b57e6b560f
read_lock(&tpt_trig->trig.leddev_list_lock) is accessed via the path ieee80211_open (->) ieee80211_do_open (->) ieee80211_mod_tpt_led_trig (->) ieee80211_start_tpt_led_trig (->) tpt_trig_timer before initializing it. the intilization of this read/write lock happens via the path ieee80211_led_init (->) led_trigger_register, but we are doing 'ieee80211_led_init' after 'ieeee80211_if_add' where we register netdev_ops. so we access leddev_list_lock before initializing it and causes the following bug in chrome laptops with AR928X cards with the following script while true do sudo modprobe -v ath9k sleep 3 sudo modprobe -r ath9k sleep 3 done BUG: rwlock bad magic on CPU#1, wpa_supplicant/358, f5b9eccc Pid: 358, comm: wpa_supplicant Not tainted 3.0.13 #1 Call Trace: [<8137b9df>] rwlock_bug+0x3d/0x47 [<81179830>] do_raw_read_lock+0x19/0x29 [<8137f063>] _raw_read_lock+0xd/0xf [<f9081957>] tpt_trig_timer+0xc3/0x145 [mac80211] [<f9081f3a>] ieee80211_mod_tpt_led_trig+0x152/0x174 [mac80211] [<f9076a3f>] ieee80211_do_open+0x11e/0x42e [mac80211] [<f9075390>] ? ieee80211_check_concurrent_iface+0x26/0x13c [mac80211] [<f9076d97>] ieee80211_open+0x48/0x4c [mac80211] [<812dbed8>] __dev_open+0x82/0xab [<812dc0c9>] __dev_change_flags+0x9c/0x113 [<812dc1ae>] dev_change_flags+0x18/0x44 [<8132144f>] devinet_ioctl+0x243/0x51a [<81321ba9>] inet_ioctl+0x93/0xac [<812cc951>] sock_ioctl+0x1c6/0x1ea [<812cc78b>] ? might_fault+0x20/0x20 [<810b1ebb>] do_vfs_ioctl+0x46e/0x4a2 [<810a6ebb>] ? fget_light+0x2f/0x70 [<812ce549>] ? sys_recvmsg+0x3e/0x48 [<810b1f35>] sys_ioctl+0x46/0x69 [<8137fa77>] sysenter_do_call+0x12/0x2 Cc: <stable@vger.kernel.org> Cc: Gary Morain <gmorain@google.com> Cc: Paul Stewart <pstew@google.com> Cc: Abhijit Pradhan <abhijit@qca.qualcomm.com> Cc: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com> Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Acked-by: Johannes Berg <johannes.berg@intel.com> Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> |
||
---|---|---|
.. | ||
aes_ccm.c | ||
aes_ccm.h | ||
aes_cmac.c | ||
aes_cmac.h | ||
agg-rx.c | ||
agg-tx.c | ||
cfg.c | ||
cfg.h | ||
chan.c | ||
debugfs.c | ||
debugfs.h | ||
debugfs_key.c | ||
debugfs_key.h | ||
debugfs_netdev.c | ||
debugfs_netdev.h | ||
debugfs_sta.c | ||
debugfs_sta.h | ||
driver-ops.h | ||
driver-trace.c | ||
driver-trace.h | ||
event.c | ||
ht.c | ||
ibss.c | ||
ieee80211_i.h | ||
iface.c | ||
Kconfig | ||
key.c | ||
key.h | ||
led.c | ||
led.h | ||
main.c | ||
Makefile | ||
mesh.c | ||
mesh.h | ||
mesh_hwmp.c | ||
mesh_pathtbl.c | ||
mesh_plink.c | ||
michael.c | ||
michael.h | ||
mlme.c | ||
offchannel.c | ||
pm.c | ||
rate.c | ||
rate.h | ||
rc80211_minstrel.c | ||
rc80211_minstrel.h | ||
rc80211_minstrel_debugfs.c | ||
rc80211_minstrel_ht.c | ||
rc80211_minstrel_ht.h | ||
rc80211_minstrel_ht_debugfs.c | ||
rc80211_pid.h | ||
rc80211_pid_algo.c | ||
rc80211_pid_debugfs.c | ||
rx.c | ||
scan.c | ||
spectmgmt.c | ||
sta_info.c | ||
sta_info.h | ||
status.c | ||
tkip.c | ||
tkip.h | ||
tx.c | ||
util.c | ||
wep.c | ||
wep.h | ||
wme.c | ||
wme.h | ||
work.c | ||
wpa.c | ||
wpa.h |