From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg KH <gregkh@linuxfoundation.org>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Eliad Peller <eliad@wizery.com>,
Johannes Berg <johannes.berg@intel.com>
Subject: [ 37/68] cfg80211: fix potential deadlock in regulatory
Date: Thu, 12 Jul 2012 16:02:11 -0700 [thread overview]
Message-ID: <20120712175038.738238212@linuxfoundation.org> (raw)
In-Reply-To: <20120712175035.530652872@linuxfoundation.org>
From: Greg KH <gregkh@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eliad Peller <eliad@wizery.com>
commit fe20b39ec32e975f1054c0b7866c873a954adf05 upstream.
reg_timeout_work() calls restore_regulatory_settings() which
takes cfg80211_mutex.
reg_set_request_processed() already holds cfg80211_mutex
before calling cancel_delayed_work_sync(reg_timeout),
so it might deadlock.
Call the async cancel_delayed_work instead, in order
to avoid the potential deadlock.
This is the relevant lockdep warning:
cfg80211: Calling CRDA for country: XX
======================================================
[ INFO: possible circular locking dependency detected ]
3.4.0-rc5-wl+ #26 Not tainted
-------------------------------------------------------
kworker/0:2/1391 is trying to acquire lock:
(cfg80211_mutex){+.+.+.}, at: [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
but task is already holding lock:
((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 ((reg_timeout).work){+.+...}:
[<c008fd44>] validate_chain+0xb94/0x10f0
[<c0090b68>] __lock_acquire+0x8c8/0x9b0
[<c0090d40>] lock_acquire+0xf0/0x114
[<c005b600>] wait_on_work+0x4c/0x154
[<c005c000>] __cancel_work_timer+0xd4/0x11c
[<c005c064>] cancel_delayed_work_sync+0x1c/0x20
[<bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
[<bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
[<bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
[<c03c7738>] genl_rcv_msg+0x1a8/0x1e8
[<c03c6a00>] netlink_rcv_skb+0x5c/0xc0
[<c03c7584>] genl_rcv+0x28/0x34
[<c03c6720>] netlink_unicast+0x15c/0x228
[<c03c6c7c>] netlink_sendmsg+0x218/0x298
[<c03933c8>] sock_sendmsg+0xa4/0xc0
[<c039406c>] __sys_sendmsg+0x1e4/0x268
[<c0394228>] sys_sendmsg+0x4c/0x70
[<c0013840>] ret_fast_syscall+0x0/0x3c
-> #1 (reg_mutex){+.+.+.}:
[<c008fd44>] validate_chain+0xb94/0x10f0
[<c0090b68>] __lock_acquire+0x8c8/0x9b0
[<c0090d40>] lock_acquire+0xf0/0x114
[<c04734dc>] mutex_lock_nested+0x48/0x320
[<bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
[<c0059f44>] process_one_work+0x2a0/0x480
[<c005a4b4>] worker_thread+0x1bc/0x2bc
[<c0061148>] kthread+0x98/0xa4
[<c0014af4>] kernel_thread_exit+0x0/0x8
-> #0 (cfg80211_mutex){+.+.+.}:
[<c008ed58>] print_circular_bug+0x68/0x2cc
[<c008fb28>] validate_chain+0x978/0x10f0
[<c0090b68>] __lock_acquire+0x8c8/0x9b0
[<c0090d40>] lock_acquire+0xf0/0x114
[<c04734dc>] mutex_lock_nested+0x48/0x320
[<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
[<bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
[<c0059f44>] process_one_work+0x2a0/0x480
[<c005a4b4>] worker_thread+0x1bc/0x2bc
[<c0061148>] kthread+0x98/0xa4
[<c0014af4>] kernel_thread_exit+0x0/0x8
other info that might help us debug this:
Chain exists of:
cfg80211_mutex --> reg_mutex --> (reg_timeout).work
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((reg_timeout).work);
lock(reg_mutex);
lock((reg_timeout).work);
lock(cfg80211_mutex);
*** DEADLOCK ***
2 locks held by kworker/0:2/1391:
#0: (events){.+.+.+}, at: [<c0059e94>] process_one_work+0x1f0/0x480
#1: ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
stack backtrace:
[<c001b928>] (unwind_backtrace+0x0/0x12c) from [<c0471d3c>] (dump_stack+0x20/0x24)
[<c0471d3c>] (dump_stack+0x20/0x24) from [<c008ef70>] (print_circular_bug+0x280/0x2cc)
[<c008ef70>] (print_circular_bug+0x280/0x2cc) from [<c008fb28>] (validate_chain+0x978/0x10f0)
[<c008fb28>] (validate_chain+0x978/0x10f0) from [<c0090b68>] (__lock_acquire+0x8c8/0x9b0)
[<c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<c0090d40>] (lock_acquire+0xf0/0x114)
[<c0090d40>] (lock_acquire+0xf0/0x114) from [<c04734dc>] (mutex_lock_nested+0x48/0x320)
[<c04734dc>] (mutex_lock_nested+0x48/0x320) from [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
[<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
[<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<c0059f44>] (process_one_work+0x2a0/0x480)
[<c0059f44>] (process_one_work+0x2a0/0x480) from [<c005a4b4>] (worker_thread+0x1bc/0x2bc)
[<c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<c0061148>] (kthread+0x98/0xa4)
[<c0061148>] (kthread+0x98/0xa4) from [<c0014af4>] (kernel_thread_exit+0x0/0x8)
cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/reg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1358,7 +1358,7 @@ static void reg_set_request_processed(vo
spin_unlock(®_requests_lock);
if (last_request->initiator == NL80211_REGDOM_SET_BY_USER)
- cancel_delayed_work_sync(®_timeout);
+ cancel_delayed_work(®_timeout);
if (need_more_processing)
schedule_work(®_work);
next prev parent reply other threads:[~2012-07-12 23:04 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-12 17:50 [ 00/68] 3.0.37-stable review Greg KH
2012-07-12 23:01 ` [ 01/68] ALSA: hda - Add Realtek ALC280 codec support Greg Kroah-Hartman
2012-07-12 23:01 ` [ 02/68] powerpc/xmon: Use cpumask iterator to avoid warning Greg Kroah-Hartman
2012-07-12 23:01 ` [ 03/68] media: smsusb: add autodetection support for USB ID 2040:f5a0 Greg Kroah-Hartman
2012-07-12 23:01 ` [ 04/68] ARM: fix rcu stalls on SMP platforms Greg Kroah-Hartman
2012-07-12 23:01 ` [ 05/68] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() Greg Kroah-Hartman
2012-07-12 23:01 ` [ 06/68] cipso: handle CIPSO options correctly when NetLabel is disabled Greg Kroah-Hartman
2012-07-12 23:01 ` [ 07/68] net: l2tp_eth: fix kernel panic on rmmod l2tp_eth Greg Kroah-Hartman
2012-07-12 23:01 ` [ 08/68] dummy: fix rcu_sched self-detected stalls Greg Kroah-Hartman
2012-07-13 14:09 ` Herton Ronaldo Krzesinski
2012-07-16 15:46 ` Greg Kroah-Hartman
2012-07-12 23:01 ` [ 09/68] ethtool: allow ETHTOOL_GSSET_INFO for users Greg Kroah-Hartman
