Commit Graph

311151 Commits

Author SHA1 Message Date
Emmanuel Grumbach
24172f39b0 iwlwifi: disable BH before the call to iwl_op_mode_nic_error
This is required by the op_mode API.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-18 10:46:26 +02:00
Emmanuel Grumbach
901787c167 iwlwifi: comment context requirements of the op_mode
A few op_mode of the op_mode API functions have requirements
on the running context of the caller. Document that.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-18 10:46:17 +02:00
Emmanuel Grumbach
e9d364de1a iwlwifi: print the scratch of all the buffers stuck in a queue
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-18 10:46:03 +02:00
Emmanuel Grumbach
303e56f2d2 iwlwifi: check that we have enough bits to track the TX queues
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-18 10:45:49 +02:00
Dan Carpenter
daf67ce8cf iwlwifi: unlock on error path
We introduced a lock here in ff1ffb850b ("iwlwifi: fix dynamic
loading").  But we missed an error path which needs an unlock.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-14 14:55:14 -04:00
Kalle Valo
d987dd137b Merge remote branch 'wireless-next/master' into ath6kl-next
Conflicts:
	drivers/net/wireless/ath/ath6kl/cfg80211.c
2012-06-14 14:44:49 +03:00
Thomas Pedersen
c85251f856 ath6kl: fix fw capability parsing
This patch fixes a bug where no capabilites are parsed when the number
of firmware capability bits translate into fewer bytes than the host has
knowledge of. Instead just process number of capability bytes as
reported by the firmware.

Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-06-14 13:54:42 +03:00
Chun-Yeow Yeoh
a69cc44fe9 mac80211: implement the proactive PREQ generation
Generate the proactive PREQ element as defined in
Sec. 13.10.9.3 (Case C) of IEEE Std. 802.11-2012
based on the selection of dot11MeshHWMPRootMode as follow:
dot11MeshHWMPRootMode (2) is proactivePREQnoPREP
dot11MeshHWMPRootMode (3) is proactivePREQwithPREP

The proactive PREQ is generated based on the interval
defined by dot11MeshHWMProotInterval.

With this change, proactive RANN element is now generated
if the dot11MeshHWMPRootMode is set to (4) instead of (1).

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
[line-break commit log]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-14 09:08:56 +02:00
Chun-Yeow Yeoh
ac1073a61d {nl,cfg,mac}80211: implement dot11MeshHWMProotInterval and dot11MeshHWMPactivePathToRootTimeout
Add the mesh configuration parameters dot11MeshHWMProotInterval
and dot11MeshHWMPactivePathToRootTimeout to be used by
proactive PREQ mechanism.

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
[line-break commit log]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-14 09:08:22 +02:00
John W. Linville
211c17aaee Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
Conflicts:
	drivers/net/wireless/ath/ath9k/main.c
	net/bluetooth/hci_event.c
2012-06-13 15:35:35 -04:00
John W. Linville
ec8eb9ae58 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-06-13 15:12:07 -04:00
Eliad Peller
bcab320ba2 wlcore: declare interface combinations
Advertise to the stack that the wlcore driver
supports multiple interfaces for a single device.
This is required in order to be able to run
multirole with mac80211.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-06-13 21:57:10 +03:00
Yair Shapira
b0b09e312a wlcore: add print logs of radio_status in case of BIP calibration
FEM BIP calibration may fail with fw/phy radio status. In order to
recognize these failures a log is added to the calibration answer
(TEST_CMD_P2G_CAL)

Signed-off-by: Yair Shapira <yair.shapira@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-06-13 21:56:37 +03:00
Yair Shapira
05f48d4574 wlcore/wl12xx: add support for HP and SKW FEM radio manufacturers
Add support for HP (High Performance TQS fem type 3) and SKW
(fem type 2). This is done by increasing the number of FEM
manufacturers to 4.

Usually FEM parameters from ini file are read from nvs file and
passed to firmware using TEST_CMD_INI_FILE_RADIO_PARAM. Still,
because the nvs file has only place for 2 FEMs, we need to pass the
new FEM types information in one of the available entries.

