Latest wireless-testing has broken scan locking.

Latest wireless-testing has broken scan locking.

[Ben Greear]

Unless I really screwed up a merge in a strange way, the
ieee80211_scan_work is broken.

It calls mutex_unlock(&local->mtx) too many times when it hits
this code:

		case SCAN_DECISION:
			/* if no more bands/channels left, complete scan */
			if (local->scan_channel_idx >= local->scan_req->n_channels) {
				aborted = false;
				goto out_complete;
			}


-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

Re: Latest wireless-testing has broken scan locking.

[Johannes Berg]

On Wed, 2010-10-06 at 21:13 -0700, Ben Greear wrote:
> Unless I really screwed up a merge in a strange way, the
> ieee80211_scan_work is broken.
> 
> It calls mutex_unlock(&local->mtx) too many times when it hits
> this code:
> 
> 		case SCAN_DECISION:
> 			/* if no more bands/channels left, complete scan */
> 			if (local->scan_channel_idx >= local->scan_req->n_channels) {
> 				aborted = false;
> 				goto out_complete;
> 			}

So much for trusting Stanislaw :-( I can reproduce this in hwsim.
Stanislaw, did you ever test software scan at all?

Below patch fixes this.

johannes

---
 net/mac80211/scan.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- wireless-testing.orig/net/mac80211/scan.c	2010-10-07 10:27:37.000000000 +0200
+++ wireless-testing/net/mac80211/scan.c	2010-10-07 10:31:19.000000000 +0200
@@ -693,8 +693,6 @@ void ieee80211_scan_work(struct work_str
 		goto out_complete;
 	}
 
-	mutex_unlock(&local->mtx);
-
 	/*
 	 * as long as no delay is required advance immediately
 	 * without scheduling a new work
@@ -725,6 +723,7 @@ void ieee80211_scan_work(struct work_str
 	} while (next_delay == 0);
 
 	ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
+	mutex_unlock(&local->mtx);
 	return;
 
 out_complete:

Re: Latest wireless-testing has broken scan locking.

[Stanislaw Gruszka]

On Thu, Oct 07, 2010 at 10:34:48AM +0200, Johannes Berg wrote:
> On Wed, 2010-10-06 at 21:13 -0700, Ben Greear wrote:
> > Unless I really screwed up a merge in a strange way, the
> > ieee80211_scan_work is broken.
> > 
> > It calls mutex_unlock(&local->mtx) too many times when it hits
> > this code:
> > 
> > 		case SCAN_DECISION:
> > 			/* if no more bands/channels left, complete scan */
> > 			if (local->scan_channel_idx >= local->scan_req->n_channels) {
> > 				aborted = false;
> > 				goto out_complete;
> > 			}
> 
> So much for trusting Stanislaw :-( I can reproduce this in hwsim.
> Stanislaw, did you ever test software scan at all?

No, sorry.

> Below patch fixes this.
> 
> johannes
> 
> ---
>  net/mac80211/scan.c |    3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> --- wireless-testing.orig/net/mac80211/scan.c	2010-10-07 10:27:37.000000000 +0200
> +++ wireless-testing/net/mac80211/scan.c	2010-10-07 10:31:19.000000000 +0200
> @@ -693,8 +693,6 @@ void ieee80211_scan_work(struct work_str
>  		goto out_complete;
>  	}
>  
> -	mutex_unlock(&local->mtx);
> -
>  	/*
>  	 * as long as no delay is required advance immediately
>  	 * without scheduling a new work
> @@ -725,6 +723,7 @@ void ieee80211_scan_work(struct work_str
>  	} while (next_delay == 0);
>  
>  	ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
> +	mutex_unlock(&local->mtx);
>  	return;
>  
>  out_complete:

We never keep locking inside do { } while (next_delay == 0) loop,
perhaps below patch is something better:

diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 2c79b83..615a831 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -693,6 +693,7 @@ void ieee80211_scan_work(struct work_struct *work)
 		case SCAN_DECISION:
 			/* if no more bands/channels left, complete scan */
 			if (local->scan_channel_idx >= local->scan_req->n_channels) {
+				mutex_lock(&local->mtx);
 				aborted = false;
 				goto out_complete;
 			}

If so, I will post it officially shortly, if not please proceed
with your patch.

