From: Johannes Berg <johannes@sipsolutions.net>
To: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Cc: "John W. Linville" <linville@tuxdriver.com>,
linux-wireless@vger.kernel.org, stable@vger.kernel.org,
Gary Morain <gmorain@google.com>, Paul Stewart <pstew@google.com>,
Abhijit Pradhan <abhijit@qca.qualcomm.com>,
Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>,
Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Subject: Re: [RFC] mac80211: Fix a rwlock bad magic bug
Date: Thu, 09 Feb 2012 14:36:16 +0100 [thread overview]
Message-ID: <4F33CBD0.3020400@sipsolutions.net> (raw)
In-Reply-To: <1328792643-6734-1-git-send-email-mohammed@qca.qualcomm.com>
On 2/9/2012 2:04 PM, Mohammed Shafi Shajakhan wrote:
> From: Mohammed Shafi Shajakhan<mohammed@qca.qualcomm.com>
>
> read_lock(&tpt_trig->trig.leddev_list_lock) is accessed via the path
> ieee80211_open (->) ieee80211_do_open (->) ieee80211_mod_tpt_led_trig
> (->) ieee80211_start_tpt_led_trig (->) tpt_trig_timer before initializing
> it.
> the intilization of this read/write lock happens via the path
> ieee80211_led_init (->) led_trigger_register, but we are doing
> 'ieee80211_led_init' after 'ieeee80211_if_add' where we
> register netdev_ops.
> so we access leddev_list_lock before initializing it and causes the
> following bug in chrome laptops with AR928X cards with the following
> script
>
> while true
> do
> sudo modprobe -v ath9k
> sleep 3
> sudo modprobe -r ath9k
> sleep 3
> done
>
> BUG: rwlock bad magic on CPU#1, wpa_supplicant/358, f5b9eccc
> Pid: 358, comm: wpa_supplicant Not tainted 3.0.13 #1
> Call Trace:
>
> [<8137b9df>] rwlock_bug+0x3d/0x47
> [<81179830>] do_raw_read_lock+0x19/0x29
> [<8137f063>] _raw_read_lock+0xd/0xf
> [<f9081957>] tpt_trig_timer+0xc3/0x145 [mac80211]
> [<f9081f3a>] ieee80211_mod_tpt_led_trig+0x152/0x174 [mac80211]
> [<f9076a3f>] ieee80211_do_open+0x11e/0x42e [mac80211]
> [<f9075390>] ? ieee80211_check_concurrent_iface+0x26/0x13c [mac80211]
> [<f9076d97>] ieee80211_open+0x48/0x4c [mac80211]
> [<812dbed8>] __dev_open+0x82/0xab
> [<812dc0c9>] __dev_change_flags+0x9c/0x113
> [<812dc1ae>] dev_change_flags+0x18/0x44
> [<8132144f>] devinet_ioctl+0x243/0x51a
> [<81321ba9>] inet_ioctl+0x93/0xac
> [<812cc951>] sock_ioctl+0x1c6/0x1ea
> [<812cc78b>] ? might_fault+0x20/0x20
> [<810b1ebb>] do_vfs_ioctl+0x46e/0x4a2
> [<810a6ebb>] ? fget_light+0x2f/0x70
> [<812ce549>] ? sys_recvmsg+0x3e/0x48
> [<810b1f35>] sys_ioctl+0x46/0x69
> [<8137fa77>] sysenter_do_call+0x12/0x2
>
> Cc:<stable@vger.kernel.org>
> Cc: Gary Morain<gmorain@google.com>
> Cc: Paul Stewart<pstew@google.com>
> Cc: Abhijit Pradhan<abhijit@qca.qualcomm.com>
> Cc: Vasanthakumar Thiagarajan<vthiagar@qca.qualcomm.com>
> Cc: Rajkumar Manoharan<rmanohar@qca.qualcomm.com>
> Tested-by: Mohammed Shafi Shajakhan<mohammed@qca.qualcomm.com>
> Signed-off-by: Mohammed Shafi Shajakhan<mohammed@qca.qualcomm.com>
Acked-by: Johannes Berg <johannes.berg@intel.com>
> ---
> net/mac80211/main.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/mac80211/main.c b/net/mac80211/main.c
> index 831a5bd..2306d75 100644
> --- a/net/mac80211/main.c
> +++ b/net/mac80211/main.c
> @@ -909,6 +909,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
> wiphy_debug(local->hw.wiphy, "Failed to initialize wep: %d\n",
> result);
>
> + ieee80211_led_init(local);
> +
> rtnl_lock();
>
> result = ieee80211_init_rate_ctrl_alg(local,
> @@ -930,8 +932,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
>
> rtnl_unlock();
>
> - ieee80211_led_init(local);
> -
> local->network_latency_notifier.notifier_call =
> ieee80211_max_network_latency;
> result = pm_qos_add_notifier(PM_QOS_NETWORK_LATENCY,
prev parent reply other threads:[~2012-02-09 13:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 13:04 [RFC] mac80211: Fix a rwlock bad magic bug Mohammed Shafi Shajakhan
2012-02-09 13:36 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F33CBD0.3020400@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=abhijit@qca.qualcomm.com \
--cc=gmorain@google.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=mohammed@qca.qualcomm.com \
--cc=pstew@google.com \
--cc=rmanohar@qca.qualcomm.com \
--cc=stable@vger.kernel.org \
--cc=vthiagar@qca.qualcomm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.