Commit fbc9f97b authored by Reinette Chatre's avatar Reinette Chatre Committed by John W. Linville

iwlwifi: do not cancel delayed work inside spin_lock_irqsave

Calling cancel_delayed_work() from inside
spin_lock_irqsave, introduces a potential deadlock.

As explained by Johannes Berg <johannes@sipsolutions.net>

A - lock
T - timer

phase                   CPU 1           CPU 2
---------------------------------------------

some place that calls
cancel_timer_sync()
(which is the | code)
                                        lock-irq(A)
|                                       "lock-irq"(T)
|                                       "unlock"(T)
|                                       wait(T)
                                        unlock(A)

timer softirq
                        "lock"(T)
                        run(T)
                        "unlock"(T)

irq handler
          lock(A)
          unlock(A)

Now all that again, interleaved, leading to deadlock:

                                        lock-irq(A)
                        "lock"(T)
                         run(T)
IRQ during or maybe
before run(T) -->        lock(A)
                                        "lock-irq"(T)
                                        wait(T)

We fix this by moving the call to cancel_delayed_work() into workqueue.
There are cases where the work may not actually be queued or running
at the time we are trying to cancel it, but cancel_delayed_work() is
able to deal with this.

Also cleanup iwl_set_mode related to this call. This function
(iwl_set_mode) is only called when bringing interface up and there will
thus not be any scanning done. No need to try to cancel scanning.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=13224, which was also
reported at http://marc.info/?l=linux-wireless&m=124081921903223&w=2 .
Tested-by: default avatarMiles Lane <miles.lane@gmail.com>
Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
Acked-by: default avatarZhu Yi <yi.zhu@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent a54be5d4
...@@ -669,13 +669,6 @@ static int iwl_set_mode(struct iwl_priv *priv, int mode) ...@@ -669,13 +669,6 @@ static int iwl_set_mode(struct iwl_priv *priv, int mode)
if (!iwl_is_ready_rf(priv)) if (!iwl_is_ready_rf(priv))
return -EAGAIN; return -EAGAIN;
cancel_delayed_work(&priv->scan_check);
if (iwl_scan_cancel_timeout(priv, 100)) {
IWL_WARN(priv, "Aborted scan still in progress after 100ms\n");
IWL_DEBUG_MAC80211(priv, "leaving - scan abort failed.\n");
return -EAGAIN;
}
iwl_commit_rxon(priv); iwl_commit_rxon(priv);
return 0; return 0;
......
...@@ -227,9 +227,6 @@ static void iwl_rx_scan_complete_notif(struct iwl_priv *priv, ...@@ -227,9 +227,6 @@ static void iwl_rx_scan_complete_notif(struct iwl_priv *priv,
/* The HW is no longer scanning */ /* The HW is no longer scanning */
clear_bit(STATUS_SCAN_HW, &priv->status); clear_bit(STATUS_SCAN_HW, &priv->status);
/* The scan completion notification came in, so kill that timer... */
cancel_delayed_work(&priv->scan_check);
IWL_DEBUG_INFO(priv, "Scan pass on %sGHz took %dms\n", IWL_DEBUG_INFO(priv, "Scan pass on %sGHz took %dms\n",
(priv->scan_bands & BIT(IEEE80211_BAND_2GHZ)) ? (priv->scan_bands & BIT(IEEE80211_BAND_2GHZ)) ?
"2.4" : "5.2", "2.4" : "5.2",
...@@ -712,6 +709,8 @@ static void iwl_bg_request_scan(struct work_struct *data) ...@@ -712,6 +709,8 @@ static void iwl_bg_request_scan(struct work_struct *data)
mutex_lock(&priv->mutex); mutex_lock(&priv->mutex);
cancel_delayed_work(&priv->scan_check);
if (!iwl_is_ready(priv)) { if (!iwl_is_ready(priv)) {
IWL_WARN(priv, "request scan called when driver not ready.\n"); IWL_WARN(priv, "request scan called when driver not ready.\n");
goto done; goto done;
...@@ -925,6 +924,8 @@ void iwl_bg_scan_completed(struct work_struct *work) ...@@ -925,6 +924,8 @@ void iwl_bg_scan_completed(struct work_struct *work)
IWL_DEBUG_SCAN(priv, "SCAN complete scan\n"); IWL_DEBUG_SCAN(priv, "SCAN complete scan\n");
cancel_delayed_work(&priv->scan_check);
ieee80211_scan_completed(priv->hw, false); ieee80211_scan_completed(priv->hw, false);
if (test_bit(STATUS_EXIT_PENDING, &priv->status)) if (test_bit(STATUS_EXIT_PENDING, &priv->status))
......
...@@ -782,13 +782,6 @@ static int iwl3945_set_mode(struct iwl_priv *priv, int mode) ...@@ -782,13 +782,6 @@ static int iwl3945_set_mode(struct iwl_priv *priv, int mode)
if (!iwl_is_ready_rf(priv)) if (!iwl_is_ready_rf(priv))
return -EAGAIN; return -EAGAIN;
cancel_delayed_work(&priv->scan_check);
if (iwl_scan_cancel_timeout(priv, 100)) {
IWL_WARN(priv, "Aborted scan still in progress after 100ms\n");
IWL_DEBUG_MAC80211(priv, "leaving - scan abort failed.\n");
return -EAGAIN;
}
iwl3945_commit_rxon(priv); iwl3945_commit_rxon(priv);
return 0; return 0;
...@@ -3298,6 +3291,8 @@ static void iwl3945_bg_request_scan(struct work_struct *data) ...@@ -3298,6 +3291,8 @@ static void iwl3945_bg_request_scan(struct work_struct *data)
mutex_lock(&priv->mutex); mutex_lock(&priv->mutex);
cancel_delayed_work(&priv->scan_check);
if (!iwl_is_ready(priv)) { if (!iwl_is_ready(priv)) {
IWL_WARN(priv, "request scan called when driver not ready.\n"); IWL_WARN(priv, "request scan called when driver not ready.\n");
goto done; goto done;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment