leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
linux/drivers/net/wireless
History
Wen Gong f45cb6b29c wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() 
(cherry picked from commit d99884ad9e3673a12879bc2830f6e5a66cccbd78 in ath-next
as users are seeing this bug more now, also cc stable)

Running this test in a loop it is easy to reproduce an rtnl deadlock:

iw reg set FI
ifconfig wlan0 down

What happens is that thread A (workqueue) tries to update the regulatory:

    try to acquire the rtnl_lock of ar->regd_update_work

    rtnl_lock+0x17/0x20
    ath11k_regd_update+0x15a/0x260 [ath11k]
    ath11k_regd_update_work+0x15/0x20 [ath11k]
    process_one_work+0x228/0x670
    worker_thread+0x4d/0x440
    kthread+0x16d/0x1b0
    ret_from_fork+0x22/0x30

And thread B (ifconfig) tries to stop the interface:

    try to cancel_work_sync(&ar->regd_update_work) in ath11k_mac_op_stop().
    ifconfig  3109 [003]  2414.232506: probe:

    ath11k_mac_op_stop: (ffffffffc14187a0)
    drv_stop+0x30 ([mac80211])
    ieee80211_do_stop+0x5d2 ([mac80211])
    ieee80211_stop+0x3e ([mac80211])
    __dev_close_many+0x9e ([kernel.kallsyms])
    __dev_change_flags+0xbe ([kernel.kallsyms])
    dev_change_flags+0x23 ([kernel.kallsyms])
    devinet_ioctl+0x5e3 ([kernel.kallsyms])
    inet_ioctl+0x197 ([kernel.kallsyms])
    sock_do_ioctl+0x4d ([kernel.kallsyms])
    sock_ioctl+0x264 ([kernel.kallsyms])
    __x64_sys_ioctl+0x92 ([kernel.kallsyms])
    do_syscall_64+0x3a ([kernel.kallsyms])
    entry_SYSCALL_64_after_hwframe+0x63 ([kernel.kallsyms])
    __GI___ioctl+0x7 (/lib/x86_64-linux-gnu/libc-2.23.so)

The sequence of deadlock is:

1. Thread B calls rtnl_lock().

2. Thread A starts to run and calls rtnl_lock() from within
   ath11k_regd_update_work(), then enters wait state because the lock is owned by
   thread B.

3. Thread B continues to run and tries to call
   cancel_work_sync(&ar->regd_update_work), but thread A is in
   ath11k_regd_update_work() waiting for rtnl_lock(). So cancel_work_sync()
   forever waits for ath11k_regd_update_work() to finish and we have a deadlock.

Fix this by switching from using regulatory_set_wiphy_regd_sync() to
regulatory_set_wiphy_regd(). Now cfg80211 will schedule another workqueue which
handles the locking on it's own. So the ath11k workqueue can simply exit without
taking any locks, avoiding the deadlock.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3

Cc: <stable@vger.kernel.org>
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
[kvalo: improve commit log]
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
2022-11-02 19:16:45 +02:00
..
admtek wifi: mac80211: split bss_info_changed method 2022-06-20 12:55:09 +02:00
ath wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() 2022-11-02 19:16:45 +02:00
atmel wifi: move from strlcpy with unused retval to strscpy 2022-09-02 11:47:22 +03:00
broadcom wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() 2022-11-01 13:14:20 +02:00
cisco wifi: airo: do not assign -1 to unsigned char 2022-11-01 11:15:15 +02:00
intel Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
intersil wifi: p54: Fix comment typo 2022-09-07 10:59:37 +03:00
marvell treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
mediatek wifi: mt76: fix rx checksum offload on mt7615/mt7915/mt7921 2022-10-11 11:41:20 +03:00
microchip treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
purelifi wifi: plfxlc: Use eth_zero_addr() to assign zero address 2022-07-27 16:01:16 +03:00
quantenna treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
ralink wifi: rt2x00: use explicitly signed or unsigned types 2022-10-21 09:59:39 +03:00
realtek wireless-next patches for v6.1 2022-09-30 10:07:31 -07:00
rsi wifi: rsi: fix kernel-doc warning 2022-09-06 10:34:40 +02:00
silabs wifi: wfx: prevent underflow in wfx_send_pds() 2022-09-02 11:44:35 +03:00
st treewide: use get_random_{u8,u16}() when possible, part 1 2022-10-11 17:42:58 -06:00
ti treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
zydas wifi: mac80211: return a beacon for a specific link 2022-06-20 12:57:08 +02:00
Kconfig wireless: add plfxlc driver for pureLiFi X, XL, XC devices 2022-04-25 15:30:42 +03:00
mac80211_hwsim.c wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support 2022-10-21 12:37:28 +02:00
mac80211_hwsim.h wifi: mac80211_hwsim: support creating MLO-capable radios 2022-06-20 12:57:09 +02:00
Makefile wireless: Fix Makefile to be in alphabetical order 2022-05-17 18:29:49 +03:00
ray_cs.c wifi: ray_cs: Drop useless status variable in parse_addr() 2022-06-08 11:08:34 +03:00
ray_cs.h
rayctl.h
rndis_wlan.c wifi: rndis_wlan: fix array of flexible structures warning 2022-09-22 09:08:53 +03:00
virt_wifi.c wifi: virt_wifi: fix typo in comment 2022-06-10 15:35:49 +02:00
wl3501_cs.c wifi: move from strlcpy with unused retval to strscpy 2022-09-02 11:47:22 +03:00
wl3501.h