This is done by mapping new fem types 2,3 to entry 0. This solution
works for manual FEM selection. AutoDetect-FEM still support only
fem types 0 and 1.

Signed-off-by: Yair Shapira <yair.shapira@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-06-13 21:52:56 +03:00
Eliad Peller
2812eef151 wlcore: update basic rates on channel switch
On channel switch we have to update the basic rates, in
order to reflect possible band changes (otherwise, we
might start beaconing on 11a with the default rates
of 11g).

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-06-13 21:44:30 +03:00
Eyal Shapira
8f1a8684a5 wlcore: send EAPOLs with basic rate policy
EAPOLs are sent at high rates as they are considered
data packets. Some APs like Motorola Symbol AP7131 and AP650
don't respond well to these rates and don't respond with
EAPOL 3/4 consistently. When sending EAPOL 2/4 at 54Mbps
we've seen approx 30% success rate in getting EAPOL 3/4 response
while using 11Mbps we got 100% success.
To increase the chances of successful 4-Way handshake with
such APs, send EAPOLs with basic rate policy in order to avoid
high rates.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-06-13 21:44:18 +03:00
Eyal Shapira
04414e2aa5 wlcore: avoid using NET_IP_ALIGN for RX alignment
NET_IP_ALIGN can be overriden on different architectures
and therefore cannot be used in the RX path to account
for the 2 bytes added for alignment (either by the FW
in the case of 18xx or by the host for 12xx).
Instead use an internal define.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
2012-06-13 21:44:10 +03:00
Rajkumar Manoharan
9330969b8f ath9k_hw: remove MCI_STATE_SET_BT_SLEEP
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:36:02 -04:00
Rajkumar Manoharan
26e942b790 ath9k_hw: remove MCI_STATE_CONT_* state
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:36:02 -04:00
Rajkumar Manoharan
6d97be48e2 ath9k_hw: remove MCI_STATE_BT
remove MCI_STATE_BT and use bt_state instead.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:36:01 -04:00
Rajkumar Manoharan
b98ccec0a4 ath9k_hw: remove p_data argument from ar9003_mci_state
As p_data is unuse, lets remove it from ar9003_mci_state.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:36:00 -04:00
Rajkumar Manoharan
d02ca07e6f ath9k_hw: remove MCI_STATE_NEED_FLUSH_BT_INFO
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:36:00 -04:00
Rajkumar Manoharan
2d340ac81e ath9k_hw: remove MCI_STATE_SEND_WLAN_CHANNELS
Add a MCI util function to send wlan channel info to BT.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:59 -04:00
Rajkumar Manoharan
e1763d3f33 ath9k_hw: add utility function to set BT version
Add a utility function to set bluetooth version and remove
MCI_STATE_SET_BT_COEX_VERSION.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:58 -04:00
Rajkumar Manoharan
506847ad34 ath9k_hw: cleanup MCI gpm offset state
Add utility functions to get and test GPM offset and
remove MCI_STATE*_GPM_OFFSET states.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:58 -04:00
Mohammed Shafi Shajakhan
64bc1239c7 ath9k: Fix softlockup in AR9485
steps to recreate:
load latest ath9k driver with AR9485
stop the network-manager and wpa_supplicant
bring the interface up

	Call Trace:
	[<ffffffffa0517490>] ? ath_hw_check+0xe0/0xe0 [ath9k]
	[<ffffffff812cd1e8>] __const_udelay+0x28/0x30
	[<ffffffffa03bae7a>] ar9003_get_pll_sqsum_dvc+0x4a/0x80 [ath9k_hw]
	[<ffffffffa05174eb>] ath_hw_pll_work+0x5b/0xe0 [ath9k]
	[<ffffffff810744fe>] process_one_work+0x11e/0x470
	[<ffffffff8107530f>] worker_thread+0x15f/0x360
	[<ffffffff810751b0>] ? manage_workers+0x230/0x230
	[<ffffffff81079af3>] kthread+0x93/0xa0
	[<ffffffff815fd3a4>] kernel_thread_helper+0x4/0x10
	[<ffffffff81079a60>] ? kthread_freezable_should_stop+0x70/0x70
	[<ffffffff815fd3a0>] ? gs_change+0x13/0x13

