mac80211: fix suspend/resume races with unregister hw
Do not call ->suspend, ->resume methods after we unregister wiphy. Also
delete sta_clanup timer after we finish wiphy unregister to avoid this:
WARNING: at lib/debugobjects.c:262 debug_print_object+0x85/0xa0()
Hardware name: 6369CTO
ODEBUG: free active (active state 0) object type: timer_list hint: sta_info_cleanup+0x0/0x180 [mac80211]
Modules linked in: aes_i586 aes_generic fuse bridge stp llc autofs4 sunrpc cpufreq_ondemand acpi_cpufreq mperf ext2 dm_mod uinput thinkpad_acpi hwmon sg arc4 rt2800usb rt2800lib crc_ccitt rt2x00usb rt2x00lib mac80211 cfg80211 i2c_i801 iTCO_wdt iTCO_vendor_support e1000e ext4 mbcache jbd2 sd_mod crc_t10dif sr_mod cdrom yenta_socket ahci libahci pata_acpi ata_generic ata_piix i915 drm_kms_helper drm i2c_algo_bit video [last unloaded: microcode]
Pid: 5663, comm: pm-hibernate Not tainted 3.1.0-rc1-wl+ #19
Call Trace:
[<c0454cfd>] warn_slowpath_common+0x6d/0xa0
[<c05e05e5>] ? debug_print_object+0x85/0xa0
[<c05e05e5>] ? debug_print_object+0x85/0xa0
[<c0454dae>] warn_slowpath_fmt+0x2e/0x30
[<c05e05e5>] debug_print_object+0x85/0xa0
[<f8a808e0>] ? sta_info_alloc+0x1a0/0x1a0 [mac80211]
[<c05e0bd2>] debug_check_no_obj_freed+0xe2/0x180
[<c051175b>] kfree+0x8b/0x150
[<f8a126ae>] cfg80211_dev_free+0x7e/0x90 [cfg80211]
[<f8a13afd>] wiphy_dev_release+0xd/0x10 [cfg80211]
[<c068d959>] device_release+0x19/0x80
[<c05d06ba>] kobject_release+0x7a/0x1c0
[<c07646a8>] ? rtnl_unlock+0x8/0x10
[<f8a13adb>] ? wiphy_resume+0x6b/0x80 [cfg80211]
[<c05d0640>] ? kobject_del+0x30/0x30
[<c05d1a6d>] kref_put+0x2d/0x60
[<c05d056d>] kobject_put+0x1d/0x50
[<c08015f4>] ? mutex_lock+0x14/0x40
[<c068d60f>] put_device+0xf/0x20
[<c069716a>] dpm_resume+0xca/0x160
[<c04912bd>] hibernation_snapshot+0xcd/0x260
[<c04903df>] ? freeze_processes+0x3f/0x90
[<c049151b>] hibernate+0xcb/0x1e0
[<c048fdc0>] ? pm_async_store+0x40/0x40
[<c048fe60>] state_store+0xa0/0xb0
[<c048fdc0>] ? pm_async_store+0x40/0x40
[<c05d0200>] kobj_attr_store+0x20/0x30
[<c0575ea4>] sysfs_write_file+0x94/0xf0
[<c051e26a>] vfs_write+0x9a/0x160
[<c0575e10>] ? sysfs_open_file+0x200/0x200
[<c051e3fd>] sys_write+0x3d/0x70
[<c080959f>] sysenter_do_call+0x12/0x28
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index d17f47f..408ae48 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1865,6 +1865,9 @@
* you need use set_wiphy_dev() (see below) */
struct device dev;
+ /* protects ->resume, ->suspend sysfs callbacks against unregister hw */
+ bool registered;
+
/* dir in debugfs: ieee80211/<wiphyname> */
struct dentry *debugfsdir;
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 866f269..acb4423 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1012,7 +1012,6 @@
cancel_work_sync(&local->reconfig_filter);
ieee80211_clear_tx_pending(local);
- sta_info_stop(local);
rate_control_deinitialize(local);
if (skb_queue_len(&local->skb_queue) ||
@@ -1024,6 +1023,7 @@
destroy_workqueue(local->workqueue);
wiphy_unregister(local->hw.wiphy);
+ sta_info_stop(local);
ieee80211_wep_free(local);
ieee80211_led_exit(local);
kfree(local->int_scan_req);
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 645437c..c148651 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -616,6 +616,9 @@
if (res)
goto out_rm_dev;
+ rtnl_lock();
+ rdev->wiphy.registered = true;
+ rtnl_unlock();
return 0;
out_rm_dev:
@@ -647,6 +650,10 @@
{
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
+ rtnl_lock();
+ rdev->wiphy.registered = false;
+ rtnl_unlock();
+
rfkill_unregister(rdev->rfkill);
/* protect the device list */
diff --git a/net/wireless/sysfs.c b/net/wireless/sysfs.c
index c6e4ca6..ff57459 100644
--- a/net/wireless/sysfs.c
+++ b/net/wireless/sysfs.c
@@ -93,7 +93,8 @@
if (rdev->ops->suspend) {
rtnl_lock();
- ret = rdev->ops->suspend(&rdev->wiphy, rdev->wowlan);
+ if (rdev->wiphy.registered)
+ ret = rdev->ops->suspend(&rdev->wiphy, rdev->wowlan);
rtnl_unlock();
}
@@ -112,7 +113,8 @@
if (rdev->ops->resume) {
rtnl_lock();
- ret = rdev->ops->resume(&rdev->wiphy);
+ if (rdev->wiphy.registered)
+ ret = rdev->ops->resume(&rdev->wiphy);
rtnl_unlock();
}