[PATCH] UBUNTU: SAUCE: iwl3945: Don't queue rfkill_poll work when module is exiting

Tim Gardner tim.gardner at canonical.com
Tue Mar 24 13:22:39 UTC 2009 

TJ wrote:
> Bug: #345710
> 
> When the wireless interface is active and the iwl3945 module is unloaded the
> call to ieee80211_unregister_hw() would call iwl3945_mac_stop() which would
> restart the delayed workqueue for rfkill_poll. That workqueue had already been
> cancelled so when the next work item was run (2 seconds later) the system would
> suffer a hard lock-up because the module had been unloaded by then.
> 
> This patch implements STATUS_EXIT_PENDING checks in places where the rfkill_poll
> work is scheduled, and moves the final workqueue cancellation to occur after the
> call to ieee80211_unregister_hw().
> 
> Bug discovered, experienced and fix tested on my PC.
> 
> Signed-off-by: TJ <ubuntu at tjworld.net>
> ---
>  drivers/net/wireless/iwlwifi/iwl3945-base.c |   16 +++++++++++++---
>  1 files changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/wireless/iwlwifi/iwl3945-base.c b/drivers/net/wireless/iwlwifi/iwl3945-base.c
> index bb92db2..acaf038 100644
> --- a/drivers/net/wireless/iwlwifi/iwl3945-base.c
> +++ b/drivers/net/wireless/iwlwifi/iwl3945-base.c
> @@ -6062,7 +6062,9 @@ static void iwl3945_rfkill_poll(struct work_struct *data)
>  	if (test_bit(STATUS_RF_KILL_HW, &status) != test_bit(STATUS_RF_KILL_HW, &priv->status))
>  	   queue_work(priv->workqueue, &priv->rf_kill);
>  
> -	queue_delayed_work(priv->workqueue, &priv->rfkill_poll,
> +	/* only queue if module isn't exiting */
> +	if (! test_bit(STATUS_EXIT_PENDING, &priv->status))
> +		queue_delayed_work(priv->workqueue, &priv->rfkill_poll,
>  						   round_jiffies_relative(2 * HZ));
>  
>  }
> @@ -6588,7 +6590,10 @@ static void iwl3945_mac_stop(struct ieee80211_hw *hw)
>  	flush_workqueue(priv->workqueue);
>  
>  	/* start polling the killswitch state again */
> -	queue_delayed_work(priv->workqueue, &priv->rfkill_poll,
> +
> +	/* only queue if module isn't exiting */
> +	if (! test_bit(STATUS_EXIT_PENDING, &priv->status))
> +		queue_delayed_work(priv->workqueue, &priv->rfkill_poll,
>  						   round_jiffies_relative(2 * HZ));
>  
>  	IWL_DEBUG_MAC80211("leave\n");
> @@ -8166,7 +8171,6 @@ static void __devexit iwl3945_pci_remove(struct pci_dev *pdev)
>  	sysfs_remove_group(&pdev->dev.kobj, &iwl3945_attribute_group);
>  
>  	iwl3945_rfkill_unregister(priv);
> -	cancel_delayed_work(&priv->rfkill_poll);
>  	iwl3945_dealloc_ucode_pci(priv);
>  
>  	if (priv->rxq.bd)
> @@ -8182,6 +8186,12 @@ static void __devexit iwl3945_pci_remove(struct pci_dev *pdev)
>  	/*netif_stop_queue(dev); */
>  	flush_workqueue(priv->workqueue);
>  
> +	/* ieee80211_unregister_hw calls iwl3945_mac_stop which used to restart the rfkill
> +	   polling. Although that now checks STATUS_EXIT_PENDING do cancel and wait for any
> +	   pending work to complete */
> +	cancel_delayed_work(&priv->rfkill_poll);
> +	cancel_work_sync(&priv->rfkill_poll);
> +
>  	/* ieee80211_unregister_hw calls iwl3945_mac_stop, which flushes
>  	 * priv->workqueue... so we can't take down the workqueue
>  	 * until now... */

How about running this by Reinette Chatre <reinette.chatre at intel.com>
and linux-wireless at vger.kernel.org ? It looks suitable for a stable
updates backport. Lots of folks have issues with rfkill.

rtg
-- 
Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list