ensure that the PLL-WAR for AR9485/AR9340 is executed only if the STA is
associated (or) IBSS/AP mode had started beaconing. Ideally this WAR
is needed to recover from some rare beacon stuck during stress testing.
Before the STA is associated/IBSS had started beaconing, PLL4(0x1618c)
always seem to have zero even though we had configured PLL3(0x16188) to
query about PLL's locking status. When we keep on polling infinitely PLL4's
8th bit(ie check for PLL locking measurements is done), machine hangs
due to softlockup.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=811142

Reported-by: Rolf Offermanns <rolf.offermanns@gmx.net>
Cc: stable@vger.kernel.org
Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:57 -04:00
Rajkumar Manoharan
a197b76c23 ath9k: fix btcoex duty cycle
* Reset duty cycle before updating btcoex scheme. Otherwise duty cycle
  reaches max limit and never be reduced again
* Adjust duty cycle with proper BDR profile value

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:57 -04:00
Rajkumar Manoharan
3c7992e33a ath9k: defer btcoex scheme update
As btcoex scheme updation might sleep, remove the function call
from tasklet context and queue it up as a separate work.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:56 -04:00
Rajkumar Manoharan
dfd0587a7d ath9k: keep btcoex period in milliseconds
btcoex periord is converted into micro seconds during initialization
and converted back to milli seconds while starting timer. As MCI code
handles btcoex period in msec, lets keep the btcoex timer in msec and
convert them into other form whenever needed.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:56 -04:00
Rajkumar Manoharan
9e2e0c8469 ath9k: simplify btcoex profile management
This patch simplifies profile management utility functions.

* Separate find_profile from add/del functions
* Return correct values when the profile list is empty or
  profile is ot found
* flush the profiles when there are entries in the list

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:55 -04:00
Rajkumar Manoharan
92a33298e9 ath9k_hw: process MCI interrupts only when btcoex is enabled
let us process MCI interrupts only when BTCOEX is enabled to avoid
processing bogus interrupts.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:54 -04:00
Rajkumar Manoharan
ed6ebd8bc8 ath9k_hw: program OBS register only when MCI is disabled
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:54 -04:00
Rajkumar Manoharan
1bde95fa7e ath9k_hw: fix incorrect LNA register settings
After a full reset, mci_reset will put LNA update to the setting
for 2G mode. Those registers need to be forced to update when
the channel is in 5G.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:53 -04:00
Rajkumar Manoharan
3863495b86 ath9k_hw: check GPM HW write pointer before chip reset
Both "MAC Warm Reset" and "MCI Reset Rx" will reset GPM HW write_ptr.
We should check software cached write_ptr against HW write_ptr before
reset. Otherwise the pending DMA data will be lost.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:53 -04:00
Rajkumar Manoharan
9dd9b0dc1d ath9k_hw: Fix AR9462 power consumption on idle associated
The HW statemachine is sometimes found stuck in the state
WL_LNA_CTRL_DISABLE when BT is in sleep, which will cause
TX_HOLD always asserted and resmgr stuck in PENDING_TX state

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:52 -04:00
Rajkumar Manoharan
8389fb3fd7 ath9k: restore power state on set channel failure
Not doing so, could cause imbalance in powersave count.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:51 -04:00
Rajkumar Manoharan
cec429dd65 ath9k: choose legacy rate as last rate of MRR series
Choose legacy rate as the last rate of Multi Rate Retry series
if and only if the last selected rate is MCS and having higher
PER rate. The current code fills a legacy rate as last one even
though the previous rates in the series are having good PER value.
This could limit the aggregation that affects the uplink performance.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:51 -04:00
Sujith Manoharan
6304c20167 ath9k_hw: Update initvals for AR9462
Adjust quick_drop value in the baseband AGC register to
improve RX in HT20 mode.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:50 -04:00
Arend van Spriel
80969836a7 brcmfmac: expose sdio internal counters in debugfs
The structure brcmf_sdio contains a number of counters that are useful
for debugging. These were not available in user-space. This patch
exposes them in debugfs under the filename 'counters'.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:50 -04:00
Arend van Spriel
d319a7cfd9 brcmfmac: add debugfs helper functions
This patch adds debugfs support to brcmfmac. It provide helper functions
to setup the debugfs folder structure for the driver, which has following
hierarchy:

