Date: Mon, 05 Sep 2016 00:20:25 +0300 From: "Andriy Voskoboinyk" <avos@freebsd.org> To: "Adrian Chadd" <adrian@freebsd.org>, "Hans Petter Selasky" <hps@freebsd.org> Cc: "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org>, "freebsd-usb@freebsd.org" <freebsd-usb@freebsd.org> Subject: Deadlock between device_detach() and usbd_do_request_flags() Message-ID: <op.ynaawb2n4dikkl@localhost>
next in thread | raw e-mail | index | archive | help
There is a rare, but reproducible deadlock for wlan(4) drivers:
Thread 1:
* uhub_explore_handle_re_enumerate() (obtains enum_sx lock)
* usbd_set_config_index()
* usb_unconfigure()
* usb_detach_device()
* usb_detach_device_sub()
* <device_detach()>
typically <device_stop()> is executed here (prevents
another possible deadlock?)
* ieee80211_ifdetach()
* ieee80211_vap_destroy()
* <ic->ic_vap_delete>
* ieee80211_vap_detach()
here it calls ieee80211_stop() and waits for <any> -> INIT state
transition
Thread 2 (started from thread 1):
* ieee80211_newstate_cb()
* vap->iv_newstate()
here: if the driver will try to call usbd_do_request_flags()
(typically via <drv_write_reg> / <drv_read_reg>) it will hang
(because enum_sx lock is already held by thread 1).
Another way: execute some periodical task that will try to access
some registers (urtwn_temp_calib(), rum_ratectl_task(),
run_ratectl_cb()) while thread 1 is running - deadlock is
here too, since <device_detach> will wait for them indefinitely
(via ieee80211_draintask())
Right now the most obvious (and, probably, wrong) way is to just
detect & release all locks (usbd_enum_unlock()) for
ieee80211_ifdetach() / ieee80211_draintask() and re-acquire them
later (not tested yet).
Any ideas?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.ynaawb2n4dikkl>