2012-07-12 23:01 ` [ 10/68] bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2) Greg Kroah-Hartman
2012-07-12 23:01 ` [ 11/68] bonding: Fix corrupted queue_mapping Greg Kroah-Hartman
2012-07-12 23:01 ` [ 12/68] ipv6: Move ipv6 proc file registration to end of init order Greg Kroah-Hartman
2012-07-12 23:01 ` [ 13/68] sky2: fix checksum bit management on some chips Greg Kroah-Hartman
2012-07-12 23:01 ` [ 14/68] be2net: fix a race in be_xmit() Greg Kroah-Hartman
2012-07-12 23:01 ` [ 15/68] netpoll: fix netpoll_send_udp() bugs Greg Kroah-Hartman
2012-07-12 23:01 ` [ 16/68] hwmon: (applesmc) Limit key length in warning messages Greg Kroah-Hartman
2012-07-12 23:01 ` [ 17/68] nilfs2: ensure proper cache clearing for gc-inodes Greg Kroah-Hartman
2012-07-12 23:01 ` [ 18/68] udf: Use ret instead of abusing i in udf_load_logicalvol() Greg Kroah-Hartman
2012-07-12 23:01 ` [ 19/68] udf: Avoid run away loop when partition table length is corrupted Greg Kroah-Hartman
2012-07-12 23:01 ` [ 20/68] udf: Fortify loading of sparing table Greg Kroah-Hartman
2012-07-12 23:01 ` [ 21/68] ath9k: Fix softlockup in AR9485 Greg Kroah-Hartman
2012-07-12 23:01 ` [ 22/68] ath9k_hw: avoid possible infinite loop in ar9003_get_pll_sqsum_dvc Greg Kroah-Hartman
2012-07-13 1:38 ` Herton Ronaldo Krzesinski
2012-07-13 1:49 ` Greg Kroah-Hartman
2012-07-12 23:01 ` [ 23/68] ath9k: enable serialize_regmode for non-PCIE AR9287 Greg Kroah-Hartman
2012-07-12 23:01 ` [ 24/68] ASoC: tlv320aic3x: Fix codec pll configure bug Greg Kroah-Hartman
2012-07-12 23:01 ` [ 25/68] Btrfs: run delayed directory updates during log replay Greg Kroah-Hartman
2012-07-12 23:02 ` [ 26/68] drm/edid: dont return stack garbage from supports_rb Greg Kroah-Hartman
2012-07-12 23:02 ` [ 27/68] drm/nouveau/fbcon: using nv_two_heads is not a good idea Greg Kroah-Hartman
2012-07-12 23:02 ` [ 28/68] drm/i915: Fix eDP blank screen after S3 resume on HP desktops Greg Kroah-Hartman
2012-07-12 23:02 ` [ 29/68] acpi_pad: fix power_saving thread deadlock Greg Kroah-Hartman
2012-07-12 23:02 ` [ 30/68] ACPI: Add a quirk for "AMILO PRO V2030" to ignore the timer overriding Greg Kroah-Hartman
2012-07-12 23:02 ` [ 31/68] ACPI, x86: fix Dell M6600 ACPI reboot regression via DMI Greg Kroah-Hartman
2012-07-12 23:02 ` [ 32/68] ACPI sysfs.c strlen fix Greg Kroah-Hartman
2012-07-12 23:02 ` [ 33/68] stable: Allow merging of backports for serious user-visible performance issues Greg Kroah-Hartman
2012-07-12 23:02 ` [ 34/68] USB: option: add id for Cellient MEN-200 Greg Kroah-Hartman
2012-07-12 23:02 ` [ 35/68] USB: option: Add USB ID for Novatel Ovation MC551 Greg Kroah-Hartman
2012-07-12 23:02 ` [ 36/68] USB: CP210x Add 10 Device IDs Greg Kroah-Hartman
2012-07-12 23:02 ` Greg Kroah-Hartman [this message]
2012-07-12 23:02 ` [ 38/68] can: c_can: precedence error in c_can_chip_config() Greg Kroah-Hartman
2012-07-12 23:02 ` [ 39/68] oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array Greg Kroah-Hartman
2012-07-12 23:02 ` [ 40/68] mac80211: correct behaviour on unrecognised action frames Greg Kroah-Hartman