<debugfs_mount>/brcmfmac/<dev_name>/

ie.: /sys/kernel/debug/brcmfmac/mmc0:0001:2/

The new source file provides functions to create and remove the two
folders and a function to retrieve the device-specific folder so files
can be created in it.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:49 -04:00
Arend van Spriel
5e16e8ee3a brcmsmac: fix smatch warning found in ampdu.c
This patch fixes potential NULL pointer dereference in ampdu. This
was found running smatch static code checker. Smatch warning says:

drivers/net/wireless/brcm80211/brcmsmac/ampdu.c:741 brcms_c_sendampdu()
	 warn: variable dereferenced before check 'p'

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:49 -04:00
Arend van Spriel
d597ee7e28 brcmsmac: remove brcms_set_hint() function
The function brcms_set_hint() does not add any functionality
so regulatory_hint() can be called directly. The error value
has been removed from the message when regulatory_hint() fails.

Reported-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:35:49 -04:00
Mohammed Shafi Shajakhan
bcb7ad7bcb ath9k: Fix softlockup in AR9485
steps to recreate:
load latest ath9k driver with AR9485
stop the network-manager and wpa_supplicant
bring the interface up

	Call Trace:
	[<ffffffffa0517490>] ? ath_hw_check+0xe0/0xe0 [ath9k]
	[<ffffffff812cd1e8>] __const_udelay+0x28/0x30
	[<ffffffffa03bae7a>] ar9003_get_pll_sqsum_dvc+0x4a/0x80 [ath9k_hw]
	[<ffffffffa05174eb>] ath_hw_pll_work+0x5b/0xe0 [ath9k]
	[<ffffffff810744fe>] process_one_work+0x11e/0x470
	[<ffffffff8107530f>] worker_thread+0x15f/0x360
	[<ffffffff810751b0>] ? manage_workers+0x230/0x230
	[<ffffffff81079af3>] kthread+0x93/0xa0
	[<ffffffff815fd3a4>] kernel_thread_helper+0x4/0x10
	[<ffffffff81079a60>] ? kthread_freezable_should_stop+0x70/0x70
	[<ffffffff815fd3a0>] ? gs_change+0x13/0x13

ensure that the PLL-WAR for AR9485/AR9340 is executed only if the STA is
associated (or) IBSS/AP mode had started beaconing. Ideally this WAR
is needed to recover from some rare beacon stuck during stress testing.
Before the STA is associated/IBSS had started beaconing, PLL4(0x1618c)
always seem to have zero even though we had configured PLL3(0x16188) to
query about PLL's locking status. When we keep on polling infinitely PLL4's
8th bit(ie check for PLL locking measurements is done), machine hangs
due to softlockup.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=811142

Reported-by: Rolf Offermanns <rolf.offermanns@gmx.net>
Cc: stable@vger.kernel.org [3.0+]
Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:09:48 -04:00
John W. Linville
1f7e010282 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2012-06-13 14:05:40 -04:00
Johannes Berg
73c3df3ba3 cfg80211/nl80211: fix kernel-doc
Add missing entries to nl80211.h and fix
the kernel-doc notation in cfg80211.h.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-13 11:17:14 +02:00
Johannes Berg
4a4ab0d7c9 nl80211: fix sched scan match attribute name
It should be NL80211_SCHED_SCAN_MATCH_ATTR_SSID as
documented, not NL80211_ATTR_SCHED_SCAN_MATCH_SSID.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-13 11:17:11 +02:00
Pontus Fuchs
ac4d82fa01 mac80211: Disallow changing chan type on monitor when CHAN_MODE_FIXED
If you add a monitor interface in parallel to a normal interface
mac80211 will let you to change the channel type on the monitor
interface even if you are connected. Add an explicit check to
disallow this.

Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
[fix typo in commit log, use sdata instead of netdev]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-13 10:23:21 +02:00
David Spinadel
79543d8eec mac80211: stop polling in disassociation
Stop connection monitor poll during disassociation.
This clears the polling flags and if a scan was
deferred it will be run.

Without this fix, if a scan was deferred due to
connection monitoring while disassociation happens,
this scan blocks further scan requests until interface
down/up which causes problems connecting to another AP.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-13 10:17:55 +02:00
Eliad Peller
554a43d5e7 mac80211: check sdata_running on ieee80211_set_bitrate_mask
Otherwise, we might call the driver callback before
the interface was uploaded.

Solves the following warning:
WARNING: at net/mac80211/driver-ops.h:12 ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211]()
wlan0:  Failed check-sdata-in-driver check, flags: 0x0
Modules linked in: wlcore_sdio wl12xx wl18xx wlcore mac80211 cfg80211 [last unloaded: cfg80211]
[<c001b964>] (unwind_backtrace+0x0/0x12c) from [<c0495550>] (dump_stack+0x20/0x24)
[<c0495550>] (dump_stack+0x20/0x24) from [<c003ee28>] (warn_slowpath_common+0x5c/0x74)
[<c003ee28>] (warn_slowpath_common+0x5c/0x74) from [<c003eefc>] (warn_slowpath_fmt+0x40/0x48)
[<c003eefc>] (warn_slowpath_fmt+0x40/0x48) from [<bf5c1ad0>] (ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211])
[<bf5c1ad0>] (ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211]) from [<bf575960>] (nl80211_set_tx_bitrate_mask+0x350/0x358 [cfg80211])
[<bf575960>] (nl80211_set_tx_bitrate_mask+0x350/0x358 [cfg80211]) from [<c03e9e94>] (genl_rcv_msg+0x1a8/0x1e8)
[<c03e9e94>] (genl_rcv_msg+0x1a8/0x1e8) from [<c03e9164>] (netlink_rcv_skb+0x5c/0xc0)
[<c03e9164>] (netlink_rcv_skb+0x5c/0xc0) from [<c03e9ce0>] (genl_rcv+0x28/0x34)
[<c03e9ce0>] (genl_rcv+0x28/0x34) from [<c03e8e74>] (netlink_unicast+0x158/0x234)
[<c03e8e74>] (netlink_unicast+0x158/0x234) from [<c03e93e0>] (netlink_sendmsg+0x218/0x298)
[<c03e93e0>] (netlink_sendmsg+0x218/0x298) from [<c03b4e5c>] (sock_sendmsg+0xa4/0xc0)
[<c03b4e5c>] (sock_sendmsg+0xa4/0xc0) from [<c03b5af4>] (__sys_sendmsg+0x1d8/0x254)
[<c03b5af4>] (__sys_sendmsg+0x1d8/0x254) from [<c03b5ca8>] (sys_sendmsg+0x4c/0x70)
[<c03b5ca8>] (sys_sendmsg+0x4c/0x70) from [<c0013980>] (ret_fast_syscall+0x0/0x3c)

Note that calling the driver can also result
in undefined behaviour since it doesn't have
to deal with calls while down.

Signed-off-by: Eliad Peller <eliad@wizery.com>
[removed timestamps, added note - Johannes]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-13 10:17:54 +02:00
Eliad Peller
fe20b39ec3 cfg80211: fix potential deadlock in regulatory
reg_timeout_work() calls restore_regulatory_settings() which
takes cfg80211_mutex.

reg_set_request_processed() already holds cfg80211_mutex
before calling cancel_delayed_work_sync(reg_timeout),
so it might deadlock.

Call the async cancel_delayed_work instead, in order
to avoid the potential deadlock.

