1. 14 Jun, 2016 1 commit
    • Rajkumar Manoharan's avatar
      ath10k: fix deadlock while processing rx_in_ord_ind · e50525be
      Rajkumar Manoharan authored
      commit 5c86d97b ("ath10k: combine txrx and replenish task")
      introduced deadlock while processing rx in order indication message
      for qca6174 based devices. While merging replenish and txrx tasklets,
      replenish task should be called out of htt rx ring locking since it
      is also try to acquire the same lock.
      
      Unfortunately this issue is not exposed by other solutions (qca988x,
      qca99x0 & qca4019), as rx_in_ord_ind message is specific to qca6174
      based devices. This patch fixes
      
      =============================================
      [ INFO: possible recursive locking detected ]
      4.7.0-rc2-wt-ath+ #1353 Tainted: G            E
      ---------------------------------------------
      swapper/3/0 is trying to acquire lock:
       (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d7ef19>]
      ath10k_htt_rx_msdu_buff_replenish+0x29/0x90 [ath10k_core]
      
      but task is already holding lock:
       (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>]
      ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&htt->rx_ring.lock)->rlock);
        lock(&(&htt->rx_ring.lock)->rlock);
      
       *** DEADLOCK ***
      
       May be due to missing lock nesting notation
      
      1 lock held by swapper/3/0:
       #0:  (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>]
      ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=119151
      Fixes: 5c86d97b ("ath10k: combine txrx and replenish task")
      Reported-by: default avatarMike Lothian <mike@fireburn.co.uk>
      Signed-off-by: default avatarRajkumar Manoharan <rmanohar@qti.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      e50525be
  2. 07 Jun, 2016 1 commit
  3. 06 Jun, 2016 1 commit
    • Ben Greear's avatar
      ath10k: fix deadlock when peer cannot be created · fee48cf8
      Ben Greear authored
      We must not attempt to send WMI packets while holding the data-lock,
      as it may deadlock:
      
      BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath10k/wmi.c:1824
      in_atomic(): 1, irqs_disabled(): 0, pid: 2878, name: wpa_supplicant
      
      =============================================
      [ INFO: possible recursive locking detected ]
      4.4.6+ #21 Tainted: G        W  O
      ---------------------------------------------
      wpa_supplicant/2878 is trying to acquire lock:
       (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
      
      but task is already holding lock:
       (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>] ath10k_peer_create+0x122/0x1ae [ath10k_core]
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&ar->data_lock)->rlock);
        lock(&(&ar->data_lock)->rlock);
      
       *** DEADLOCK ***
      
       May be due to missing lock nesting notation
      
      4 locks held by wpa_supplicant/2878:
       #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff816493ca>] rtnl_lock+0x12/0x14
       #1:  (&ar->conf_mutex){+.+.+.}, at: [<ffffffffa0706932>] ath10k_add_interface+0x3b/0xbda [ath10k_core]
       #2:  (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>] ath10k_peer_create+0x122/0x1ae [ath10k_core]
       #3:  (rcu_read_lock){......}, at: [<ffffffffa062f304>] rcu_read_lock+0x0/0x66 [mac80211]
      
