From: Luca Coelho <luca@coelho.fi>
To: linux-wireless@vger.kernel.org
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>,
"[4.5+]" <stable@vger.kernel.org>,
Luca Coelho <luciano.coelho@intel.com>
Subject: [PATCH 48/56] iwlwifi: pcie: fix a race in firmware loading flow
Date: Wed, 6 Jul 2016 13:40:43 +0300 [thread overview]
Message-ID: <1467801651-1816-48-git-send-email-luca@coelho.fi> (raw)
In-Reply-To: <1467801452.25088.20.camel@coelho.fi>
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Upon firmware load interrupt (FH_TX), the ISR re-enables the
firmware load interrupt only to avoid races with other
flows as described in the commit below. When the firmware
is completely loaded, the thread that is loading the
firmware will enable all the interrupts to make sure that
the driver gets the ALIVE interrupt.
The problem with that is that the thread that is loading
the firmware is actually racing against the ISR and we can
get to the following situation:
CPU0 CPU1
iwl_pcie_load_given_ucode
...
iwl_pcie_load_firmware_chunk
wait_for_interrupt
<interrupt>
ISR handles CSR_INT_BIT_FH_TX
ISR wakes up the thread on CPU0
/* enable all the interrupts
* to get the ALIVE interrupt
*/
iwl_enable_interrupts
ISR re-enables CSR_INT_BIT_FH_TX only
/* start the firmware */
iwl_write32(trans, CSR_RESET, 0);
BUG! ALIVE interrupt will never arrive since it has been
masked by CPU1.
In order to fix that, change the ISR to first check if
STATUS_INT_ENABLED is set. If so, re-enable all the
interrupts. If STATUS_INT_ENABLED is clear, then we can
check what specific interrupt happened and re-enable only
that specific interrupt (RFKILL or FH_TX).
All the credit for the analysis goes to Kirtika who did the
actual debugging work.
Cc: <stable@vger.kernel.org> [4.5+]
Fixes: a6bd005fe92 ("iwlwifi: pcie: fix RF-Kill vs. firmware load race")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 21 +++++++++++++++++++--
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 16 +++++++++-------
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 8 --------
3 files changed, 28 insertions(+), 17 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
index f684b9d..54af3da 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
@@ -500,7 +500,7 @@ void iwl_pcie_dump_csr(struct iwl_trans *trans);
/*****************************************************
* Helpers
******************************************************/
-static inline void iwl_disable_interrupts(struct iwl_trans *trans)
+static inline void _iwl_disable_interrupts(struct iwl_trans *trans)
{
struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
@@ -523,7 +523,16 @@ static inline void iwl_disable_interrupts(struct iwl_trans *trans)
IWL_DEBUG_ISR(trans, "Disabled interrupts\n");
}
-static inline void iwl_enable_interrupts(struct iwl_trans *trans)
+static inline void iwl_disable_interrupts(struct iwl_trans *trans)
+{
+ struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
+
+ spin_lock(&trans_pcie->irq_lock);
+ _iwl_disable_interrupts(trans);
+ spin_unlock(&trans_pcie->irq_lock);
