browser.