1. 12 Oct, 2012 1 commit
  2. 19 Sep, 2012 2 commits
    • Emmanuel Grumbach's avatar
      iwlwifi: don't double free the interrupt in failure path · a7be50b7
      Emmanuel Grumbach authored
      When the driver can't get the HW ready, we would release
      the interrupt twice which made the kernel complain loudly.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarBrian Cockrell <brian.cockrell@intel.com>
      Tested-by: default avatarBrian Cockrell <brian.cockrell@intel.com>
      Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      a7be50b7
    • Luis R. Rodriguez's avatar
      cfg80211: fix possible circular lock on reg_regdb_search() · a85d0d7f
      Luis R. Rodriguez authored
      When call_crda() is called we kick off a witch hunt search
      for the same regulatory domain on our internal regulatory
      database and that work gets kicked off on a workqueue, this
      is done while the cfg80211_mutex is held. If that workqueue
      kicks off it will first lock reg_regdb_search_mutex and
      later cfg80211_mutex but to ensure two CPUs will not contend
      against cfg80211_mutex the right thing to do is to have the
      reg_regdb_search() wait until the cfg80211_mutex is let go.
      
      The lockdep report is pasted below.
      
      cfg80211: Calling CRDA to update world regulatory domain
      
      ======================================================
      [ INFO: possible circular locking dependency detected ]
      3.3.8 #3 Tainted: G           O
      -------------------------------------------------------
      kworker/0:1/235 is trying to acquire lock:
       (cfg80211_mutex){+.+...}, at: [<816468a4>] set_regdom+0x78c/0x808 [cfg80211]
      
      but task is already holding lock:
       (reg_regdb_search_mutex){+.+...}, at: [<81646828>] set_regdom+0x710/0x808 [cfg80211]
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #2 (reg_regdb_search_mutex){+.+...}:
             [<800a8384>] lock_acquire+0x60/0x88
             [<802950a8>] mutex_lock_nested+0x54/0x31c
             [<81645778>] is_world_regdom+0x9f8/0xc74 [cfg80211]
      
      -> #1 (reg_mutex#2){+.+...}:
             [<800a8384>] lock_acquire+0x60/0x88
             [<802950a8>] mutex_lock_nested+0x54/0x31c
             [<8164539c>] is_world_regdom+0x61c/0xc74 [cfg80211]
      
      -> #0 (cfg80211_mutex){+.+...}:
             [<800a77b8>] __lock_acquire+0x10d4/0x17bc
             [<800a8384>] lock_acquire+0x60/0x88
             [<802950a8>] mutex_lock_nested+0x54/0x31c
             [<816468a4>] set_regdom+0x78c/0x808 [cfg80211]
      
      other info that might help us debug this:
      
      Chain exists of:
        cfg80211_mutex --> reg_mutex#2 --> reg_regdb_search_mutex
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(reg_regdb_search_mutex);
                                     lock(reg_mutex#2);
                                     lock(reg_regdb_search_mutex);
        lock(cfg80211_mutex);
      
       *** DEADLOCK ***
      
      3 locks held by kworker/0:1/235:
       #0:  (events){.+.+..}, at: [<80089a00>] process_one_work+0x230/0x460
       #1:  (reg_regdb_work){+.+...}, at: [<80089a00>] process_one_work+0x230/0x460
       #2:  (reg_regdb_search_mutex){+.+...}, at: [<81646828>] set_regdom+0x710/0x808 [cfg80211]
      
      stack backtrace:
      Call Trace:
      [<80290fd4>] dump_stack+0x8/0x34
      [<80291bc4>] print_circular_bug+0x2ac/0x2d8
      [<800a77b8>] __lock_acquire+0x10d4/0x17bc
      [<800a8384>] lock_acquire+0x60/0x88
      [<802950a8>] mutex_lock_nested+0x54/0x31c
      [<816468a4>] set_regdom+0x78c/0x808 [cfg80211]
      Reported-by: default avatarFelix Fietkau <nbd@openwrt.org>
      Tested-by: default avatarFelix Fietkau <nbd@openwrt.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@do-not-panic.com>
      Reviewed-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      a85d0d7f
  3. 18 Sep, 2012 4 commits
    • Vinicius Costa Gomes's avatar
      Bluetooth: Fix not removing power_off delayed work · 78c04c0b
      Vinicius Costa Gomes authored
      For example, when a usb reset is received (I could reproduce it
      running something very similar to this[1] in a loop) it could be
      that the device is unregistered while the power_off delayed work
      is still scheduled to run.
      
