From: Stanislaw Gruszka <sgruszka@redhat.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [RFC] mac80211: fix resuming when device is gone
Date: Tue, 9 Aug 2011 11:23:15 +0200 [thread overview]
Message-ID: <20110809092314.GA2152@redhat.com> (raw)
In-Reply-To: <1312819106.4372.37.camel@jlt3.sipsolutions.net>
On Mon, Aug 08, 2011 at 05:58:26PM +0200, Johannes Berg wrote:
> On Mon, 2011-08-08 at 16:19 +0200, Stanislaw Gruszka wrote:
> > Is possible that usb hardware can be unplugged during or before resume.
> > If so do not call ieee80211_reconfig(), which among other things arm
> > sta_cleanup timer. Timer callback then operate on freed memory.
>
> > I have this warning with possible fallow up crash without physically
> > unplugging device, but usb core rebind rt73usb with message:
> >
> > "rt73usb 1-2:1.0: no reset_resume for driver rt73usb?"
> >
> > What probably also need to be fixed in rt2x00. But I think fix in
> > mac80211 is needed for possibility of physical remove. Not sure if this
> > is best possible fix, through. Maybe just preventing arming sta_cleanup
> > would be better, other things in ieee80211_reconfig() seems to work.
>
> But ... if sta_cleanup timer operates on freed memory, why doesn't
> "local->registered"?
I think I was unclear. The sta_cleanup timer callback, namely
sta_info_cleanup(), can operate on freed memory. On
ieee80211_unregister_hw() -> sta_info_stop() we delete this timer, but
rdev/wiphy/local/hw structure is not freed. It's keep by reference
counter. Then if ieee80211_reconfig() is called, we schedule
sta_cleanup timer. After that, when sysfs drop reference counter we
free rdev. Then sta_info_cleanup() crash kernel.
Stanislaw
next prev parent reply other threads:[~2011-08-09 9:23 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-08 14:19 [RFC] mac80211: fix resuming when device is gone Stanislaw Gruszka
2011-08-08 15:58 ` Johannes Berg
2011-08-09 9:23 ` Stanislaw Gruszka [this message]
2011-08-09 9:28 ` Johannes Berg
2011-08-09 9:29 ` Johannes Berg
2011-08-09 9:43 ` Stanislaw Gruszka
2011-08-09 9:39 ` Stanislaw Gruszka
2011-08-09 9:45 ` Johannes Berg
2011-08-09 11:36 ` Stanislaw Gruszka
2011-08-09 11:43 ` Johannes Berg
2011-08-09 11:45 ` Johannes Berg
2011-08-09 11:46 ` Johannes Berg
2011-08-09 11:47 ` Johannes Berg
2011-08-09 15:30 ` Stanislaw Gruszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110809092314.GA2152@redhat.com \
--to=sgruszka@redhat.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.