This is the relevant lockdep warning:

cfg80211: Calling CRDA for country: XX

======================================================
[ INFO: possible circular locking dependency detected ]
3.4.0-rc5-wl+ #26 Not tainted
-------------------------------------------------------
kworker/0:2/1391 is trying to acquire lock:
 (cfg80211_mutex){+.+.+.}, at: [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]

but task is already holding lock:
 ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 ((reg_timeout).work){+.+...}:
       [<c008fd44>] validate_chain+0xb94/0x10f0
       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
       [<c0090d40>] lock_acquire+0xf0/0x114
       [<c005b600>] wait_on_work+0x4c/0x154
       [<c005c000>] __cancel_work_timer+0xd4/0x11c
       [<c005c064>] cancel_delayed_work_sync+0x1c/0x20
       [<bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
       [<bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
       [<bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
       [<c03c7738>] genl_rcv_msg+0x1a8/0x1e8
       [<c03c6a00>] netlink_rcv_skb+0x5c/0xc0
       [<c03c7584>] genl_rcv+0x28/0x34
       [<c03c6720>] netlink_unicast+0x15c/0x228
       [<c03c6c7c>] netlink_sendmsg+0x218/0x298
       [<c03933c8>] sock_sendmsg+0xa4/0xc0
       [<c039406c>] __sys_sendmsg+0x1e4/0x268
       [<c0394228>] sys_sendmsg+0x4c/0x70
       [<c0013840>] ret_fast_syscall+0x0/0x3c

-> #1 (reg_mutex){+.+.+.}:
       [<c008fd44>] validate_chain+0xb94/0x10f0
       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
       [<c0090d40>] lock_acquire+0xf0/0x114
       [<c04734dc>] mutex_lock_nested+0x48/0x320
       [<bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
       [<c0059f44>] process_one_work+0x2a0/0x480
       [<c005a4b4>] worker_thread+0x1bc/0x2bc
       [<c0061148>] kthread+0x98/0xa4
       [<c0014af4>] kernel_thread_exit+0x0/0x8

-> #0 (cfg80211_mutex){+.+.+.}:
       [<c008ed58>] print_circular_bug+0x68/0x2cc
       [<c008fb28>] validate_chain+0x978/0x10f0
       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
       [<c0090d40>] lock_acquire+0xf0/0x114
       [<c04734dc>] mutex_lock_nested+0x48/0x320
       [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
       [<bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
       [<c0059f44>] process_one_work+0x2a0/0x480
       [<c005a4b4>] worker_thread+0x1bc/0x2bc
       [<c0061148>] kthread+0x98/0xa4
       [<c0014af4>] kernel_thread_exit+0x0/0x8

other info that might help us debug this:

Chain exists of:
  cfg80211_mutex --> reg_mutex --> (reg_timeout).work

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((reg_timeout).work);
                               lock(reg_mutex);
                               lock((reg_timeout).work);
  lock(cfg80211_mutex);

 *** DEADLOCK ***

2 locks held by kworker/0:2/1391:
 #0:  (events){.+.+.+}, at: [<c0059e94>] process_one_work+0x1f0/0x480
 #1:  ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480

stack backtrace:
[<c001b928>] (unwind_backtrace+0x0/0x12c) from [<c0471d3c>] (dump_stack+0x20/0x24)
[<c0471d3c>] (dump_stack+0x20/0x24) from [<c008ef70>] (print_circular_bug+0x280/0x2cc)
[<c008ef70>] (print_circular_bug+0x280/0x2cc) from [<c008fb28>] (validate_chain+0x978/0x10f0)
[<c008fb28>] (validate_chain+0x978/0x10f0) from [<c0090b68>] (__lock_acquire+0x8c8/0x9b0)
[<c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<c0090d40>] (lock_acquire+0xf0/0x114)
[<c0090d40>] (lock_acquire+0xf0/0x114) from [<c04734dc>] (mutex_lock_nested+0x48/0x320)
[<c04734dc>] (mutex_lock_nested+0x48/0x320) from [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
[<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
[<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<c0059f44>] (process_one_work+0x2a0/0x480)
[<c0059f44>] (process_one_work+0x2a0/0x480) from [<c005a4b4>] (worker_thread+0x1bc/0x2bc)
[<c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<c0061148>] (kthread+0x98/0xa4)
[<c0061148>] (kthread+0x98/0xa4) from [<c0014af4>] (kernel_thread_exit+0x0/0x8)
cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)

Cc: stable@kernel.org
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-13 10:17:53 +02:00