android_kernel_google_msm/net/wireless
Eliad Peller 0d84f6e5ba cfg80211: fix potential deadlock in regulatory
commit fe20b39ec3 upstream.

reg_timeout_work() calls restore_regulatory_settings() which
takes cfg80211_mutex.

reg_set_request_processed() already holds cfg80211_mutex
before calling cancel_delayed_work_sync(reg_timeout),
so it might deadlock.

Call the async cancel_delayed_work instead, in order
to avoid the potential deadlock.

This is the relevant lockdep warning:

cfg80211: Calling CRDA for country: XX

======================================================
[ INFO: possible circular locking dependency detected ]
3.4.0-rc5-wl+ #26 Not tainted
-------------------------------------------------------
kworker/0:2/1391 is trying to acquire lock:
 (cfg80211_mutex){+.+.+.}, at: [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]

but task is already holding lock:
 ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 ((reg_timeout).work){+.+...}:
       [<c008fd44>] validate_chain+0xb94/0x10f0
       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
       [<c0090d40>] lock_acquire+0xf0/0x114
       [<c005b600>] wait_on_work+0x4c/0x154
       [<c005c000>] __cancel_work_timer+0xd4/0x11c
       [<c005c064>] cancel_delayed_work_sync+0x1c/0x20
       [<bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
       [<bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
       [<bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
       [<c03c7738>] genl_rcv_msg+0x1a8/0x1e8
       [<c03c6a00>] netlink_rcv_skb+0x5c/0xc0
       [<c03c7584>] genl_rcv+0x28/0x34
       [<c03c6720>] netlink_unicast+0x15c/0x228
       [<c03c6c7c>] netlink_sendmsg+0x218/0x298
       [<c03933c8>] sock_sendmsg+0xa4/0xc0
       [<c039406c>] __sys_sendmsg+0x1e4/0x268
       [<c0394228>] sys_sendmsg+0x4c/0x70
       [<c0013840>] ret_fast_syscall+0x0/0x3c

-> #1 (reg_mutex){+.+.+.}:
       [<c008fd44>] validate_chain+0xb94/0x10f0
       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
       [<c0090d40>] lock_acquire+0xf0/0x114
       [<c04734dc>] mutex_lock_nested+0x48/0x320
       [<bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
       [<c0059f44>] process_one_work+0x2a0/0x480
       [<c005a4b4>] worker_thread+0x1bc/0x2bc
       [<c0061148>] kthread+0x98/0xa4
       [<c0014af4>] kernel_thread_exit+0x0/0x8

-> #0 (cfg80211_mutex){+.+.+.}:
       [<c008ed58>] print_circular_bug+0x68/0x2cc
       [<c008fb28>] validate_chain+0x978/0x10f0
       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
       [<c0090d40>] lock_acquire+0xf0/0x114
       [<c04734dc>] mutex_lock_nested+0x48/0x320
       [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
       [<bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
       [<c0059f44>] process_one_work+0x2a0/0x480
       [<c005a4b4>] worker_thread+0x1bc/0x2bc
       [<c0061148>] kthread+0x98/0xa4
       [<c0014af4>] kernel_thread_exit+0x0/0x8

other info that might help us debug this:

Chain exists of:
  cfg80211_mutex --> reg_mutex --> (reg_timeout).work

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((reg_timeout).work);
                               lock(reg_mutex);
                               lock((reg_timeout).work);
  lock(cfg80211_mutex);

 *** DEADLOCK ***

2 locks held by kworker/0:2/1391:
 #0:  (events){.+.+.+}, at: [<c0059e94>] process_one_work+0x1f0/0x480
 #1:  ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480

stack backtrace:
[<c001b928>] (unwind_backtrace+0x0/0x12c) from [<c0471d3c>] (dump_stack+0x20/0x24)
[<c0471d3c>] (dump_stack+0x20/0x24) from [<c008ef70>] (print_circular_bug+0x280/0x2cc)
[<c008ef70>] (print_circular_bug+0x280/0x2cc) from [<c008fb28>] (validate_chain+0x978/0x10f0)
[<c008fb28>] (validate_chain+0x978/0x10f0) from [<c0090b68>] (__lock_acquire+0x8c8/0x9b0)
[<c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<c0090d40>] (lock_acquire+0xf0/0x114)
[<c0090d40>] (lock_acquire+0xf0/0x114) from [<c04734dc>] (mutex_lock_nested+0x48/0x320)
[<c04734dc>] (mutex_lock_nested+0x48/0x320) from [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
[<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
[<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<c0059f44>] (process_one_work+0x2a0/0x480)
[<c0059f44>] (process_one_work+0x2a0/0x480) from [<c005a4b4>] (worker_thread+0x1bc/0x2bc)
[<c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<c0061148>] (kthread+0x98/0xa4)
[<c0061148>] (kthread+0x98/0xa4) from [<c0014af4>] (kernel_thread_exit+0x0/0x8)
cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-16 09:04:11 -07:00
..
.gitignore wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
chan.c nl80211: Parse channel type attribute in an ibss join request 2011-12-06 16:05:24 -05:00
core.c nl80211: advertise device AP SME 2011-11-09 16:12:38 -05:00
core.h cfg80211: export cfg80211_ref_bss 2012-02-06 14:50:37 -05:00
db.txt wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
debugfs.c simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
debugfs.h cfg80211/mac80211: use debugfs_remove_recursive 2009-10-30 16:49:18 -04:00
ethtool.c wireless: add support for ethtool_ops->{get,set}_ringparam 2011-03-11 14:16:58 -05:00
ethtool.h
genregdb.awk cfg80211: relicense reg.c reg.h and genregdb.awk to ISC 2012-01-04 14:30:41 -05:00
ibss.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
Kconfig wireless: disable wext sysfs by default 2011-12-07 15:19:39 -05:00
lib80211.c lib80211: remove exports for functions not called by other modules 2011-08-09 15:42:36 -04:00
lib80211_crypt_ccmp.c wireless: Remove unnecessary OOM logging messages 2011-09-13 15:45:02 -04:00
lib80211_crypt_tkip.c wireless: Remove unnecessary OOM logging messages 2011-09-13 15:45:02 -04:00
lib80211_crypt_wep.c wireless: Remove unnecessary OOM logging messages 2011-09-13 15:45:02 -04:00
Makefile cfg80211/mac80211: add mesh join/leave commands 2010-12-06 16:01:29 -05:00
mesh.c {nl,cfg,mac}80211: Implement RSSI threshold for mesh peering 2012-03-05 15:23:15 -05:00
mlme.c cfg80211/mac80211: report signal strength for mgmt frames 2012-03-06 15:16:05 -05:00
nl80211.c nl80211: ensure interface is up in various APIs 2012-04-09 15:54:46 -04:00
nl80211.h cfg80211/mac80211: report signal strength for mgmt frames 2012-03-06 15:16:05 -05:00
radiotap.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
reg.c cfg80211: fix potential deadlock in regulatory 2012-07-16 09:04:11 -07:00
reg.h cfg80211: relicense reg.c reg.h and genregdb.awk to ISC 2012-01-04 14:30:41 -05:00
regdb.h cfg80211: relicense reg.c reg.h and genregdb.awk to ISC 2012-01-04 14:30:41 -05:00
scan.c cfg80211: clarify timestamp in cfg80211_inform_bss 2012-03-13 14:54:20 -04:00
sme.c cfg80211: stop tracking authenticated state 2012-02-06 14:50:37 -05:00
sysfs.c mac80211: fix suspend/resume races with unregister hw 2011-08-22 14:21:40 -04:00
sysfs.h
util.c cfg80211: fix interface combinations check 2012-06-17 11:21:26 -07:00
wext-compat.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2011-11-22 14:05:46 -05:00
wext-compat.h cfg80211: remove unused wext handler exports 2011-08-08 14:26:29 -04:00
wext-core.c net/wireless/wext-core.c: add missing kfree 2012-04-09 15:54:50 -04:00
wext-priv.c wext: fix potential private ioctl memory content leak 2010-09-20 13:41:40 -04:00
wext-proc.c net: spread __net_init, __net_exit 2010-01-17 19:16:02 -08:00
wext-sme.c cfg80211: Add background scan period attribute. 2012-03-12 14:19:34 -04:00
wext-spy.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00