1 files changed, 144 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.22/0022-cfg80211-fix-potential-deadlock-in-regulatory.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.22/0022-cfg80211-fix-potential-deadlock-in-regulatory.patch
new file mode 100644
index 00000000..fe1bc4b2
--- /dev/null
+++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.22/0022-cfg80211-fix-potential-deadlock-in-regulatory.patch
@@ -0,0 +1,144 @@
+From 76f7c2172698cade04f33c7f8841b641c95ddeda Mon Sep 17 00:00:00 2001
+From: Eliad Peller <eliad@wizery.com>
+Date: Tue, 12 Jun 2012 12:53:13 +0300
+Subject: [PATCH 22/46] cfg80211: fix potential deadlock in regulatory
+commit fe20b39ec32e975f1054c0b7866c873a954adf05 upstream.
+reg_timeout_work() calls restore_regulatory_settings() which
+takes cfg80211_mutex.
+reg_set_request_processed() already holds cfg80211_mutex
+before calling cancel_delayed_work_sync(reg_timeout),
+so it might deadlock.
+Call the async cancel_delayed_work instead, in order
+to avoid the potential deadlock.
+This is the relevant lockdep warning:
+cfg80211: Calling CRDA for country: XX
+======================================================
+[ INFO: possible circular locking dependency detected ]
+3.4.0-rc5-wl+ #26 Not tainted
+-------------------------------------------------------
+kworker/0:2/1391 is trying to acquire lock:
+ (cfg80211_mutex){+.+.+.}, at: [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
+but task is already holding lock:
+ ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
+which lock already depends on the new lock.
+the existing dependency chain (in reverse order) is:
+-> #2 ((reg_timeout).work){+.+...}:
+       [<c008fd44>] validate_chain+0xb94/0x10f0
+       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
+       [<c0090d40>] lock_acquire+0xf0/0x114
+       [<c005b600>] wait_on_work+0x4c/0x154
+       [<c005c000>] __cancel_work_timer+0xd4/0x11c
+       [<c005c064>] cancel_delayed_work_sync+0x1c/0x20
+       [<bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
+       [<bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
+       [<bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
+       [<c03c7738>] genl_rcv_msg+0x1a8/0x1e8
+       [<c03c6a00>] netlink_rcv_skb+0x5c/0xc0
+       [<c03c7584>] genl_rcv+0x28/0x34
+       [<c03c6720>] netlink_unicast+0x15c/0x228
+       [<c03c6c7c>] netlink_sendmsg+0x218/0x298
+       [<c03933c8>] sock_sendmsg+0xa4/0xc0
+       [<c039406c>] __sys_sendmsg+0x1e4/0x268
+       [<c0394228>] sys_sendmsg+0x4c/0x70
+       [<c0013840>] ret_fast_syscall+0x0/0x3c
+-> #1 (reg_mutex){+.+.+.}:
+       [<c008fd44>] validate_chain+0xb94/0x10f0
+       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
+       [<c0090d40>] lock_acquire+0xf0/0x114
+       [<c04734dc>] mutex_lock_nested+0x48/0x320
+       [<bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
+       [<c0059f44>] process_one_work+0x2a0/0x480
+       [<c005a4b4>] worker_thread+0x1bc/0x2bc
+       [<c0061148>] kthread+0x98/0xa4
+       [<c0014af4>] kernel_thread_exit+0x0/0x8
+-> #0 (cfg80211_mutex){+.+.+.}:
+       [<c008ed58>] print_circular_bug+0x68/0x2cc
+       [<c008fb28>] validate_chain+0x978/0x10f0
+       [<c0090b68>] __lock_acquire+0x8c8/0x9b0
+       [<c0090d40>] lock_acquire+0xf0/0x114
+       [<c04734dc>] mutex_lock_nested+0x48/0x320
+       [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
+       [<bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
+       [<c0059f44>] process_one_work+0x2a0/0x480
+       [<c005a4b4>] worker_thread+0x1bc/0x2bc
+       [<c0061148>] kthread+0x98/0xa4
+       [<c0014af4>] kernel_thread_exit+0x0/0x8
+other info that might help us debug this:
+Chain exists of:
+  cfg80211_mutex --> reg_mutex --> (reg_timeout).work
+ Possible unsafe locking scenario:
+       CPU0                    CPU1
+       ----                    ----
+  lock((reg_timeout).work);
+                               lock(reg_mutex);
+                               lock((reg_timeout).work);
+  lock(cfg80211_mutex);
