diff options
author | Stanislaw Gruszka <sgruszka@redhat.com> | 2012-06-01 13:29:40 +0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2012-06-04 23:26:26 +0400 |
commit | e5851dac2c95af7159716832300b9f50c62c648e (patch) | |
tree | bcef494635141a3e60d158ccaeaf545e8c035984 /drivers/net/wireless/rt2x00/rt2x00queue.c | |
parent | f304a993190965f48baa49792d5ab2849ae26bf9 (diff) | |
download | linux-e5851dac2c95af7159716832300b9f50c62c648e.tar.xz |
rt2x00: use atomic variable for seqno
Remove spinlock as atomic_t can be used instead. Note we use only 16
lower bits, upper bits are changed but we impilcilty cast to u16.
This fix possible deadlock on IBSS mode reproted by lockdep:
=================================
[ INFO: inconsistent lock state ]
3.4.0-wl+ #4 Not tainted
---------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
kworker/u:2/30374 [HC0[0]:SC0[0]:HE1:SE1] takes:
(&(&intf->seqlock)->rlock){+.?...}, at: [<f9979a20>] rt2x00queue_create_tx_descriptor+0x380/0x490 [rt2x00lib]
{IN-SOFTIRQ-W} state was registered at:
[<c04978ab>] __lock_acquire+0x47b/0x1050
[<c0498504>] lock_acquire+0x84/0xf0
[<c0835733>] _raw_spin_lock+0x33/0x40
[<f9979a20>] rt2x00queue_create_tx_descriptor+0x380/0x490 [rt2x00lib]
[<f9979f2a>] rt2x00queue_write_tx_frame+0x1a/0x300 [rt2x00lib]
[<f997834f>] rt2x00mac_tx+0x7f/0x380 [rt2x00lib]
[<f98fe363>] __ieee80211_tx+0x1b3/0x300 [mac80211]
[<f98ffdf5>] ieee80211_tx+0x105/0x130 [mac80211]
[<f99000dd>] ieee80211_xmit+0xad/0x100 [mac80211]
[<f9900519>] ieee80211_subif_start_xmit+0x2d9/0x930 [mac80211]
[<c0782e87>] dev_hard_start_xmit+0x307/0x660
[<c079bb71>] sch_direct_xmit+0xa1/0x1e0
[<c0784bb3>] dev_queue_xmit+0x183/0x730
[<c078c27a>] neigh_resolve_output+0xfa/0x1e0
[<c07b436a>] ip_finish_output+0x24a/0x460
[<c07b4897>] ip_output+0xb7/0x100
[<c07b2d60>] ip_local_out+0x20/0x60
[<c07e01ff>] igmpv3_sendpack+0x4f/0x60
[<c07e108f>] igmp_ifc_timer_expire+0x29f/0x330
[<c04520fc>] run_timer_softirq+0x15c/0x2f0
[<c0449e3e>] __do_softirq+0xae/0x1e0
irq event stamp: 18380437
hardirqs last enabled at (18380437): [<c0526027>] __slab_alloc.clone.3+0x67/0x5f0
hardirqs last disabled at (18380436): [<c0525ff3>] __slab_alloc.clone.3+0x33/0x5f0
softirqs last enabled at (18377616): [<c0449eb3>] __do_softirq+0x123/0x1e0
softirqs last disabled at (18377611): [<c041278d>] do_softirq+0x9d/0xe0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(&intf->seqlock)->rlock);
<Interrupt>
lock(&(&intf->seqlock)->rlock);
*** DEADLOCK ***
4 locks held by kworker/u:2/30374:
#0: (wiphy_name(local->hw.wiphy)){++++.+}, at: [<c045cf99>] process_one_work+0x109/0x3f0
#1: ((&sdata->work)){+.+.+.}, at: [<c045cf99>] process_one_work+0x109/0x3f0
#2: (&ifibss->mtx){+.+.+.}, at: [<f98f005b>] ieee80211_ibss_work+0x1b/0x470 [mac80211]
#3: (&intf->beacon_skb_mutex){+.+...}, at: [<f997a644>] rt2x00queue_update_beacon+0x24/0x50 [rt2x00lib]
stack backtrace:
