linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-09 23:23:53 +02:00

History

Hans de Goede d330f1d4f7 staging: rtl8723bs: remove a third possible deadlock [ Upstream commit `bdc1bbdbaa` ] The assoc_timer takes the pmlmepriv->lock and various functions which take the pmlmepriv->scanned_queue.lock first take the pmlmepriv->lock, this means that we cannot have code which waits for the timer (timer_del_sync) while holding the pmlmepriv->scanned_queue.lock to avoid a triangle deadlock: [ 363.139361] ====================================================== [ 363.139377] WARNING: possible circular locking dependency detected [ 363.139396] 5.15.0-rc1+ #470 Tainted: G C E [ 363.139413] ------------------------------------------------------ [ 363.139424] RTW_CMD_THREAD/2466 is trying to acquire lock: [ 363.139441] ffffbacd00699038 (&pmlmepriv->lock){+.-.}-{2:2}, at: _rtw_join_timeout_handler+0x3c/0x160 [r8723bs] [ 363.139598] but task is already holding lock: [ 363.139610] ffffbacd00128ea0 ((&pmlmepriv->assoc_timer)){+.-.}-{0:0}, at: call_timer_fn+0x5/0x260 [ 363.139673] which lock already depends on the new lock. [ 363.139684] the existing dependency chain (in reverse order) is: [ 363.139696] -> #2 ((&pmlmepriv->assoc_timer)){+.-.}-{0:0}: [ 363.139734] del_timer_sync+0x59/0x100 [ 363.139762] rtw_joinbss_event_prehandle+0x342/0x640 [r8723bs] [ 363.139870] report_join_res+0xdf/0x110 [r8723bs] [ 363.139980] OnAssocRsp+0x17a/0x200 [r8723bs] [ 363.140092] rtw_recv_entry+0x190/0x1120 [r8723bs] [ 363.140209] rtl8723b_process_phy_info+0x3f9/0x750 [r8723bs] [ 363.140318] tasklet_action_common.constprop.0+0xe8/0x110 [ 363.140345] __do_softirq+0xde/0x485 [ 363.140372] __irq_exit_rcu+0xd0/0x100 [ 363.140393] irq_exit_rcu+0xa/0x20 [ 363.140413] common_interrupt+0x83/0xa0 [ 363.140440] asm_common_interrupt+0x1e/0x40 [ 363.140463] finish_task_switch.isra.0+0x157/0x3d0 [ 363.140492] __schedule+0x447/0x1880 [ 363.140516] schedule+0x59/0xc0 [ 363.140537] smpboot_thread_fn+0x161/0x1c0 [ 363.140565] kthread+0x143/0x160 [ 363.140585] ret_from_fork+0x22/0x30 [ 363.140614] -> #1 (&pmlmepriv->scanned_queue.lock){+.-.}-{2:2}: [ 363.140653] _raw_spin_lock_bh+0x34/0x40 [ 363.140675] rtw_free_network_queue+0x31/0x80 [r8723bs] [ 363.140776] rtw_sitesurvey_cmd+0x79/0x1e0 [r8723bs] [ 363.140869] rtw_cfg80211_surveydone_event_callback+0x3cf/0x470 [r8723bs] [ 363.140973] rdev_scan+0x42/0x1a0 [cfg80211] [ 363.141307] nl80211_trigger_scan+0x566/0x660 [cfg80211] [ 363.141635] genl_family_rcv_msg_doit+0xcd/0x110 [ 363.141661] genl_rcv_msg+0xce/0x1c0 [ 363.141680] netlink_rcv_skb+0x50/0xf0 [ 363.141699] genl_rcv+0x24/0x40 [ 363.141717] netlink_unicast+0x16d/0x230 [ 363.141736] netlink_sendmsg+0x22b/0x450 [ 363.141755] sock_sendmsg+0x5e/0x60 [ 363.141781] ____sys_sendmsg+0x22f/0x270 [ 363.141803] ___sys_sendmsg+0x81/0xc0 [ 363.141828] __sys_sendmsg+0x49/0x80 [ 363.141851] do_syscall_64+0x3b/0x90 [ 363.141873] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 363.141895] -> #0 (&pmlmepriv->lock){+.-.