aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2010-07-21 10:52:40 +0200
committerJohn W. Linville <linville@tuxdriver.com>2010-07-21 15:13:42 -0400
commitbc05d19f4b884b1dbbce48912710ae3f972c89d2 (patch)
tree56f08ca551c38d9ef18f699874f1b1bb3bb8e4f3
parent9dca9c490146e787472bc05b264e043311a4c67b (diff)
downloadkernel_samsung_smdk4412-bc05d19f4b884b1dbbce48912710ae3f972c89d2.zip
kernel_samsung_smdk4412-bc05d19f4b884b1dbbce48912710ae3f972c89d2.tar.gz
kernel_samsung_smdk4412-bc05d19f4b884b1dbbce48912710ae3f972c89d2.tar.bz2
mac80211: fix IBSS lockdep complaint
Bob reported a lockdep complaint originating in the mac80211 IBSS code due to the common work struct patch. The reason is that the IBSS and station mode code have different locking orders for the cfg80211 wdev lock and the work struct (where "locking" implies running/canceling). Fix this by simply not canceling the work in the IBSS code, it is not necessary since when the REQ_RUN bit is cleared, the work will run without effect if it runs. When the interface is set down, it is flushed anyway, so there's no concern about it running after memory has been invalidated either. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=16419 Additionally, looking into this I noticed that there's a small window while the IBSS is torn down in which the work may be rescheduled and the REQ_RUN bit be set again after leave() has cleared it when a scan finishes at exactly the same time. Avoid that by setting the ssid_len to zero before clearing REQ_RUN which signals to the scan finish code that this interface is not active. Reported-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/mac80211/ibss.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index d4e84b2..090e344 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -943,11 +943,6 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
}
}
- del_timer_sync(&sdata->u.ibss.timer);
- clear_bit(IEEE80211_IBSS_REQ_RUN, &sdata->u.ibss.request);
- cancel_work_sync(&sdata->work);
- clear_bit(IEEE80211_IBSS_REQ_RUN, &sdata->u.ibss.request);
-
sta_info_flush(sdata->local, sdata);
/* remove beacon */
@@ -964,6 +959,20 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
sdata->u.ibss.ssid_len = 0;
+ /*
+ * ssid_len indicates active or not, so needs to be visible to
+ * everybody, especially ieee80211_ibss_notify_scan_completed,
+ * so it won't restart the timer after we remove it here.
+ */
+ mb();
+
+ del_timer_sync(&sdata->u.ibss.timer);
+ clear_bit(IEEE80211_IBSS_REQ_RUN, &sdata->u.ibss.request);
+ /*
+ * Since the REQ_RUN bit is clear, the work won't do
+ * anything if it runs after this.
+ */
+
ieee80211_recalc_idle(sdata->local);
return 0;