From: Stanislaw Gruszka <sgruszka@redhat.com>
To: linux-wireless@vger.kernel.org,
Johannes Berg <johannes@sipsolutions.net>
Subject: [RFC] mac80211: fix resuming when device is gone
Date: Mon, 8 Aug 2011 16:19:01 +0200 [thread overview]
Message-ID: <20110808141900.GA25857@redhat.com> (raw)
Is possible that usb hardware can be unplugged during or before resume.
If so do not call ieee80211_reconfig(), which among other things arm
sta_cleanup timer. Timer callback then operate on freed memory.
WARNING: at lib/debugobjects.c:262 debug_print_object+0x85/0xa0()
Hardware name: 6369CTO
ODEBUG: free active (active state 0) object type: timer_list hint:
sta_info_cleanup+0x0/0x1f0 [mac80211]
Modules linked in: rt73usb crc_itu_t rt2x00usb rt2x00lib mac80211
cfg80211 aes_i586 aes_generic fuse bridge stp llc autofs4 sunrpc
cpufreq_ondemand acpi_cpufreq mperf ext2 uinput sg arc4 i2c_i801
iTCO_wdt iTCO_vendor_support e1000e thinkpad_acpi hwmon ext4 mbcache
jbd2 sd_mod crc_t10dif sr_mod cdrom yenta_socket ahci libahci pata_acpi
ata_generic ata_piix i915 drm_kms_helper drm i2c_algo_bit video [last
unloaded: cfg80211]
Pid: 8251, comm: pm-hibernate Tainted: G W 3.0.0-wl+ #7
Call Trace:
[<c04510fd>] warn_slowpath_common+0x6d/0xa0
[<c05ef1b5>] ? debug_print_object+0x85/0xa0
[<c05ef1b5>] ? debug_print_object+0x85/0xa0
[<c04511ae>] warn_slowpath_fmt+0x2e/0x30
[<c05ef1b5>] debug_print_object+0x85/0xa0
[<f8d1dac0>] ? sta_info_alloc+0x230/0x230 [mac80211]
[<c05ef7b2>] debug_check_no_obj_freed+0xe2/0x180
[<c051a80d>] kfree+0x9d/0x180
[<f8cb368e>] cfg80211_dev_free+0x9e/0xb0 [cfg80211]
[<f8cb4cbd>] wiphy_dev_release+0xd/0x10 [cfg80211]
[<c06a3f09>] device_release+0x19/0x80
[<c048858c>] ? trace_hardirqs_on_caller+0x12c/0x170
[<c05e027a>] kobject_release+0x7a/0x1c0
[<c06ad77c>] ? dpm_resume+0xcc/0x190
[<c05e0200>] ? kobject_del+0x30/0x30
[<c05e167d>] kref_put+0x2d/0x60
[<c05e012d>] kobject_put+0x1d/0x50
[<c081dc52>] ? mutex_lock_nested+0x42/0x50
[<c06ad77c>] ? dpm_resume+0xcc/0x190
[<c06a3b9f>] put_device+0xf/0x20
[<c06ad7aa>] dpm_resume+0xfa/0x190
[<c04975fd>] hibernation_snapshot+0xcd/0x270
[<c049673f>] ? freeze_processes+0x3f/0x90
[<c049786b>] hibernate+0xcb/0x1e0
I have this warning with possible fallow up crash without physically
unplugging device, but usb core rebind rt73usb with message:
"rt73usb 1-2:1.0: no reset_resume for driver rt73usb?"
What probably also need to be fixed in rt2x00. But I think fix in
mac80211 is needed for possibility of physical remove. Not sure if this
is best possible fix, through. Maybe just preventing arming sta_cleanup
would be better, other things in ieee80211_reconfig() seems to work.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
net/mac80211/ieee80211_i.h | 6 ++++++
net/mac80211/main.c | 2 ++
net/mac80211/util.c | 3 +++
3 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 400c09b..ce8201f 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -804,6 +804,12 @@ struct ieee80211_local {
/* wowlan is enabled -- don't reconfig on resume */
bool wowlan;
+ /*
+ * true between ieee80211_register_hw() and ieee80211_unregister_hw()
+ * calls, protected by rtnl_lock(), used as hw gone check when resuming
+ */
+ bool registered;
+
int tx_headroom; /* required headroom for hardware/radiotap */
/* Tasklet and skb queue to process calls from IRQ mode. All frames
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 866f269..7ef2698 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -929,6 +929,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
"Failed to add default virtual iface\n");
}
+ local->registered = true;
rtnl_unlock();
ieee80211_led_init(local);
@@ -1000,6 +1001,7 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
*/
ieee80211_remove_interfaces(local);
+ local->registered = false;
rtnl_unlock();
/*
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index ddeb1b9..05da753 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1135,6 +1135,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
struct sta_info *sta;
int res, i;
+ if (!local->registered)
+ return -ENODEV;
+
#ifdef CONFIG_PM
if (local->suspended)
local->resuming = true;
--
1.7.1
next reply other threads:[~2011-08-08 14:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-08 14:19 Stanislaw Gruszka [this message]
2011-08-08 15:58 ` [RFC] mac80211: fix resuming when device is gone Johannes Berg
2011-08-09 9:23 ` Stanislaw Gruszka
2011-08-09 9:28 ` Johannes Berg
2011-08-09 9:29 ` Johannes Berg
2011-08-09 9:43 ` Stanislaw Gruszka
2011-08-09 9:39 ` Stanislaw Gruszka
2011-08-09 9:45 ` Johannes Berg
2011-08-09 11:36 ` Stanislaw Gruszka
2011-08-09 11:43 ` Johannes Berg
2011-08-09 11:45 ` Johannes Berg
2011-08-09 11:46 ` Johannes Berg
2011-08-09 11:47 ` Johannes Berg
2011-08-09 15:30 ` Stanislaw Gruszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110808141900.GA25857@redhat.com \
--to=sgruszka@redhat.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.