      Backtrace:
      
      WARNING: at lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
      Hardware name: To Be Filled By O.E.M.
      ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x26
      Modules linked in: nouveau mxm_wmi btusb wmi bluetooth ttm coretemp drm_kms_helper
      Pid: 2114, comm: usb-reset Not tainted 3.5.0bt-next #2
      Call Trace:
       [<ffffffff8124cc00>] ? free_obj_work+0x57/0x91
       [<ffffffff81058f88>] warn_slowpath_common+0x7e/0x97
       [<ffffffff81059035>] warn_slowpath_fmt+0x41/0x43
       [<ffffffff8124ccb6>] debug_print_object+0x7c/0x8d
       [<ffffffff8106e3ec>] ? __queue_work+0x259/0x259
       [<ffffffff8124d63e>] ? debug_check_no_obj_freed+0x6f/0x1b5
       [<ffffffff8124d667>] debug_check_no_obj_freed+0x98/0x1b5
       [<ffffffffa00aa031>] ? bt_host_release+0x10/0x1e [bluetooth]
       [<ffffffff810fc035>] kfree+0x90/0xe6
       [<ffffffffa00aa031>] bt_host_release+0x10/0x1e [bluetooth]
       [<ffffffff812ec2f9>] device_release+0x4a/0x7e
       [<ffffffff8123ef57>] kobject_release+0x11d/0x154
       [<ffffffff8123ed98>] kobject_put+0x4a/0x4f
       [<ffffffff812ec0d9>] put_device+0x12/0x14
       [<ffffffffa009472b>] hci_free_dev+0x22/0x26 [bluetooth]
       [<ffffffffa0280dd0>] btusb_disconnect+0x96/0x9f [btusb]
       [<ffffffff813581b4>] usb_unbind_interface+0x57/0x106
       [<ffffffff812ef988>] __device_release_driver+0x83/0xd6
       [<ffffffff812ef9fb>] device_release_driver+0x20/0x2d
       [<ffffffff813582a7>] usb_driver_release_interface+0x44/0x7b
       [<ffffffff81358795>] usb_forced_unbind_intf+0x45/0x4e
       [<ffffffff8134f959>] usb_reset_device+0xa6/0x12e
       [<ffffffff8135df86>] usbdev_do_ioctl+0x319/0xe20
       [<ffffffff81203244>] ? avc_has_perm_flags+0xc9/0x12e
       [<ffffffff812031a0>] ? avc_has_perm_flags+0x25/0x12e
       [<ffffffff81050101>] ? do_page_fault+0x31e/0x3a1
       [<ffffffff8135eaa6>] usbdev_ioctl+0x9/0xd
       [<ffffffff811126b1>] vfs_ioctl+0x21/0x34
       [<ffffffff81112f7b>] do_vfs_ioctl+0x408/0x44b
       [<ffffffff81208d45>] ? file_has_perm+0x76/0x81
       [<ffffffff8111300f>] sys_ioctl+0x51/0x76
       [<ffffffff8158db22>] system_call_fastpath+0x16/0x1b
      
      [1] http://cpansearch.perl.org/src/DPAVLIN/Biblio-RFID-0.03/examples/usbreset.cSigned-off-by: default avatarVinicius Costa Gomes <vinicius.gomes@openbossa.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      78c04c0b
    • Andrei Emeltchenko's avatar
      Bluetooth: Fix freeing uninitialized delayed works · aad3d0e3
      Andrei Emeltchenko authored
      When releasing L2CAP socket which is in BT_CONFIG state l2cap_chan_close
      invokes l2cap_send_disconn_req which cancel delayed works which are only
      set in BT_CONNECTED state with l2cap_ertm_init. Add state check before
      cancelling those works.
      