+}
+
+static inline void _iwl_enable_interrupts(struct iwl_trans *trans)
{
struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
@@ -546,6 +555,14 @@ static inline void iwl_enable_interrupts(struct iwl_trans *trans)
}
}
+static inline void iwl_enable_interrupts(struct iwl_trans *trans)
+{
+ struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
+
+ spin_lock(&trans_pcie->irq_lock);
+ _iwl_enable_interrupts(trans);
+ spin_unlock(&trans_pcie->irq_lock);
+}
static inline void iwl_enable_hw_int_msk_msix(struct iwl_trans *trans, u32 msk)
{
struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
index 0296c29..45f1b7e 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -1535,7 +1535,7 @@ irqreturn_t iwl_pcie_irq_handler(int irq, void *dev_id)
* have anything to service
*/
if (test_bit(STATUS_INT_ENABLED, &trans->status))
- iwl_enable_interrupts(trans);
+ _iwl_enable_interrupts(trans);
spin_unlock(&trans_pcie->irq_lock);
lock_map_release(&trans->sync_cmd_lockdep_map);
return IRQ_NONE;
@@ -1727,15 +1727,17 @@ irqreturn_t iwl_pcie_irq_handler(int irq, void *dev_id)
inta & ~trans_pcie->inta_mask);
}
+ spin_lock(&trans_pcie->irq_lock);
+ /* only Re-enable all interrupt if disabled by irq */
+ if (test_bit(STATUS_INT_ENABLED, &trans->status))
+ _iwl_enable_interrupts(trans);
/* we are loading the firmware, enable FH_TX interrupt only */
- if (handled & CSR_INT_BIT_FH_TX)
+ else if (handled & CSR_INT_BIT_FH_TX)
iwl_enable_fw_load_int(trans);
- /* only Re-enable all interrupt if disabled by irq */
- else if (test_bit(STATUS_INT_ENABLED, &trans->status))
- iwl_enable_interrupts(trans);
/* Re-enable RF_KILL if it occurred */
else if (handled & CSR_INT_BIT_RF_KILL)
iwl_enable_rfkill_int(trans);
+ spin_unlock(&trans_pcie->irq_lock);
out:
lock_map_release(&trans->sync_cmd_lockdep_map);
@@ -1799,7 +1801,7 @@ void iwl_pcie_reset_ict(struct iwl_trans *trans)
return;
spin_lock(&trans_pcie->irq_lock);
- iwl_disable_interrupts(trans);
+ _iwl_disable_interrupts(trans);
memset(trans_pcie->ict_tbl, 0, ICT_SIZE);
@@ -1815,7 +1817,7 @@ void iwl_pcie_reset_ict(struct iwl_trans *trans)
trans_pcie->use_ict = true;
trans_pcie->ict_index = 0;
iwl_write32(trans, CSR_INT, trans_pcie->inta_mask);
- iwl_enable_interrupts(trans);
+ _iwl_enable_interrupts(trans);
spin_unlock(&trans_pcie->irq_lock);
}
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
index 3b7a414..9e953a4 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
@@ -1037,9 +1037,7 @@ static void _iwl_trans_pcie_stop_device(struct iwl_trans *trans, bool low_power)
was_hw_rfkill = iwl_is_rfkill_set(trans);
/* tell the device to stop sending interrupts */
- spin_lock(&trans_pcie->irq_lock);
iwl_disable_interrupts(trans);
- spin_unlock(&trans_pcie->irq_lock);
/* device going down, Stop using ICT table */
iwl_pcie_disable_ict(trans);
@@ -1083,9 +1081,7 @@ static void _iwl_trans_pcie_stop_device(struct iwl_trans *trans, bool low_power)
* the time, unless the interrupt is ACKed even if the interrupt
* should be masked. Re-ACK all the interrupts here.