}-{2:2}: [ 363.141930] __lock_acquire+0x1158/0x1de0 [ 363.141954] lock_acquire+0xb5/0x2b0 [ 363.141974] _raw_spin_lock_bh+0x34/0x40 [ 363.141993] _rtw_join_timeout_handler+0x3c/0x160 [r8723bs] [ 363.142097] call_timer_fn+0x94/0x260 [ 363.142122] __run_timers.part.0+0x1bf/0x290 [ 363.142147] run_timer_softirq+0x26/0x50 [ 363.142171] __do_softirq+0xde/0x485 [ 363.142193] __irq_exit_rcu+0xd0/0x100 [ 363.142215] irq_exit_rcu+0xa/0x20 [ 363.142235] sysvec_apic_timer_interrupt+0x72/0x90 [ 363.142260] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 363.142283] __module_address.part.0+0x0/0xd0 [ 363.142309] is_module_address+0x25/0x40 [ 363.142334] static_obj+0x4f/0x60 [ 363.142361] lockdep_init_map_type+0x47/0x220 [ 363.142382] __init_swait_queue_head+0x45/0x60 [ 363.142408] mmc_wait_for_req+0x4a/0xc0 [mmc_core] [ 363.142504] mmc_wait_for_cmd+0x55/0x70 [mmc_core] [ 363.142592] mmc_io_rw_direct+0x75/0xe0 [mmc_core] [ 363.142691] sdio_writeb+0x2e/0x50 [mmc_core] [ 363.142788] _sd_cmd52_write+0x62/0x80 [r8723bs] [ 363.142885] sd_cmd52_write+0x6c/0xb0 [r8723bs] [ 363.142981] rtl8723bs_set_hal_ops+0x982/0x9b0 [r8723bs] [ 363.143089] rtw_write16+0x1e/0x30 [r8723bs] [ 363.143184] SetHwReg8723B+0xcc9/0xd30 [r8723bs] [ 363.143294] mlmeext_joinbss_event_callback+0x17a/0x1a0 [r8723bs] [ 363.143405] rtw_joinbss_event_callback+0x11/0x20 [r8723bs] [ 363.143507] mlme_evt_hdl+0x4d/0x70 [r8723bs] [ 363.143620] rtw_cmd_thread+0x168/0x3c0 [r8723bs] [ 363.143712] kthread+0x143/0x160 [ 363.143732] ret_from_fork+0x22/0x30 [ 363.143757] other info that might help us debug this: [ 363.143768] Chain exists of: &pmlmepriv->lock --> &pmlmepriv->scanned_queue.lock --> (&pmlmepriv->assoc_timer) [ 363.143809] Possible unsafe locking scenario: [ 363.143819] CPU0 CPU1 [ 363.143831] ---- ---- [ 363.143841] lock((&pmlmepriv->assoc_timer)); [ 363.143862] lock(&pmlmepriv->scanned_queue.lock); [ 363.143882] lock((&pmlmepriv->assoc_timer)); [ 363.143902] lock(&pmlmepriv->lock); [ 363.143921] * DEADLOCK * Make rtw_joinbss_event_prehandle() release the scanned_queue.lock before it deletes the timer to avoid this (it is still holding pmlmepriv->lock protecting against racing the timer). Signed-off-by: Hans de Goede <hdegoede@redhat.com> Link: https://lore.kernel.org/r/20210920145502.155454-3-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2021-11-25 09:48:25 +01:00
..
accessibility
acpi	Revert "ACPI: scan: Release PM resources blocked by unused objects"	2021-11-21 13:44:14 +01:00
amba	ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"	2021-11-06 14:13:31 +01:00
android	binder: don't detect sender/target during buffer cleanup	2021-11-12 15:05:49 +01:00
ata	libata: fix checking of DMA state	2021-11-18 19:16:00 +01:00
atm
auxdisplay	auxdisplay: ht16k33: Fix frame buffer device blanking	2021-11-18 19:17:02 +01:00
base	PM: sleep: Avoid calling put_device() under dpm_list_mtx	2021-11-18 19:17:17 +01:00
bcma	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
block	loop: Use blk_validate_block_size() to validate block size	2021-11-21 13:44:13 +01:00
bluetooth	Bluetooth: btusb: Add support for TP-Link UB500 Adapter	2021-11-21 13:44:13 +01:00
bus	bus: ti-sysc: Use context lost quirk for otg	2021-11-25 09:48:25 +01:00
cdrom
char	ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()'	2021-11-18 19:16:44 +01:00
clk	clk: sunxi-ng: Unregister clocks/resets when unbinding	2021-11-25 09:48:23 +01:00
clocksource	clocksource/drivers/timer-ti-dm: Select TIMER_OF	2021-11-18 19:16:39 +01:00
comedi	comedi: vmk80xx: fix bulk and interrupt message timeouts	2021-11-12 15:05:51 +01:00
connector
counter
cpufreq	cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline	2021-11-18 19:17:08 +01:00
cpuidle	cpuidle: Fix kobject memory leaks in error paths	2021-11-18 19:16:29 +01:00
crypto	crypto: octeontx2 - set assoclen in aead_do_fallback()	2021-11-18 19:16:33 +01:00
cxl	cxl/pci: Fix NULL vs ERR_PTR confusion	2021-11-18 19:16:04 +01:00