+ *** DEADLOCK ***
+2 locks held by kworker/0:2/1391:
+ #0:  (events){.+.+.+}, at: [<c0059e94>] process_one_work+0x1f0/0x480
+ #1:  ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
+stack backtrace:
+[<c001b928>] (unwind_backtrace+0x0/0x12c) from [<c0471d3c>] (dump_stack+0x20/0x24)
+[<c0471d3c>] (dump_stack+0x20/0x24) from [<c008ef70>] (print_circular_bug+0x280/0x2cc)
+[<c008ef70>] (print_circular_bug+0x280/0x2cc) from [<c008fb28>] (validate_chain+0x978/0x10f0)
+[<c008fb28>] (validate_chain+0x978/0x10f0) from [<c0090b68>] (__lock_acquire+0x8c8/0x9b0)
+[<c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<c0090d40>] (lock_acquire+0xf0/0x114)
+[<c0090d40>] (lock_acquire+0xf0/0x114) from [<c04734dc>] (mutex_lock_nested+0x48/0x320)
+[<c04734dc>] (mutex_lock_nested+0x48/0x320) from [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
+[<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
+[<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<c0059f44>] (process_one_work+0x2a0/0x480)
+[<c0059f44>] (process_one_work+0x2a0/0x480) from [<c005a4b4>] (worker_thread+0x1bc/0x2bc)
+[<c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<c0061148>] (kthread+0x98/0xa4)
+[<c0061148>] (kthread+0x98/0xa4) from [<c0014af4>] (kernel_thread_exit+0x0/0x8)
+cfg80211: Calling CRDA to update world regulatory domain
+cfg80211: World regulatory domain updated:
+cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
+cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
+cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
+cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
+cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
+cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
+Signed-off-by: Eliad Peller <eliad@wizery.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ net/wireless/reg.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/net/wireless/reg.c b/net/wireless/reg.c
+index c1c99dd..d57d05b 100644
+--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
+@@ -1369,7 +1369,7 @@ static void reg_set_request_processed(void)
+        spin_unlock(&reg_requests_lock);
+ 
+        if (last_request->initiator == NL80211_REGDOM_SET_BY_USER)
+-               cancel_delayed_work_sync(&reg_timeout);
+               cancel_delayed_work(&reg_timeout);
+ 
+        if (need_more_processing)
+                schedule_work(&reg_work);
+-- 
+1.7.10

diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.22/0022-cfg80211-fix-potential-deadlock-in-regulatory.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.22/0022-cfg80211-fix-potential-deadlock-in-regulatory.patch new file mode 100644 index 00000000..fe1bc4b2 --- /dev/null +++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.22/0022-cfg80211-fix-potential-deadlock-in-regulatory.patch
@@ -0,0 +1,144 @@
	1	From 76f7c2172698cade04f33c7f8841b641c95ddeda Mon Sep 17 00:00:00 2001
	2	From: Eliad Peller <eliad@wizery.com>
	3	Date: Tue, 12 Jun 2012 12:53:13 +0300
	4	Subject: [PATCH 22/46] cfg80211: fix potential deadlock in regulatory
	5
	6	commit fe20b39ec32e975f1054c0b7866c873a954adf05 upstream.
	7
	8	reg_timeout_work() calls restore_regulatory_settings() which
	9	takes cfg80211_mutex.
	10
	11	reg_set_request_processed() already holds cfg80211_mutex
	12	before calling cancel_delayed_work_sync(reg_timeout),
	13	so it might deadlock.
	14
	15	Call the async cancel_delayed_work instead, in order
	16	to avoid the potential deadlock.
	17
	18	This is the relevant lockdep warning:
	19
	20	cfg80211: Calling CRDA for country: XX
	21
	22	======================================================
	23	[ INFO: possible circular locking dependency detected ]
	24	3.4.0-rc5-wl+ #26 Not tainted
	25	-------------------------------------------------------
	26	kworker/0:2/1391 is trying to acquire lock:
	27	(cfg80211_mutex){+.+.+.}, at: [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
	28
	29	but task is already holding lock:
	30	((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
	31
	32	which lock already depends on the new lock.