      ...
      [ 9668.574372] [21085] l2cap_sock_release: sock cd065200, sk f073e800
      [ 9668.574399] [21085] l2cap_sock_shutdown: sock cd065200, sk f073e800
      [ 9668.574411] [21085] l2cap_chan_close: chan f073ec00 state BT_CONFIG sk f073e800
      [ 9668.574421] [21085] l2cap_send_disconn_req: chan f073ec00 conn ecc16600
      [ 9668.574441] INFO: trying to register non-static key.
      [ 9668.574443] the code is fine but needs lockdep annotation.
      [ 9668.574446] turning off the locking correctness validator.
      [ 9668.574450] Pid: 21085, comm: obex-client Tainted: G           O 3.5.0+ #57
      [ 9668.574452] Call Trace:
      [ 9668.574463]  [<c10a64b3>] __lock_acquire+0x12e3/0x1700
      [ 9668.574468]  [<c10a44fb>] ? trace_hardirqs_on+0xb/0x10
      [ 9668.574476]  [<c15e4f60>] ? printk+0x4d/0x4f
      [ 9668.574479]  [<c10a6e38>] lock_acquire+0x88/0x130
      [ 9668.574487]  [<c1059740>] ? try_to_del_timer_sync+0x60/0x60
      [ 9668.574491]  [<c1059790>] del_timer_sync+0x50/0xc0
      [ 9668.574495]  [<c1059740>] ? try_to_del_timer_sync+0x60/0x60
      [ 9668.574515]  [<f8aa1c23>] l2cap_send_disconn_req+0xe3/0x160 [bluetooth]
      ...
      Signed-off-by: default avatarAndrei Emeltchenko <andrei.emeltchenko@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      aad3d0e3
    • Andrzej Kaczmarek's avatar
      Bluetooth: mgmt: Fix enabling LE while powered off · 562fcc24
      Andrzej Kaczmarek authored
      When new BT USB adapter is plugged in it's configured while still being powered
      off (HCI_AUTO_OFF flag is set), thus Set LE will only set dev_flags but won't
      write changes to controller. As a result it's not possible to start device
      discovery session on LE controller as it uses interleaved discovery which
      requires LE Supported Host flag in extended features.
      
      This patch ensures HCI Write LE Host Supported is sent when Set Powered is
      called to power on controller and clear HCI_AUTO_OFF flag.
      Signed-off-by: default avatarAndrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
      Cc: stable@vger.kernel.org
      Acked-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      562fcc24
    • Andrzej Kaczmarek's avatar
      Bluetooth: mgmt: Fix enabling SSP while powered off · 3d1cbdd6
      Andrzej Kaczmarek authored
      When new BT USB adapter is plugged in it's configured while still being powered
      off (HCI_AUTO_OFF flag is set), thus Set SSP will only set dev_flags but won't
      write changes to controller. As a result remote devices won't use Secure Simple
      Pairing with our device due to SSP Host Support flag disabled in extended
      features and may also reject SSP attempt from our side (with possible fallback
      to legacy pairing).
      
      This patch ensures HCI Write Simple Pairing Mode is sent when Set Powered is
      called to power on controller and clear HCI_AUTO_OFF flag.
      Signed-off-by: default avatarAndrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
      Cc: stable@vger.kernel.org
      Acked-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      3d1cbdd6
  4. 12 Sep, 2012 3 commits
  5. 10 Sep, 2012 3 commits
  6. 05 Sep, 2012 21 commits
  7. 04 Sep, 2012 2 commits
  8. 27 Aug, 2012 3 commits
  9. 23 Aug, 2012 1 commit