dax	libnvdimm for v5.15	2021-09-09 11:39:57 -07:00
dca
devfreq	devfreq: use HZ macros	2021-09-08 11:50:26 -07:00
dio
dma	dmaengine: bestcomm: fix system boot lockups	2021-11-18 19:17:16 +01:00
dma-buf	dma-buf: WARN on dmabuf release with pending attachments	2021-11-18 19:16:08 +01:00
edac	EDAC/amd64: Handle three rank interleaving mode	2021-11-18 19:16:30 +01:00
eisa
extcon
firewire	FireWire (IEEE 1394) subsystem updates:	2021-09-11 09:47:33 -07:00
firmware	firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available()	2021-11-18 19:16:55 +01:00
fpga	fpga: ice40-spi: Add SPI device ID table	2021-09-27 14:00:41 -07:00
fsi
gnss
gpio	gpio: realtek-otto: fix GPIO line IRQ offset	2021-11-18 19:17:04 +01:00
gpu	Revert "drm: fb_helper: fix CONFIG_FB dependency"	2021-11-21 13:44:12 +01:00
greybus
hid	HID: u2fzero: properly handle timeouts in usb_submit_urb	2021-11-18 19:16:56 +01:00
hsi
hv	hyperv-fixes for 5.15	2021-10-22 10:31:32 -10:00
hwmon	hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff	2021-11-18 19:16:32 +01:00
hwspinlock
hwtracing	coresight: trbe: Defer the probe on offline CPUs	2021-11-18 19:16:06 +01:00
i2c	i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'	2021-11-18 19:17:04 +01:00
i3c
idle
iio	iio: adis: do not disabe IRQs in 'adis_init()'	2021-11-18 19:16:54 +01:00
infiniband	RDMA/bnxt_re: Check if the vlan is valid before reporting	2021-11-25 09:48:24 +01:00
input	Input: st1232 - increase "wait ready" timeout	2021-11-18 19:17:01 +01:00
interconnect	interconnect: qcom: sdm660: Add missing a2noc qos clocks	2021-09-13 15:49:55 +03:00
iommu	iommu/dma: Fix incorrect error return on iommu deferred attach	2021-11-18 19:16:57 +01:00
ipack	ipack: ipoctal: fix module reference leak	2021-09-27 17:38:49 +02:00
irqchip	irqchip/sifive-plic: Fixup EOI failed when masked	2021-11-18 19:17:14 +01:00
isdn	mISDN: Fix return values of the probe function	2021-10-19 13:09:28 +01:00
leds	leds: pca955x: Switch to i2c probe_new	2021-08-20 11:00:08 +02:00
macintosh	memblock: introduce saner 'memblock_free_ptr()' interface	2021-09-14 13:23:22 -07:00
mailbox	mailbox: mtk-cmdq: Fix local clock ID usage	2021-11-18 19:16:35 +01:00
mcb	mcb: fix error handling in mcb_alloc_bus()	2021-09-14 11:22:26 +02:00
md	bcache: Revert "bcache: use bvec_virt"	2021-11-18 19:17:17 +01:00
media	media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference	2021-11-18 19:17:21 +01:00
memory	memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe	2021-11-18 19:16:51 +01:00
memstick	memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()	2021-11-18 19:16:32 +01:00
message
mfd	mfd: dln2: Add cell for initializing DLN2 ADC	2021-11-18 19:17:17 +01:00
misc	eeprom: 93xx46: fix MODULE_DEVICE_TABLE	2021-10-15 10:54:02 +02:00
mmc	mmc: moxart: Fix null pointer dereference on pointer host	2021-11-18 19:17:20 +01:00
most	most: fix control-message timeouts	2021-11-18 19:16:08 +01:00
mtd	mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines	2021-11-18 19:17:19 +01:00
mux
net	ath10k: fix invalid dma_addr_t token assignment	2021-11-18 19:17:20 +01:00
nfc	nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails	2021-11-18 19:17:10 +01:00
ntb	Bug fixes and clean-ups for Linux v5.15	2021-09-07 13:05:02 -07:00
nubus
nvdimm	nvdimm/pmem: cleanup the disk if pmem_release_disk() is yet assigned	2021-11-18 19:17:07 +01:00
nvme	nvme-rdma: fix error code in nvme_rdma_setup_ctrl	2021-11-18 19:16:38 +01:00
nvmem	nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells	2021-10-13 15:09:58 +02:00