      stack backtrace:
      CPU: 3 PID: 2878 Comm: wpa_supplicant Tainted: G        W  O    4.4.6+ #21
      Hardware name: To be filled by O.E.M. To be filled by O.E.M./ChiefRiver, BIOS 4.6.5 06/07/2013
       0000000000000000 ffff8801fcadf8f0 ffffffff8137086d ffffffff82681720
       ffffffff82681720 ffff8801fcadf9b0 ffffffff8112e3be ffff8801fcadf920
       0000000100000000 ffffffff82681720 ffffffffa0721500 ffff8801fcb8d348
      Call Trace:
       [<ffffffff8137086d>] dump_stack+0x81/0xb6
       [<ffffffff8112e3be>] __lock_acquire+0xc5b/0xde7
       [<ffffffffa0721500>] ? ath10k_wmi_tx_beacons_iter+0x15/0x11a [ath10k_core]
       [<ffffffff8112d0d0>] ? mark_lock+0x24/0x201
       [<ffffffff8112e908>] lock_acquire+0x132/0x1cb
       [<ffffffff8112e908>] ? lock_acquire+0x132/0x1cb
       [<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
       [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
       [<ffffffff816f9e2b>] _raw_spin_lock_bh+0x31/0x40
       [<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
       [<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
       [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
       [<ffffffffa062eb18>] __iterate_interfaces+0x9d/0x13d [mac80211]
       [<ffffffffa062f609>] ieee80211_iterate_active_interfaces_atomic+0x32/0x3e [mac80211]
       [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
       [<ffffffffa071fa9f>] ath10k_wmi_tx_beacons_nowait.isra.13+0x14/0x16 [ath10k_core]
       [<ffffffffa0721676>] ath10k_wmi_cmd_send+0x71/0x242 [ath10k_core]
       [<ffffffffa07023f6>] ath10k_wmi_peer_delete+0x3f/0x42 [ath10k_core]
       [<ffffffffa0702557>] ath10k_peer_create+0x15e/0x1ae [ath10k_core]
       [<ffffffffa0707004>] ath10k_add_interface+0x70d/0xbda [ath10k_core]
       [<ffffffffa05fffcc>] drv_add_interface+0x123/0x1a5 [mac80211]
       [<ffffffffa061554b>] ieee80211_do_open+0x351/0x667 [mac80211]
       [<ffffffffa06158aa>] ieee80211_open+0x49/0x4c [mac80211]
       [<ffffffff8163ecf9>] __dev_open+0x88/0xde
       [<ffffffff8163ef6e>] __dev_change_flags+0xa4/0x13a
       [<ffffffff8163f023>] dev_change_flags+0x1f/0x54
       [<ffffffff816a5532>] devinet_ioctl+0x2b9/0x5c9
       [<ffffffff816514dd>] ? copy_to_user+0x32/0x38
       [<ffffffff816a6115>] inet_ioctl+0x81/0x9d
       [<ffffffff816a6115>] ? inet_ioctl+0x81/0x9d
       [<ffffffff81621cf8>] sock_do_ioctl+0x20/0x3d
       [<ffffffff816223c4>] sock_ioctl+0x222/0x22e
       [<ffffffff8121cf95>] do_vfs_ioctl+0x453/0x4d7
       [<ffffffff81625603>] ? __sys_recvmsg+0x4c/0x5b
       [<ffffffff81225af1>] ? __fget_light+0x48/0x6c
       [<ffffffff8121d06b>] SyS_ioctl+0x52/0x74
       [<ffffffff816fa736>] entry_SYSCALL_64_fastpath+0x16/0x7a
      Signed-off-by: default avatarBen Greear <greearb@candelatech.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      fee48cf8
  4. 04 Jun, 2016 1 commit
  5. 03 Jun, 2016 1 commit
    • Franky Lin's avatar
      brcmfmac: add eth_type_trans back for PCIe full dongle · 31143e29
      Franky Lin authored
      A regression was introduced in commit 9c349892 ("brcmfmac: revise
      handling events in receive path") which moves eth_type_trans() call
      to brcmf_rx_frame(). Msgbuf layer doesn't use brcmf_rx_frame() but invokes
      brcmf_netif_rx() directly. In such case the Ethernet header was not
      stripped out resulting in null pointer dereference in the networking
      stack.
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
      IP: [<ffffffff814c3ce6>] enqueue_to_backlog+0x56/0x260
      PGD 0
      Oops: 0000 [#1] PREEMPT SMP
      Modules linked in: fuse ipt_MASQUERADE nf_nat_masquerade_ipv4
      iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype
      [...]
      rtsx_pci scsi_mod usbcore usb_common i8042 serio nvme nvme_core
      CPU: 7 PID: 1340 Comm: irq/136-brcmf_p Not tainted 4.7.0-rc1-mainline #1
      Hardware name: Dell Inc. XPS 15 9550/0N7TVV, BIOS 01.02.00 04/07/2016
      task: ffff8804a0c5bd00 ti: ffff88049e124000 task.ti: ffff88049e124000
      RIP: 0010:[<ffffffff814c3ce6>] [<ffffffff814c3ce6>]
      enqueue_to_backlog+0x56/0x260
      RSP: 0018:ffff88049e127ca0 EFLAGS: 00010046
      RAX: 0000000000000000 RBX: ffff8804bddd7c40 RCX: 000000000000002f
      RDX: 0000000000000000 RSI: 0000000000000007 RDI: ffff8804bddd7d4c
      RBP: ffff88049e127ce8 R08: 0000000000000000 R09: 0000000000000000
      R10: ffff8804bddd12c0 R11: 000000000000149e R12: 0000000000017c40
      R13: ffff88049e127d08 R14: ffff8804a9bd6d00 R15: ffff8804bddd7d4c
      FS: 0000000000000000(0000) GS:ffff8804bddc0000(0000) knlGS:0000000000000000
      CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000048 CR3: 0000000001806000 CR4: 00000000003406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Stack:
      ffff8804bdddad00 ffff8804ad089e00 0000000000000000 0000000000000282
      0000000000000000 ffff8804a9bd6d00 ffff8804a1b27e00 ffff8804a9bd6d00
      ffff88002ee88000 ffff88049e127d28 ffffffff814c3f3b ffffffff81311fc3
      Call Trace:
      [<ffffffff814c3f3b>] netif_rx_internal+0x4b/0x170
      [<ffffffff81311fc3>] ? swiotlb_tbl_unmap_single+0xf3/0x120
      [<ffffffff814c5467>] netif_rx_ni+0x27/0xc0
      [<ffffffffa08519e9>] brcmf_netif_rx+0x49/0x70 [brcmfmac]
      [<ffffffffa08564d4>] brcmf_msgbuf_process_rx+0x2b4/0x570 [brcmfmac]
      [<ffffffff81020017>] ? __xen_set_pgd_hyper+0x57/0xd0
      [<ffffffff810d60b0>] ? irq_forced_thread_fn+0x70/0x70
      [<ffffffffa0857381>] brcmf_proto_msgbuf_rx_trigger+0x31/0xe0 [brcmfmac]
      [<ffffffffa0861e8f>] brcmf_pcie_isr_thread+0x7f/0x110 [brcmfmac]
      [<ffffffff810d60d0>] irq_thread_fn+0x20/0x50
      [<ffffffff810d63ad>] irq_thread+0x12d/0x1c0
      [<ffffffff815d07d5>] ? __schedule+0x2f5/0x7a0
      [<ffffffff810d61d0>] ? wake_threads_waitq+0x30/0x30
      [<ffffffff810d6280>] ? irq_thread_dtor+0xb0/0xb0
      [<ffffffff81098ea8>] kthread+0xd8/0xf0
      [<ffffffff815d4b7f>] ret_from_fork+0x1f/0x40
      [<ffffffff81098dd0>] ? kthread_worker_fn+0x170/0x170
      Code: 1c f5 60 9a 8e 81 9c 58 0f 1f 44 00 00 48 89 45 d0 fa 66 0f 1f
      44 00 00 4c 8d bb 0c 01 00 00 4c 89 ff e8 5e 08 11 00 49 8b 56 20 <48>
      8b 52 48 83 e2 01 74 10 8b 8b 08 01 00 00 8b 15 59 c5 42 00
      RIP [<ffffffff814c3ce6>] enqueue_to_backlog+0x56/0x260
      RSP <ffff88049e127ca0>
      CR2: 0000000000000048
      