Pid: 30374, comm: kworker/u:2 Not tainted 3.4.0-wl+ #4
Call Trace:
[<c04962a6>] print_usage_bug+0x1f6/0x220
[<c0496a12>] mark_lock+0x2c2/0x300
[<c0495ff0>] ? check_usage_forwards+0xc0/0xc0
[<c04978ec>] __lock_acquire+0x4bc/0x1050
[<c0527890>] ? __kmalloc_track_caller+0x1c0/0x1d0
[<c0777fb6>] ? copy_skb_header+0x26/0x90
[<c0498504>] lock_acquire+0x84/0xf0
[<f9979a20>] ? rt2x00queue_create_tx_descriptor+0x380/0x490 [rt2x00lib]
[<c0835733>] _raw_spin_lock+0x33/0x40
[<f9979a20>] ? rt2x00queue_create_tx_descriptor+0x380/0x490 [rt2x00lib]
[<f9979a20>] rt2x00queue_create_tx_descriptor+0x380/0x490 [rt2x00lib]
[<f997a5cf>] rt2x00queue_update_beacon_locked+0x5f/0xb0 [rt2x00lib]
[<f997a64d>] rt2x00queue_update_beacon+0x2d/0x50 [rt2x00lib]
[<f9977e3a>] rt2x00mac_bss_info_changed+0x1ca/0x200 [rt2x00lib]
[<f9977c70>] ? rt2x00mac_remove_interface+0x70/0x70 [rt2x00lib]
[<f98e4dd0>] ieee80211_bss_info_change_notify+0xe0/0x1d0 [mac80211]
[<f98ef7b8>] __ieee80211_sta_join_ibss+0x3b8/0x610 [mac80211]
[<c0496ab4>] ? mark_held_locks+0x64/0xc0
[<c0440012>] ? virt_efi_query_capsule_caps+0x12/0x50
[<f98efb09>] ieee80211_sta_join_ibss+0xf9/0x140 [mac80211]
[<f98f0456>] ieee80211_ibss_work+0x416/0x470 [mac80211]
[<c0496d8b>] ? trace_hardirqs_on+0xb/0x10
[<c077683b>] ? skb_dequeue+0x4b/0x70
[<f98f207f>] ieee80211_iface_work+0x13f/0x230 [mac80211]
[<c045cf99>] ? process_one_work+0x109/0x3f0
[<c045d015>] process_one_work+0x185/0x3f0
[<c045cf99>] ? process_one_work+0x109/0x3f0
[<f98f1f40>] ? ieee80211_teardown_sdata+0xa0/0xa0 [mac80211]
[<c045ed86>] worker_thread+0x116/0x270
[<c045ec70>] ? manage_workers+0x1e0/0x1e0
[<c0462f64>] kthread+0x84/0x90
[<c0462ee0>] ? __init_kthread_worker+0x60/0x60
[<c083d382>] kernel_thread_helper+0x6/0x10
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/rt2x00/rt2x00queue.c')
-rw-r--r-- | drivers/net/wireless/rt2x00/rt2x00queue.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c index 4c662eccf53c..2fd830103415 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c @@ -207,6 +207,7 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; struct rt2x00_intf *intf = vif_to_intf(tx_info->control.vif); + u16 seqno; if (!(tx_info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)) return; @@ -238,15 +239,13 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, * sequence counting per-frame, since those will override the * sequence counter given by mac80211. */ - spin_lock(&intf->seqlock); - if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) - intf->seqno += 0x10; - hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); - hdr->seq_ctrl |= cpu_to_le16(intf->seqno); - - spin_unlock(&intf->seqlock); + seqno = atomic_add_return(0x10, &intf->seqno); + else + seqno = atomic_read(&intf->seqno); + hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); + hdr->seq_ctrl |= cpu_to_le16(seqno); } static void rt2x00queue_create_tx_descriptor_plcp(struct rt2x00_dev *rt2x00dev, |