of	of: unittest: fix EXPECT text for gpio hog errors	2021-11-18 19:16:45 +01:00
opp	opp: Fix return in _opp_add_static_v2()	2021-11-18 19:17:00 +01:00
parisc	parisc: Move pci_dev_is_behind_card_dino to where it is used	2021-09-09 12:44:31 +02:00
parport	parisc architecture updates for kernel 5.15:	2021-09-02 13:16:00 -07:00
pci	PCI: Add MSI masking quirk for Nvidia ION AHCI	2021-11-21 13:44:14 +01:00
pcmcia
perf	KVM: arm64: Fix PMU probe ordering	2021-09-20 12:43:34 +01:00
phy	phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe()	2021-11-18 19:16:56 +01:00
pinctrl	pinctrl: equilibrium: Fix function addition in multiple groups	2021-11-18 19:16:55 +01:00
platform	platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning	2021-11-18 19:16:34 +01:00
pnp
power	power: supply: bq27xxx: Fix kernel crash on IRQ handler register error	2021-11-18 19:16:58 +01:00
powercap	powercap: Add Power Limit4 support for Alder Lake SoC	2021-08-25 20:12:16 +02:00
pps
ps3
ptp	ptp: free 'vclock_index' in ptp_clock_release()	2021-10-21 12:50:38 +01:00
pwm	pwm: mtk-disp: Implement atomic API .get_state()	2021-09-02 22:27:46 +02:00
rapidio
ras
regulator	regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled	2021-11-18 19:15:57 +01:00
remoteproc	remoteproc: imx_rproc: Fix rsc-table name	2021-11-18 19:17:18 +01:00
reset	reset: socfpga: add empty driver allowing consumers to probe	2021-10-05 12:23:16 +02:00
rpmsg
rtc	rtc: rv3032: fix error handling in rv3032_clkout_set_rate()	2021-11-18 19:17:01 +01:00
s390	s390/cio: make ccw_device_dma_* more robust	2021-11-18 19:17:18 +01:00
sbus
scsi	scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()	2021-11-25 09:48:24 +01:00
sh
siox
slimbus	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
soc	soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read	2021-11-18 19:17:02 +01:00
soundwire	soundwire: bus: stop dereferencing invalid slave pointer	2021-11-18 19:16:54 +01:00
spi	spi: spi-rpc-if: Check return value of rpcif_sw_init()	2021-11-18 19:16:42 +01:00
spmi
ssb
staging	staging: rtl8723bs: remove a third possible deadlock	2021-11-25 09:48:25 +01:00
target	scsi: target: core: Remove from tmr_list during LUN unlink	2021-11-18 19:17:03 +01:00
tc
tee	tee: optee: Fix missing devices unregister during optee_remove	2021-10-12 13:24:39 +02:00
thermal	thermal: Fix NULL pointer dereferences in of_thermal_ functions	2021-11-21 13:44:14 +01:00
thunderbolt	thunderbolt: build kunit tests without structleak plugin	2021-10-06 17:53:49 -06:00
tty	serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE	2021-11-18 19:16:57 +01:00
uio
usb	usb: typec: tipd: Remove WARN_ON in tps6598x_block_read	2021-11-25 09:48:25 +01:00
vdpa	vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit	2021-11-18 19:16:58 +01:00
vfio	vfio/pci: add missing identifier name in argument of function prototype	2021-09-23 14:12:36 -06:00
vhost	virtio,vdpa: fixes	2021-10-17 18:17:19 -10:00
video	video: backlight: Drop maximum brightness override for brightness zero	2021-11-18 19:17:17 +01:00
virt
virtio	virtio_ring: check desc == NULL when using indirect with packed	2021-11-18 19:16:58 +01:00
visorbus
vlynq
vme
w1
watchdog	ar7: fix kernel builds for compiler test	2021-11-18 19:17:03 +01:00
xen	xen-pciback: Fix return in pm_ctrl_init()	2021-11-18 19:17:05 +01:00
zorro
Kconfig	firmware: include drivers/firmware/Kconfig unconditionally	2021-10-07 16:51:26 +02:00
Makefile	remove the lightnvm subsystem	2021-08-14 15:54:09 -06:00