      Fixes: 9c349892 ("brcmfmac: revise handling events in receive path")
      Reported-by: default avatarRafal Milecki <zajec5@gmail.com>
      Reported-by: default avatarGrey Christoforo <grey@christoforo.net>
      Reviewed-by: default avatarPieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
      Reviewed-by: default avatarArend Van Spriel <arend@broadcom.com>
      Reviewed-by: default avatarHante Meuleman <hante.meuleman@broadcom.com>
      Signed-off-by: default avatarFranky Lin <franky.lin@broadcom.com>
      [arend@broadcom.com: rephrased the commit message]
      Signed-off-by: default avatarArend van Spriel <arend@broadcom.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      31143e29
  6. 27 May, 2016 2 commits
  7. 26 May, 2016 17 commits
  8. 25 May, 2016 13 commits
  9. 24 May, 2016 3 commits
    • Jamal Hadi Salim's avatar
      net sched actions: policer missing timestamp processing · 3d3ed181
      Jamal Hadi Salim authored
      Policer was not dumping or updating timestamps
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3d3ed181
    • Eric Dumazet's avatar
      net_sched: avoid too many hrtimer_start() calls · a9efad8b
      Eric Dumazet authored
      I found a serious performance bug in packet schedulers using hrtimers.
      
      sch_htb and sch_fq are definitely impacted by this problem.
      
      We constantly rearm high resolution timers if some packets are throttled
      in one (or more) class, and other packets are flying through qdisc on
      another (non throttled) class.
      
      hrtimer_start() does not have the mod_timer() trick of doing nothing if
      expires value does not change :
      
      	if (timer_pending(timer) &&
                  timer->expires == expires)
                      return 1;
      
      This issue is particularly visible when multiple cpus can queue/dequeue
      packets on the same qdisc, as hrtimer code has to lock a remote base.
      
      I used following fix :
      
      1) Change htb to use qdisc_watchdog_schedule_ns() instead of open-coding
      it.
      
      2) Cache watchdog prior expiration. hrtimer might provide this, but I
      prefer to not rely on some hrtimer internal.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a9efad8b
    • Gavin Shan's avatar
      net/qlge: Avoids recursive EEH error · 3275c0c6
      Gavin Shan authored
      One timer, whose handler keeps reading on MMIO register for EEH
      core to detect error in time, is started when the PCI device driver
      is loaded. MMIO register can't be accessed during PE reset in EEH
      recovery. Otherwise, the unexpected recursive error is triggered.
      The timer isn't closed that time if the interface isn't brought
      up. So the unexpected recursive error is seen during EEH recovery
      when the interface is down.
      
      This avoids the unexpected recursive EEH error by closing the timer
      in qlge_io_error_detected() before EEH PE reset unconditionally. The
      timer is started unconditionally after EEH PE reset in qlge_io_resume().
      Also, the timer should be closed unconditionally when the device is
      removed from the system permanently in qlge_io_error_detected().
      Reported-by: default avatarShriya R. Kulkarni <shriyakul@in.ibm.com>
      Signed-off-by: default avatarGavin Shan <gwshan@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3275c0c6