Sorry again
Stanislaw

Re: Latest wireless-testing has broken scan locking.

[Johannes Berg]

On Thu, 2010-10-07 at 11:18 +0200, Stanislaw Gruszka wrote:

> > --- wireless-testing.orig/net/mac80211/scan.c	2010-10-07 10:27:37.000000000 +0200
> > +++ wireless-testing/net/mac80211/scan.c	2010-10-07 10:31:19.000000000 +0200
> > @@ -693,8 +693,6 @@ void ieee80211_scan_work(struct work_str
> >  		goto out_complete;
> >  	}
> >  
> > -	mutex_unlock(&local->mtx);
> > -
> >  	/*
> >  	 * as long as no delay is required advance immediately
> >  	 * without scheduling a new work
> > @@ -725,6 +723,7 @@ void ieee80211_scan_work(struct work_str
> >  	} while (next_delay == 0);
> >  
> >  	ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
> > +	mutex_unlock(&local->mtx);
> >  	return;
> >  
> >  out_complete:
> 
> We never keep locking inside do { } while (next_delay == 0) loop,
> perhaps below patch is something better:

Yeah, we didn't have that before, but weren't you yourself arguing that
dropping and re-acquiring could lead to issues? :)

FWIW, I've looked at the code and all we do is possibly acquire the
iflist_mtx (which is fine under local->mtx) and do some driver calls,
which should also be fine.

So what do you think?

johannes

Re: Latest wireless-testing has broken scan locking.

[Stanislaw Gruszka]

On Thu, Oct 07, 2010 at 11:24:46AM +0200, Johannes Berg wrote:
> On Thu, 2010-10-07 at 11:18 +0200, Stanislaw Gruszka wrote:
> 
> > > --- wireless-testing.orig/net/mac80211/scan.c	2010-10-07 10:27:37.000000000 +0200
> > > +++ wireless-testing/net/mac80211/scan.c	2010-10-07 10:31:19.000000000 +0200
> > > @@ -693,8 +693,6 @@ void ieee80211_scan_work(struct work_str
> > >  		goto out_complete;
> > >  	}
> > >  
> > > -	mutex_unlock(&local->mtx);
> > > -
> > >  	/*
> > >  	 * as long as no delay is required advance immediately
> > >  	 * without scheduling a new work
> > > @@ -725,6 +723,7 @@ void ieee80211_scan_work(struct work_str
> > >  	} while (next_delay == 0);
> > >  
> > >  	ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
> > > +	mutex_unlock(&local->mtx);
> > >  	return;
> > >  
> > >  out_complete:
> > 
> > We never keep locking inside do { } while (next_delay == 0) loop,
> > perhaps below patch is something better:
> 
> Yeah, we didn't have that before, but weren't you yourself arguing that
> dropping and re-acquiring could lead to issues? :)

Yep.

> FWIW, I've looked at the code and all we do is possibly acquire the
> iflist_mtx (which is fine under local->mtx) and do some driver calls,
> which should also be fine.
> 
> So what do you think?

Let's fix with your patch. I'm going to test it (on hw scan :/ at least).

Stanislaw

Re: Latest wireless-testing has broken scan locking.

[Johannes Berg]

On Thu, 2010-10-07 at 11:38 +0200, Stanislaw Gruszka wrote:

> > FWIW, I've looked at the code and all we do is possibly acquire the
> > iflist_mtx (which is fine under local->mtx) and do some driver calls,
> > which should also be fine.
> > 
> > So what do you think?
> 
> Let's fix with your patch. I'm going to test it (on hw scan :/ at least).

I've tested it on hwsim already, but you won't run into this code path
at all with hw scan.

johannes