*/
- spin_lock(&trans_pcie->irq_lock);
iwl_disable_interrupts(trans);
- spin_unlock(&trans_pcie->irq_lock);
/* clear all status bits */
clear_bit(STATUS_SYNC_HCMD_ACTIVE, &trans->status);
@@ -1578,15 +1574,11 @@ static void iwl_trans_pcie_op_mode_leave(struct iwl_trans *trans)
mutex_lock(&trans_pcie->mutex);
/* disable interrupts - don't enable HW RF kill interrupt */
- spin_lock(&trans_pcie->irq_lock);
iwl_disable_interrupts(trans);
- spin_unlock(&trans_pcie->irq_lock);
iwl_pcie_apm_stop(trans, true);
- spin_lock(&trans_pcie->irq_lock);
iwl_disable_interrupts(trans);
- spin_unlock(&trans_pcie->irq_lock);
iwl_pcie_disable_ict(trans);
--
2.8.1
next prev parent reply other threads:[~2016-07-06 10:44 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-06 10:37 pull-request: iwlwifi-next 2016-07-06 Luca Coelho
2016-07-06 10:39 ` [PATCH 01/56] iwlwifi: remove useless enum values Luca Coelho
2016-07-06 10:39 ` [PATCH 02/56] iwlwifi: change fw.mvm_fw to fw.type Luca Coelho
2016-07-06 10:39 ` [PATCH 03/56] iwlwifi: mvm: support dqa queue inactivation upon timeout Luca Coelho
2016-07-06 10:39 ` [PATCH 04/56] iwlwifi: pcie: unify restock calls on init Luca Coelho
2016-07-06 10:40 ` [PATCH 05/56] iwlwifi: mvm: fix possible division by zero Luca Coelho
2016-07-06 10:40 ` [PATCH 06/56] iwlwifi: mvm: change scan timeout to a delayed work Luca Coelho
2016-07-06 10:40 ` [PATCH 07/56] iwlwifi: mvm: remove an unused variable Luca Coelho
2016-07-06 10:40 ` [PATCH 08/56] iwlwifi: mvm: silence uninitialized variable warning Luca Coelho
2016-07-06 10:40 ` [PATCH 09/56] iwlwifi: mvm: support dqa queue sharing Luca Coelho
2016-07-06 10:40 ` [PATCH 10/56] iwlwifi: mvm: set sta_id in SCD_QUEUE_CONFIG cmd Luca Coelho
2016-07-06 10:40 ` [PATCH 11/56] iwlwifi: mvm: update aux queue in dqa mode Luca Coelho
2016-07-06 10:40 ` [PATCH 12/56] iwlwifi: mvm: support dqa-enable hcmd Luca Coelho
2016-07-06 10:40 ` [PATCH 13/56] iwlwifi: add new 8260 PCI IDs Luca Coelho
2016-07-06 10:40 ` [PATCH 14/56] iwlwifi: add new 8265 Luca Coelho
2016-07-06 10:40 ` [PATCH 15/56] iwlwifi: mvm: remove unnecessary device conversion when reading the MCC Luca Coelho
2016-07-06 10:40 ` [PATCH 16/56] iwlwifi: pcie: poll RFH for RX DMA stop Luca Coelho
2016-07-06 10:40 ` [PATCH 17/56] iwlwifi: mvm: Do not open aggregations for null data packets Luca Coelho
2016-07-06 10:40 ` [PATCH 18/56] iwlwifi: mvm: fix RX mpdu status enum Luca Coelho
2016-07-06 10:40 ` [PATCH 19/56] iwlwifi: mvm: rs: add rate scaling support for 160MHz channels Luca Coelho
2016-07-06 10:40 ` [PATCH 20/56] iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning Luca Coelho
2016-07-06 10:40 ` [PATCH 21/56] iwlwifi: mvm: fix txq aggregation bug Luca Coelho
2016-07-06 10:40 ` [PATCH 22/56] iwlwifi: dvm: Remove unused array 'iwlagn_loose_lookup' Luca Coelho
2016-07-06 10:40 ` [PATCH 23/56] iwlwifi: add dump of RFH Luca Coelho
2016-07-06 10:40 ` [PATCH 24/56] iwlwifi: Reserve iwl_fw_error_dump_type enum Luca Coelho
2016-07-06 10:40 ` [PATCH 25/56] iwlwifi: mvm: add support for GCMP encryption Luca Coelho
2016-07-06 10:40 ` [PATCH 26/56] iwlwifi: mvm: support new statistics notification Luca Coelho
2016-07-06 10:40 ` [PATCH 27/56] iwlwifi: Add a000 HW family support Luca Coelho
2016-07-06 10:40 ` [PATCH 28/56] iwlwifi: pcie: enable interrupts before releasing the NIC's CPU Luca Coelho
2016-07-06 10:40 ` [PATCH 29/56] iwlmvm: mvm: set correct state in smart-fifo configuration Luca Coelho
2016-07-06 10:40 ` [PATCH 30/56] iwlwifi: mvm: checksum IPv6 fragmented packet Luca Coelho
2016-07-06 10:40 ` [PATCH 31/56] iwlwifi: mvm: cleanup the coex code Luca Coelho
2016-07-06 10:40 ` [PATCH 32/56] iwlwifi: mvm: read SAR BIOS table from ACPI Luca Coelho
2016-07-06 10:40 ` [PATCH 33/56] iwlwifi: pcie: Enable MSI mode when using MSI interrupts Luca Coelho
2016-07-06 10:40 ` [PATCH 34/56] iwlwifi: pcie: fix access to scratch buffer Luca Coelho
2016-07-06 10:40 ` [PATCH 35/56] iwlwifi: mvm: write the correct internal TXF index Luca Coelho
2016-07-06 10:40 ` [PATCH 36/56] iwlwifi: mvm: fix coex related comments Luca Coelho
2016-07-06 10:40 ` [PATCH 37/56] iwlwifi: mvm: fix the channel inhibition table for Channel 14 Luca Coelho
2016-07-06 10:40 ` [PATCH 38/56] iwlwifi: remove iwl_ht_params.smps_mode Luca Coelho
2016-07-06 10:40 ` [PATCH 39/56] iwlwifi: mvm: unmap the paging memory before freeing it Luca Coelho
2016-07-06 10:40 ` [PATCH 40/56] iwlwifi: pcie: don't use vid 0 Luca Coelho
2016-07-06 10:40 ` [PATCH 41/56] iwlwifi: mvm: support tdls in dqa mode Luca Coelho
2016-07-06 10:40 ` [PATCH 42/56] iwlwifi: mvm: support dqa-mode scd queue redirection Luca Coelho
2016-07-06 10:40 ` [PATCH 43/56] iwlwifi: mvm: add RX aggregation prints Luca Coelho
2016-07-06 10:40 ` [PATCH 44/56] iwlwifi: mvm: free RX reorder buffer on restart Luca Coelho
2016-07-06 10:40 ` [PATCH 45/56] iwlwifi: store cipher scheme independent of mac80211 Luca Coelho
2016-07-06 10:40 ` [PATCH 46/56] iwlwifi: tracing: decouple from mac80211 Luca Coelho
2016-07-06 10:40 ` [PATCH 47/56] iwlwifi: decouple PCIe transport " Luca Coelho
2016-07-06 10:40 ` Luca Coelho [this message]
2016-07-06 10:40 ` [PATCH 49/56] iwlwifi: pcie: track rxb status Luca Coelho
2016-07-06 10:40 ` [PATCH 50/56] iwlwifi: pcie: generalize and increase the size of scratchbuf Luca Coelho
2016-07-06 10:40 ` [PATCH 51/56] iwlwifi: centralize 64 bit HW registers write Luca Coelho
2016-07-06 10:40 ` [PATCH 52/56] iwlwifi: pcie: initialize a000 device's TFD table Luca Coelho
2016-07-06 10:40 ` [PATCH 53/56] iwlwifi: pcie: load FW chunk for a000 devices Luca Coelho
2016-07-06 10:40 ` [PATCH 54/56] iwlwifi: mvm: support v4 of the TX power command Luca Coelho
2016-07-06 10:40 ` [PATCH 55/56] iwlwifi: pcie: centralize SCD status logging Luca Coelho
2016-07-06 10:40 ` [PATCH 56/56] iwlwifi: move iwl_drv to be shared across transports Luca Coelho
2016-07-08 9:21 ` pull-request: iwlwifi-next 2016-07-06 Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467801651-1816-48-git-send-email-luca@coelho.fi \
--to=luca@coelho.fi \
--cc=emmanuel.grumbach@intel.com \
--cc=linux-wireless@vger.kernel.org \
--cc=luciano.coelho@intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).