2012-07-12 23:02 ` [ 41/68] mwifiex: fix 11n rx packet drop issue Greg Kroah-Hartman
2012-07-12 23:02 ` [ 42/68] vfs: make O_PATH file descriptors usable for fchdir() Greg Kroah-Hartman
2012-07-12 22:40 ` ольга крыжановская
2012-07-12 23:02 ` [ 43/68] mtd: cafe_nand: fix an & vs | mistake Greg Kroah-Hartman
2012-07-12 23:02 ` [ 44/68] tcm_fc: Resolve suspicious RCU usage warnings Greg Kroah-Hartman
2012-07-12 23:02 ` [ 45/68] eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files Greg Kroah-Hartman
2012-07-12 23:02 ` [ 46/68] eCryptfs: Fix lockdep warning in miscdev operations Greg Kroah-Hartman
2012-07-12 23:02 ` [ 47/68] eCryptfs: Properly check for O_RDONLY flag before doing privileged open Greg Kroah-Hartman
2012-07-12 23:02 ` [ 48/68] USB: cdc-wdm: fix lockup on error in wdm_read Greg Kroah-Hartman
2012-07-12 23:02 ` [ 49/68] USB: option: add ZTE MF60 Greg Kroah-Hartman
2012-07-12 23:02 ` [ 50/68] USB: option: Add MEDIATEK product ids Greg Kroah-Hartman
2012-07-12 23:02 ` [ 51/68] PCI: EHCI: fix crash during suspend on ASUS computers Greg Kroah-Hartman
2012-07-13 1:42 ` Herton Ronaldo Krzesinski
2012-07-12 23:02 ` [ 52/68] xhci: Avoid dead ports when CONFIG_USB_XHCI_HCD=n Greg Kroah-Hartman
2012-07-12 23:02 ` [ 53/68] ipheth: add support for iPad Greg Kroah-Hartman
2012-07-12 23:02 ` [ 54/68] tracing: change CPU ring buffer state from tracing_cpumask Greg Kroah-Hartman
2012-07-13 1:47 ` Herton Ronaldo Krzesinski
2012-07-12 23:02 ` [ 55/68] vhost: dont forget to schedule() Greg Kroah-Hartman
2012-07-12 23:02 ` [ 56/68] raid5: delayed stripe fix Greg Kroah-Hartman
2012-07-12 23:02 ` [ 57/68] rtl8187: ->brightness_set can not sleep Greg Kroah-Hartman
2012-07-12 23:02 ` [ 58/68] umem: fix up unplugging Greg Kroah-Hartman
2012-07-12 23:02 ` [ 59/68] x86, cpufeature: Rename X86_FEATURE_DTS to X86_FEATURE_DTHERM Greg Kroah-Hartman
2012-07-12 23:02 ` [ 60/68] md/raid5: Do not add data_offset before call to is_badblock Greg Kroah-Hartman
2012-07-12 23:02 ` [ 61/68] md/raid10: Dont try to recovery unmatched (and unused) chunks Greg Kroah-Hartman
2012-07-12 23:02 ` [ 62/68] memory hotplug: fix invalid memory access caused by stale kswapd pointer Greg Kroah-Hartman
2012-07-12 23:02 ` [ 63/68] drivers/rtc/rtc-mxc.c: fix irq enabled interrupts warning Greg Kroah-Hartman
2012-07-12 23:02 ` [ 64/68] mm, thp: abort compaction if migration page cannot be charged to memcg Greg Kroah-Hartman
2012-07-12 23:02 ` [ 65/68] fs: ramfs: file-nommu: add SetPageUptodate() Greg Kroah-Hartman
2012-07-12 23:02 ` [ 66/68] mm: Hold a file reference in madvise_remove Greg Kroah-Hartman
2012-07-13 1:49 ` Herton Ronaldo Krzesinski
2012-07-12 23:02 ` [ 67/68] ACPI: Make acpi_skip_timer_override cover all source_irq==0 cases Greg Kroah-Hartman
2012-07-12 23:02 ` [ 68/68] ACPI: Remove one board specific WARN when ignoring timer overriding Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120712175038.738238212@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=eliad@wizery.com \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox