Return-path: Received: from he.sipsolutions.net ([78.46.109.217]:34431 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751738Ab2BINgr (ORCPT ); Thu, 9 Feb 2012 08:36:47 -0500 Message-ID: <4F33CBD0.3020400@sipsolutions.net> (sfid-20120209_143651_458679_E6005945) Date: Thu, 09 Feb 2012 14:36:16 +0100 From: Johannes Berg MIME-Version: 1.0 To: Mohammed Shafi Shajakhan CC: "John W. Linville" , linux-wireless@vger.kernel.org, stable@vger.kernel.org, Gary Morain , Paul Stewart , Abhijit Pradhan , Vasanthakumar Thiagarajan , Rajkumar Manoharan Subject: Re: [RFC] mac80211: Fix a rwlock bad magic bug References: <1328792643-6734-1-git-send-email-mohammed@qca.qualcomm.com> In-Reply-To: <1328792643-6734-1-git-send-email-mohammed@qca.qualcomm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: linux-wireless-owner@vger.kernel.org List-ID: On 2/9/2012 2:04 PM, Mohammed Shafi Shajakhan wrote: > From: Mohammed Shafi Shajakhan > > read_lock(&tpt_trig->trig.leddev_list_lock) is accessed via the path > ieee80211_open (->) ieee80211_do_open (->) ieee80211_mod_tpt_led_trig > (->) ieee80211_start_tpt_led_trig (->) tpt_trig_timer before initializing > it. > the intilization of this read/write lock happens via the path > ieee80211_led_init (->) led_trigger_register, but we are doing > 'ieee80211_led_init' after 'ieeee80211_if_add' where we > register netdev_ops. > so we access leddev_list_lock before initializing it and causes the > following bug in chrome laptops with AR928X cards with the following > script > > while true > do > sudo modprobe -v ath9k > sleep 3 > sudo modprobe -r ath9k > sleep 3 > done > > BUG: rwlock bad magic on CPU#1, wpa_supplicant/358, f5b9eccc > Pid: 358, comm: wpa_supplicant Not tainted 3.0.13 #1 > Call Trace: > > [<8137b9df>] rwlock_bug+0x3d/0x47 > [<81179830>] do_raw_read_lock+0x19/0x29 > [<8137f063>] _raw_read_lock+0xd/0xf > [] tpt_trig_timer+0xc3/0x145 [mac80211] > [] ieee80211_mod_tpt_led_trig+0x152/0x174 [mac80211] > [] ieee80211_do_open+0x11e/0x42e [mac80211] > [] ? ieee80211_check_concurrent_iface+0x26/0x13c [mac80211] > [] ieee80211_open+0x48/0x4c [mac80211] > [<812dbed8>] __dev_open+0x82/0xab > [<812dc0c9>] __dev_change_flags+0x9c/0x113 > [<812dc1ae>] dev_change_flags+0x18/0x44 > [<8132144f>] devinet_ioctl+0x243/0x51a > [<81321ba9>] inet_ioctl+0x93/0xac > [<812cc951>] sock_ioctl+0x1c6/0x1ea > [<812cc78b>] ? might_fault+0x20/0x20 > [<810b1ebb>] do_vfs_ioctl+0x46e/0x4a2 > [<810a6ebb>] ? fget_light+0x2f/0x70 > [<812ce549>] ? sys_recvmsg+0x3e/0x48 > [<810b1f35>] sys_ioctl+0x46/0x69 > [<8137fa77>] sysenter_do_call+0x12/0x2 > > Cc: > Cc: Gary Morain > Cc: Paul Stewart > Cc: Abhijit Pradhan > Cc: Vasanthakumar Thiagarajan > Cc: Rajkumar Manoharan > Tested-by: Mohammed Shafi Shajakhan > Signed-off-by: Mohammed Shafi Shajakhan Acked-by: Johannes Berg > --- > net/mac80211/main.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/mac80211/main.c b/net/mac80211/main.c > index 831a5bd..2306d75 100644 > --- a/net/mac80211/main.c > +++ b/net/mac80211/main.c > @@ -909,6 +909,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) > wiphy_debug(local->hw.wiphy, "Failed to initialize wep: %d\n", > result); > > + ieee80211_led_init(local); > + > rtnl_lock(); > > result = ieee80211_init_rate_ctrl_alg(local, > @@ -930,8 +932,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) > > rtnl_unlock(); > > - ieee80211_led_init(local); > - > local->network_latency_notifier.notifier_call = > ieee80211_max_network_latency; > result = pm_qos_add_notifier(PM_QOS_NETWORK_LATENCY,