From: Michał Mirosław <mirq-linux@xxxxxxxxxxxx> commit e2525a95cc0887c7dc0549cb5d0ac3e796e1d54c upstream. Lockdep is complaining about recursive locking, because it can't make a difference between locked skb_queues. Annotate nested locks and avoid double bh_disable/enable. [...] insmod/815 is trying to acquire lock: cb7d6418 (&(&list->lock)->rlock){+...}, at: wfx_tx_queues_clear+0xfc/0x198 [wfx] but task is already holding lock: cb7d61f4 (&(&list->lock)->rlock){+...}, at: wfx_tx_queues_clear+0xa0/0x198 [wfx] [...] Possible unsafe locking scenario: CPU0 ---- lock(&(&list->lock)->rlock); lock(&(&list->lock)->rlock); Cc: stable@xxxxxxxxxxxxxxx Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames") Signed-off-by: Michał Mirosław <mirq-linux@xxxxxxxxxxxx> Link: https://lore.kernel.org/r/5e30397af95854b4a7deea073b730c00229f42ba.1581416843.git.mirq-linux@xxxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/staging/wfx/queue.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/drivers/staging/wfx/queue.c +++ b/drivers/staging/wfx/queue.c @@ -132,12 +132,12 @@ static void wfx_tx_queue_clear(struct wf spin_lock_bh(&queue->queue.lock); while ((item = __skb_dequeue(&queue->queue)) != NULL) skb_queue_head(gc_list, item); - spin_lock_bh(&stats->pending.lock); + spin_lock_nested(&stats->pending.lock, 1); for (i = 0; i < ARRAY_SIZE(stats->link_map_cache); ++i) { stats->link_map_cache[i] -= queue->link_map_cache[i]; queue->link_map_cache[i] = 0; } - spin_unlock_bh(&stats->pending.lock); + spin_unlock(&stats->pending.lock); spin_unlock_bh(&queue->queue.lock); } @@ -213,9 +213,9 @@ void wfx_tx_queue_put(struct wfx_dev *wd ++queue->link_map_cache[tx_priv->link_id]; - spin_lock_bh(&stats->pending.lock); + spin_lock_nested(&stats->pending.lock, 1); ++stats->link_map_cache[tx_priv->link_id]; - spin_unlock_bh(&stats->pending.lock); + spin_unlock(&stats->pending.lock); spin_unlock_bh(&queue->queue.lock); } @@ -244,11 +244,11 @@ static struct sk_buff *wfx_tx_queue_get( __skb_unlink(skb, &queue->queue); --queue->link_map_cache[tx_priv->link_id]; - spin_lock_bh(&stats->pending.lock); + spin_lock_nested(&stats->pending.lock, 1); __skb_queue_tail(&stats->pending, skb); if (!--stats->link_map_cache[tx_priv->link_id]) wakeup_stats = true; - spin_unlock_bh(&stats->pending.lock); + spin_unlock(&stats->pending.lock); } spin_unlock_bh(&queue->queue.lock); if (wakeup_stats) @@ -266,10 +266,10 @@ int wfx_pending_requeue(struct wfx_dev * spin_lock_bh(&queue->queue.lock); ++queue->link_map_cache[tx_priv->link_id]; - spin_lock_bh(&stats->pending.lock); + spin_lock_nested(&stats->pending.lock, 1); ++stats->link_map_cache[tx_priv->link_id]; __skb_unlink(skb, &stats->pending); - spin_unlock_bh(&stats->pending.lock); + spin_unlock(&stats->pending.lock); __skb_queue_tail(&queue->queue, skb); spin_unlock_bh(&queue->queue.lock); return 0;