The driver may sleep under a spin lock, and the function call path is:
cw1200_tx_confirm_cb (acquire the lock by spin_lock)
__cw1200_cqm_bssloss_sm
cancel_work_sync --> may sleep
cw1200_cqm_bssloss_sm
__cw1200_cqm_bssloss_sm
cancel_work_sync --> may sleep
To fix it, the lock is released before cancel_work_sync, and the lock
is acquired again after this function.
Signed-off-by: Jia-Ju Bai <[email protected]>
---
drivers/net/wireless/st/cw1200/sta.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/st/cw1200/sta.c b/drivers/net/wireless/st/cw1200/sta.c
index a522248..d5f7698 100644
--- a/drivers/net/wireless/st/cw1200/sta.c
+++ b/drivers/net/wireless/st/cw1200/sta.c
@@ -154,7 +154,9 @@ void __cw1200_cqm_bssloss_sm(struct cw1200_common *priv,
int tx = 0;
priv->delayed_link_loss = 0;
+ spin_unlock(&priv->bss_loss_lock);
cancel_work_sync(&priv->bss_params_work);
+ spin_lock(&priv->bss_loss_lock);
pr_debug("[STA] CQM BSSLOSS_SM: state: %d init %d good %d bad: %d txlock: %d uj: %d\n",
priv->bss_loss_state,
--
1.7.9.5
Jia-Ju Bai <[email protected]> wrote:
> The driver may sleep under a spin lock, and the function call path is:
> cw1200_tx_confirm_cb (acquire the lock by spin_lock)
> __cw1200_cqm_bssloss_sm
> cancel_work_sync --> may sleep
>
> cw1200_cqm_bssloss_sm
> __cw1200_cqm_bssloss_sm
> cancel_work_sync --> may sleep
>
> To fix it, the lock is released before cancel_work_sync, and the lock
> is acquired again after this function.
>
> Signed-off-by: Jia-Ju Bai <[email protected]>
I assume that you haven't tested this on a real device and only compile tested.
You should mention that in the commit log.
Releasing a lock held by calling function is evil. Did you do any lock analysis
or are you just blindly releasing locks to fix a warning in your tool?
Also I would like to have an ack from a reviewer before I can take patches like
this.
Patch set to Changes Requested.
--
https://patchwork.kernel.org/patch/9758613/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches