[kernel/f15] iwl{wifi, legacy}: Fix warnings on remove interface from Stanislaw Gruszka (rhbz 770467)

Josh Boyer jwboyer at fedoraproject.org
Tue Apr 3 17:58:01 UTC 2012 

commit 99bedf074aaf1fb4e71643a84cbeb884edb9e0e4
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Wed Mar 28 11:56:33 2012 -0400

    iwl{wifi,legacy}: Fix warnings on remove interface from Stanislaw Gruszka
      (rhbz 770467)

 iwlegacy-do-not-nulify-il-vif-on-reset.patch |   77 ++++++++++++++++++++++++++
 iwlwifi-do-not-nulify-ctx-vif-on-reset.patch |   66 ++++++++++++++++++++++
 kernel.spec                                  |   12 ++++
 3 files changed, 155 insertions(+), 0 deletions(-)
---
diff --git a/iwlegacy-do-not-nulify-il-vif-on-reset.patch b/iwlegacy-do-not-nulify-il-vif-on-reset.patch
new file mode 100644
index 0000000..d1913d7
--- /dev/null
+++ b/iwlegacy-do-not-nulify-il-vif-on-reset.patch
@@ -0,0 +1,77 @@
+This il->vif is dereferenced in different part of iwlegacy code, so do
+not nullify it. This should fix random crashes observed in companion
+with microcode errors i.e. crash in il3945_config_ap().
+
+Additionally this should address also
+WARNING: at drivers/net/wireless/iwlegacy/common.c:4656 il_mac_remove_interface
+at least one of the possible reasons of that warning.
+
+Cc: stable at vger.kernel.org
+Signed-off-by: Stanislaw Gruszka <sgruszka at redhat.com>
+---
+ drivers/net/wireless/iwlegacy/3945-mac.c |    2 --
+ drivers/net/wireless/iwlegacy/4965-mac.c |    2 --
+ drivers/net/wireless/iwlegacy/common.c   |   15 ++++++++++++---
+ 3 files changed, 12 insertions(+), 7 deletions(-)
+
+--- linux-3.3.noarch.orig/drivers/net/wireless/iwlegacy/3945-mac.c
++++ linux-3.3.noarch/drivers/net/wireless/iwlegacy/3945-mac.c
+@@ -2684,7 +2684,6 @@ il3945_bg_restart(struct work_struct *da
+ 
+ 	if (test_and_clear_bit(S_FW_ERROR, &il->status)) {
+ 		mutex_lock(&il->mutex);
+-		il->ctx.vif = NULL;
+ 		il->is_open = 0;
+ 		mutex_unlock(&il->mutex);
+ 		il3945_down(il);
+--- linux-3.3.noarch.orig/drivers/net/wireless/iwlegacy/4965-mac.c
++++ linux-3.3.noarch/drivers/net/wireless/iwlegacy/4965-mac.c
+@@ -5381,7 +5381,6 @@ il4965_bg_restart(struct work_struct *da
+ 
+ 	if (test_and_clear_bit(S_FW_ERROR, &il->status)) {
+ 		mutex_lock(&il->mutex);
+-		il->ctx.vif = NULL;
+ 		il->is_open = 0;
+ 
+ 		__il4965_down(il);
+--- linux-3.3.noarch.orig/drivers/net/wireless/iwlegacy/common.c
++++ linux-3.3.noarch/drivers/net/wireless/iwlegacy/common.c
+@@ -4575,6 +4575,7 @@ il_mac_add_interface(struct ieee80211_hw
+ 	struct il_priv *il = hw->priv;
+ 	struct il_vif_priv *vif_priv = (void *)vif->drv_priv;
+ 	int err;
++	bool reset;
+ 	u32 modes;
+ 
+ 	D_MAC80211("enter: type %d, addr %pM\n", vif->type, vif->addr);
+@@ -4594,6 +4595,16 @@ il_mac_add_interface(struct ieee80211_hw
+ 		goto out;
+ 	}
+ 
++	/*
++	 * We do not support multiple virtual interfaces, but on hardware reset
++	 * we have to add the same interface again.
++	 */
++	reset = (il->ctx.vif == vif);
++	if (il->ctx.vif && !reset) {
++		err = -EOPNOTSUPP;
++		goto out;
++	}
++
+ 	modes = il->ctx.interface_modes | il->ctx.exclusive_interface_modes;
+ 	if (!(modes & BIT(vif->type))) {
+ 		err = -EOPNOTSUPP;
+@@ -4605,8 +4616,11 @@ il_mac_add_interface(struct ieee80211_hw
+ 
+ 	err = il_setup_interface(il, &il->ctx);
+ 	if (err) {
+-		il->ctx.vif = NULL;
+-		il->iw_mode = NL80211_IFTYPE_STATION;
++		IL_WARN("Fail to set mode %d\n", vif->type);
++		if (!reset) {
++			il->ctx.vif = NULL;
++			il->iw_mode = NL80211_IFTYPE_STATION;
++		}
+ 	}
+ 
+ out:
diff --git a/iwlwifi-do-not-nulify-ctx-vif-on-reset.patch b/iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
new file mode 100644
index 0000000..e03f2d3
--- /dev/null
+++ b/iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
@@ -0,0 +1,66 @@
+ctx->vif is dereferenced in different part of iwlwifi code, so do not
+nullify it.
+
+This should address at least one of the possible reasons of WARNING at
+iwlagn_mac_remove_interface, and perhaps some random crashes when
+firmware reset is performed.
+
+Cc: stable at vger.kernel.org
+Signed-off-by: Stanislaw Gruszka <sgruszka at redhat.com>
+---
+ drivers/net/wireless/iwlwifi/iwl-agn.c      |    3 ---
+ drivers/net/wireless/iwlwifi/iwl-mac80211.c |   10 +++++++++-
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+--- linux-3.3.noarch.orig/drivers/net/wireless/iwlwifi/iwl-agn.c
++++ linux-3.3.noarch/drivers/net/wireless/iwlwifi/iwl-agn.c
+@@ -1403,7 +1403,6 @@ static void iwl_bg_run_time_calib_work(s
+ 
+ void iwlagn_prepare_restart(struct iwl_priv *priv)
+ {
+-	struct iwl_rxon_context *ctx;
+ 	bool bt_full_concurrent;
+ 	u8 bt_ci_compliance;
+ 	u8 bt_load;
+@@ -1412,8 +1411,6 @@ void iwlagn_prepare_restart(struct iwl_p
+ 
+ 	lockdep_assert_held(&priv->shrd->mutex);
+ 
+-	for_each_context(priv, ctx)
+-		ctx->vif = NULL;
+ 	priv->is_open = 0;
+ 
+ 	/*
+--- linux-3.3.noarch.orig/drivers/net/wireless/iwlwifi/iwl-mac80211.c
++++ linux-3.3.noarch/drivers/net/wireless/iwlwifi/iwl-mac80211.c
+@@ -1226,6 +1226,7 @@ static int iwlagn_mac_add_interface(stru
+ 	struct iwl_rxon_context *tmp, *ctx = NULL;
+ 	int err;
+ 	enum nl80211_iftype viftype = ieee80211_vif_type_p2p(vif);
++	bool reset = false;
+ 
+ 	IWL_DEBUG_MAC80211(priv, "enter: type %d, addr %pM\n",
+ 			   viftype, vif->addr);
+@@ -1247,6 +1248,13 @@ static int iwlagn_mac_add_interface(stru
+ 			tmp->interface_modes | tmp->exclusive_interface_modes;
+ 
+ 		if (tmp->vif) {
++			/* On reset we need to add the same interface again */
++			if (tmp->vif == vif) {
++				reset = true;
++				ctx = tmp;
++				break;
++			}
++
+ 			/* check if this busy context is exclusive */
+ 			if (tmp->exclusive_interface_modes &
+ 						BIT(tmp->vif->type)) {
+@@ -1273,7 +1281,7 @@ static int iwlagn_mac_add_interface(stru
+ 	ctx->vif = vif;
+ 
+ 	err = iwl_setup_interface(priv, ctx);
+-	if (!err)
++	if (!err || reset)
+ 		goto out;
+ 
+ 	ctx->vif = NULL;
diff --git a/kernel.spec b/kernel.spec
index ef609f9..886cf56 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -691,6 +691,10 @@ Patch21305: mac80211-fix-possible-tid_rx-reorder_timer-use-after-free.patch
 #rhbz 804957 CVE-2012-1568
 Patch21306: shlib_base_randomize.patch
 
+#rhbz 770476
+Patch21370: iwlegacy-do-not-nulify-il-vif-on-reset.patch
+Patch21371: iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
+
 Patch21501: nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
 
 #rhbz 808207 CVE-2012-1601
@@ -1286,6 +1290,10 @@ ApplyPatch nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
 #rhbz 808207 CVE-2012-1601
 ApplyPatch KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-i.patch
 
+#rhbz 770476
+ApplyPatch iwlegacy-do-not-nulify-il-vif-on-reset.patch
+ApplyPatch iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -1933,6 +1941,10 @@ fi
 # and build.
 
 %changelog
+* Tue Apr 03 2012 Josh Boyer <jwboyer at redhat.com>
+- iwl{wifi,legacy}: Fix warnings on remove interface from Stanislaw Gruszka
+  (rhbz 770467)
+
 * Tue Apr 03 2012 Dave Jones <davej at redhat.com> 2.6.43.1-2
 - Disable CONFIG_DEBUG_PAGEALLOC in -debug builds again.

More information about the scm-commits mailing list