rtl8187: Fix lockups due to concurrent access to config routine

Some users of the RTL8187B have experienced difficulties since commit
49292d56352a6ab90d04c3448dd8b6106dfef2d6 that introduced the power
management wext hooks. This difficulty has not made much sense until
it was realized that it was possible for mac80211 to make a call to the
config routine while that routine was already being executed. On this
device, it is necessary to loopback the TX when changing channels. Unless
this is properly restored, the device will lockup. A mutex now protects
the device state, and the private data in several places.

The problem was found by Herton Ronaldo Krzesinski <herton@mandriva.com.br>,
who also suggested this type of fix.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
Acked-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/drivers/net/wireless/rtl8187.h b/drivers/net/wireless/rtl8187.h
index 1b0d750..5a9515c 100644 (file)
--- a/drivers/net/wireless/rtl8187.h
+++ b/drivers/net/wireless/rtl8187.h
@@ -94,6 +94,10 @@ struct rtl8187_priv {
        const struct rtl818x_rf_ops *rf;
        struct ieee80211_vif *vif;
        int mode;
+       /* The mutex protects the TX loopback state.
+        * Any attempt to set channels concurrently locks the device.
+        */
+       struct mutex conf_mutex;
 
        /* rtl8187 specific */
        struct ieee80211_channel channels[14];

diff --git a/drivers/net/wireless/rtl8187_dev.c b/drivers/net/wireless/rtl8187_dev.c
index 461aa26..57376fb 100644 (file)
--- a/drivers/net/wireless/rtl8187_dev.c
+++ b/drivers/net/wireless/rtl8187_dev.c
@@ -728,6 +728,7 @@ static int rtl8187_start(struct ieee80211_hw *dev)
        if (ret)
                return ret;
 
+       mutex_lock(&priv->conf_mutex);
        if (priv->is_rtl8187b) {
                reg = RTL818X_RX_CONF_MGMT |
                      RTL818X_RX_CONF_DATA |
@@ -749,6 +750,7 @@ static int rtl8187_start(struct ieee80211_hw *dev)
                                  (7 << 0  /* long retry limit */) |
                                  (7 << 21 /* MAX TX DMA */));
                rtl8187_init_urbs(dev);
+               mutex_unlock(&priv->conf_mutex);
                return 0;
        }
 
@@ -792,6 +794,7 @@ static int rtl8187_start(struct ieee80211_hw *dev)
        reg |= RTL818X_CMD_TX_ENABLE;
        reg |= RTL818X_CMD_RX_ENABLE;
        rtl818x_iowrite8(priv, &priv->map->CMD, reg);
+       mutex_unlock(&priv->conf_mutex);
 
        return 0;
 }
@@ -803,6 +806,7 @@ static void rtl8187_stop(struct ieee80211_hw *dev)
        struct sk_buff *skb;
        u32 reg;
 
+       mutex_lock(&priv->conf_mutex);
        rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0);
 
        reg = rtl818x_ioread8(priv, &priv->map->CMD);
@@ -822,7 +826,7 @@ static void rtl8187_stop(struct ieee80211_hw *dev)
                usb_kill_urb(info->urb);
                kfree_skb(skb);
        }
-       return;
+       mutex_unlock(&priv->conf_mutex);
 }
 
 static int rtl8187_add_interface(struct ieee80211_hw *dev,
@@ -842,6 +846,7 @@ static int rtl8187_add_interface(struct ieee80211_hw *dev,
                return -EOPNOTSUPP;
        }
 
+       mutex_lock(&priv->conf_mutex);
        priv->vif = conf->vif;
 
        rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
@@ -850,6 +855,7 @@ static int rtl8187_add_interface(struct ieee80211_hw *dev,
                                 ((u8 *)conf->mac_addr)[i]);
        rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
 
+       mutex_unlock(&priv->conf_mutex);
        return 0;
 }
 
@@ -857,8 +863,10 @@ static void rtl8187_remove_interface(struct ieee80211_hw *dev,
                                     struct ieee80211_if_init_conf *conf)
 {
        struct rtl8187_priv *priv = dev->priv;
+       mutex_lock(&priv->conf_mutex);
        priv->mode = IEEE80211_IF_TYPE_MNTR;
        priv->vif = NULL;
+       mutex_unlock(&priv->conf_mutex);
 }
 
 static int rtl8187_config(struct ieee80211_hw *dev, struct ieee80211_conf *conf)
@@ -866,6 +874,7 @@ static int rtl8187_config(struct ieee80211_hw *dev, struct ieee80211_conf *conf)
        struct rtl8187_priv *priv = dev->priv;
        u32 reg;
 
+       mutex_lock(&priv->conf_mutex);
        reg = rtl818x_ioread32(priv, &priv->map->TX_CONF);
        /* Enable TX loopback on MAC level to avoid TX during channel
         * changes, as this has be seen to causes problems and the
@@ -898,6 +907,7 @@ static int rtl8187_config(struct ieee80211_hw *dev, struct ieee80211_conf *conf)
        rtl818x_iowrite16(priv, &priv->map->ATIMTR_INTERVAL, 100);
        rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL, 100);
        rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL_TIME, 100);
+       mutex_unlock(&priv->conf_mutex);
        return 0;
 }
 
@@ -909,6 +919,7 @@ static int rtl8187_config_interface(struct ieee80211_hw *dev,
        int i;
        u8 reg;
 
+       mutex_lock(&priv->conf_mutex);
        for (i = 0; i < ETH_ALEN; i++)
                rtl818x_iowrite8(priv, &priv->map->BSSID[i], conf->bssid[i]);
 
@@ -922,6 +933,7 @@ static int rtl8187_config_interface(struct ieee80211_hw *dev,
                rtl818x_iowrite8(priv, &priv->map->MSR, reg);
        }
 
+       mutex_unlock(&priv->conf_mutex);
        return 0;
 }
 
@@ -1189,6 +1201,7 @@ static int __devinit rtl8187_probe(struct usb_interface *intf,
                printk(KERN_ERR "rtl8187: Cannot register device\n");
                goto err_free_dev;
        }
+       mutex_init(&priv->conf_mutex);
 
        printk(KERN_INFO "%s: hwaddr %s, %s V%d + %s\n",
               wiphy_name(dev->wiphy), print_mac(mac, dev->wiphy->perm_addr),