	33
	34	the existing dependency chain (in reverse order) is:
	35
	36	-> #2 ((reg_timeout).work){+.+...}:
	37	[<c008fd44>] validate_chain+0xb94/0x10f0
	38	[<c0090b68>] __lock_acquire+0x8c8/0x9b0
	39	[<c0090d40>] lock_acquire+0xf0/0x114
	40	[<c005b600>] wait_on_work+0x4c/0x154
	41	[<c005c000>] __cancel_work_timer+0xd4/0x11c
	42	[<c005c064>] cancel_delayed_work_sync+0x1c/0x20
	43	[<bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
	44	[<bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
	45	[<bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
	46	[<c03c7738>] genl_rcv_msg+0x1a8/0x1e8
	47	[<c03c6a00>] netlink_rcv_skb+0x5c/0xc0
	48	[<c03c7584>] genl_rcv+0x28/0x34
	49	[<c03c6720>] netlink_unicast+0x15c/0x228
	50	[<c03c6c7c>] netlink_sendmsg+0x218/0x298
	51	[<c03933c8>] sock_sendmsg+0xa4/0xc0
	52	[<c039406c>] __sys_sendmsg+0x1e4/0x268
	53	[<c0394228>] sys_sendmsg+0x4c/0x70
	54	[<c0013840>] ret_fast_syscall+0x0/0x3c
	55
	56	-> #1 (reg_mutex){+.+.+.}:
	57	[<c008fd44>] validate_chain+0xb94/0x10f0
	58	[<c0090b68>] __lock_acquire+0x8c8/0x9b0
	59	[<c0090d40>] lock_acquire+0xf0/0x114
	60	[<c04734dc>] mutex_lock_nested+0x48/0x320
	61	[<bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
	62	[<c0059f44>] process_one_work+0x2a0/0x480
	63	[<c005a4b4>] worker_thread+0x1bc/0x2bc
	64	[<c0061148>] kthread+0x98/0xa4
	65	[<c0014af4>] kernel_thread_exit+0x0/0x8
	66
	67	-> #0 (cfg80211_mutex){+.+.+.}:
	68	[<c008ed58>] print_circular_bug+0x68/0x2cc
	69	[<c008fb28>] validate_chain+0x978/0x10f0
	70	[<c0090b68>] __lock_acquire+0x8c8/0x9b0
	71	[<c0090d40>] lock_acquire+0xf0/0x114
	72	[<c04734dc>] mutex_lock_nested+0x48/0x320
	73	[<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
	74	[<bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
	75	[<c0059f44>] process_one_work+0x2a0/0x480
	76	[<c005a4b4>] worker_thread+0x1bc/0x2bc
	77	[<c0061148>] kthread+0x98/0xa4
	78	[<c0014af4>] kernel_thread_exit+0x0/0x8
	79
	80	other info that might help us debug this:
	81
	82	Chain exists of:
	83	cfg80211_mutex --> reg_mutex --> (reg_timeout).work
	84
	85	Possible unsafe locking scenario:
	86
	87	CPU0 CPU1
	88	---- ----
	89	lock((reg_timeout).work);
	90	lock(reg_mutex);
	91	lock((reg_timeout).work);
	92	lock(cfg80211_mutex);
	93
	94	* DEADLOCK *
	95
	96	2 locks held by kworker/0:2/1391:
	97	#0: (events){.+.+.+}, at: [<c0059e94>] process_one_work+0x1f0/0x480
	98	#1: ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
	99
	100	stack backtrace:
	101	[<c001b928>] (unwind_backtrace+0x0/0x12c) from [<c0471d3c>] (dump_stack+0x20/0x24)
	102	[<c0471d3c>] (dump_stack+0x20/0x24) from [<c008ef70>] (print_circular_bug+0x280/0x2cc)
	103	[<c008ef70>] (print_circular_bug+0x280/0x2cc) from [<c008fb28>] (validate_chain+0x978/0x10f0)
	104	[<c008fb28>] (validate_chain+0x978/0x10f0) from [<c0090b68>] (__lock_acquire+0x8c8/0x9b0)
	105	[<c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<c0090d40>] (lock_acquire+0xf0/0x114)
	106	[<c0090d40>] (lock_acquire+0xf0/0x114) from [<c04734dc>] (mutex_lock_nested+0x48/0x320)
	107	[<c04734dc>] (mutex_lock_nested+0x48/0x320) from [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
	108	[<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
	109	[<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<c0059f44>] (process_one_work+0x2a0/0x480)
	110	[<c0059f44>] (process_one_work+0x2a0/0x480) from [<c005a4b4>] (worker_thread+0x1bc/0x2bc)
	111	[<c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<c0061148>] (kthread+0x98/0xa4)
	112	[<c0061148>] (kthread+0x98/0xa4) from [<c0014af4>] (kernel_thread_exit+0x0/0x8)
	113	cfg80211: Calling CRDA to update world regulatory domain
	114	cfg80211: World regulatory domain updated:
	115	cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
	116	cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
	117	cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
	118	cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
	119	cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
	120	cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
	121
	122	Signed-off-by: Eliad Peller <eliad@wizery.com>
	123	Signed-off-by: Johannes Berg <johannes.berg@intel.com>
	124	Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
	125	---
	126	net/wireless/reg.c \| 2 +-
	127	1 file changed, 1 insertion(+), 1 deletion(-)
	128
	129	diff --git a/net/wireless/reg.c b/net/wireless/reg.c
	130	index c1c99dd..d57d05b 100644
	131	--- a/net/wireless/reg.c
	132	+++ b/net/wireless/reg.c
	133	@@ -1369,7 +1369,7 @@ static void reg_set_request_processed(void)
	134	spin_unlock(&reg_requests_lock);
	135
	136	if (last_request->initiator == NL80211_REGDOM_SET_BY_USER)
	137	- cancel_delayed_work_sync(&reg_timeout);
	138	+ cancel_delayed_work(&reg_timeout);
	139
	140	if (need_more_processing)
	141	schedule_work(&reg_work);
	142	--
	143	1.7.10
	144