All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/3] rtl8192cu: Fixes for leaks and deadlock
@ 2020-06-22 13:21 Reto Schneider
  2020-06-22 13:21 ` [PATCH 1/3] rtl8192cu: Fix deadlock Reto Schneider
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Reto Schneider @ 2020-06-22 13:21 UTC (permalink / raw)
  To: linux-wireless; +Cc: Larry.Finger, Reto Schneider

Issues have been found on a Realtek RTL8188CUS/Atmel AT91SAM9G25
(ARMv5) machine. Testing has been done on the same.

Reto Schneider (3):
  rtl8192cu: Fix deadlock
  rtl8192cu: Prevent leaking urb
  rtl8192cu: Free ieee80211_hw if probing fails

 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

-- 
2.20.1


^ permalink raw reply	[flat|nested] 7+ messages in thread
* [PATCH 1/3] rtl8192cu: Fix deadlock
  2020-06-22 13:21 [PATCH 0/3] rtl8192cu: Fixes for leaks and deadlock Reto Schneider
@ 2020-06-22 13:21 ` Reto Schneider
  2020-06-22 18:01   ` Larry Finger
  2020-07-15 10:37   ` [PATCH 1/3] rtlwifi: " Kalle Valo
  2020-06-22 13:21 ` [PATCH 2/3] rtl8192cu: Prevent leaking urb Reto Schneider
  2020-06-22 13:21 ` [PATCH 3/3] rtl8192cu: Free ieee80211_hw if probing fails Reto Schneider
  2 siblings, 2 replies; 7+ messages in thread
From: Reto Schneider @ 2020-06-22 13:21 UTC (permalink / raw)
  To: linux-wireless; +Cc: Larry.Finger, Reto Schneider

Prevent code from calling itself indirectly, causing the driver to hang
and consume 100% CPU.

Without this fix, the following script can bring down a single CPU
system:
```
while true; do
  rmmod rtl8192cu
  modprobe rtl8192cu
done
```

Signed-off-by: Reto Schneider <code@reto-schneider.ch>
---
 drivers/net/wireless/realtek/rtlwifi/usb.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index c66c6dc00378..d3bbfc0171f6 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -680,8 +680,10 @@ static void _rtl_usb_cleanup_rx(struct ieee80211_hw *hw)
 	tasklet_kill(&rtlusb->rx_work_tasklet);
 	cancel_work_sync(&rtlpriv->works.lps_change_work);
 
-	flush_workqueue(rtlpriv->works.rtl_wq);
-	destroy_workqueue(rtlpriv->works.rtl_wq);
+	if (rtlpriv->works.rtl_wq) {
+		destroy_workqueue(rtlpriv->works.rtl_wq);
+		rtlpriv->works.rtl_wq = NULL;
+	}
 
 	skb_queue_purge(&rtlusb->rx_queue);
 
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* [PATCH 2/3] rtl8192cu: Prevent leaking urb
  2020-06-22 13:21 [PATCH 0/3] rtl8192cu: Fixes for leaks and deadlock Reto Schneider
  2020-06-22 13:21 ` [PATCH 1/3] rtl8192cu: Fix deadlock Reto Schneider
@ 2020-06-22 13:21 ` Reto Schneider
  2020-06-22 13:21 ` [PATCH 3/3] rtl8192cu: Free ieee80211_hw if probing fails Reto Schneider
  2 siblings, 0 replies; 7+ messages in thread
From: Reto Schneider @ 2020-06-22 13:21 UTC (permalink / raw)
  To: linux-wireless; +Cc: Larry.Finger, Reto Schneider

If usb_submit_urb fails the allocated urb should be unanchored and
released.

Signed-off-by: Reto Schneider <code@reto-schneider.ch>
---
 drivers/net/wireless/realtek/rtlwifi/usb.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index d3bbfc0171f6..1a9fcb2697bf 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -720,8 +720,11 @@ static int _rtl_usb_receive(struct ieee80211_hw *hw)
 
 		usb_anchor_urb(urb, &rtlusb->rx_submitted);
 		err = usb_submit_urb(urb, GFP_KERNEL);
-		if (err)
+		if (err) {
+			usb_unanchor_urb(urb);
+			usb_free_urb(urb);
 			goto err_out;
+		}
 		usb_free_urb(urb);
 	}
 	return 0;
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* [PATCH 3/3] rtl8192cu: Free ieee80211_hw if probing fails
  2020-06-22 13:21 [PATCH 0/3] rtl8192cu: Fixes for leaks and deadlock Reto Schneider
  2020-06-22 13:21 ` [PATCH 1/3] rtl8192cu: Fix deadlock Reto Schneider
  2020-06-22 13:21 ` [PATCH 2/3] rtl8192cu: Prevent leaking urb Reto Schneider
@ 2020-06-22 13:21 ` Reto Schneider
  2 siblings, 0 replies; 7+ messages in thread
From: Reto Schneider @ 2020-06-22 13:21 UTC (permalink / raw)
  To: linux-wireless; +Cc: Larry.Finger, Reto Schneider

In case of an error, no one will use the allocated structure. Call
ieee80211_free_hw, same as in rtl_usb_disconnect.

Signed-off-by: Reto Schneider <code@reto-schneider.ch>
---
 drivers/net/wireless/realtek/rtlwifi/usb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 1a9fcb2697bf..d05e709536ea 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1087,6 +1087,7 @@ int rtl_usb_probe(struct usb_interface *intf,
 	usb_put_dev(udev);
 	complete(&rtlpriv->firmware_loading_complete);
 	kfree(rtlpriv->usb_data);
+	ieee80211_free_hw(hw);
 	return -ENODEV;
 }
 EXPORT_SYMBOL(rtl_usb_probe);
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH 1/3] rtl8192cu: Fix deadlock
  2020-06-22 13:21 ` [PATCH 1/3] rtl8192cu: Fix deadlock Reto Schneider
@ 2020-06-22 18:01   ` Larry Finger
  2020-06-23  9:20     ` Kalle Valo
  2020-07-15 10:37   ` [PATCH 1/3] rtlwifi: " Kalle Valo
  1 sibling, 1 reply; 7+ messages in thread
From: Larry Finger @ 2020-06-22 18:01 UTC (permalink / raw)
  To: Reto Schneider, linux-wireless

On 6/22/20 8:21 AM, Reto Schneider wrote:
> Prevent code from calling itself indirectly, causing the driver to hang
> and consume 100% CPU.
> 
> Without this fix, the following script can bring down a single CPU
> system:
> ```
> while true; do
>    rmmod rtl8192cu
>    modprobe rtl8192cu
> done
> ```
> 
> Signed-off-by: Reto Schneider <code@reto-schneider.ch>

I have one small comment. Patches for the rtlwifi family of drivers have patch 
subjects of the form [PATCH] rtlwifi: rtl8192cu: blah blah. I'll let Kalle 
decide if he wants ignore my comment, manually change the subjects, or request a 
V2. Otherwise all 3 patches are OK.

ACKed-by: Larry Finger <Larry.Finger@lwfinger.net>

Larry

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH 1/3] rtl8192cu: Fix deadlock
  2020-06-22 18:01   ` Larry Finger
@ 2020-06-23  9:20     ` Kalle Valo
  0 siblings, 0 replies; 7+ messages in thread
From: Kalle Valo @ 2020-06-23  9:20 UTC (permalink / raw)
  To: Larry Finger; +Cc: Reto Schneider, linux-wireless

Larry Finger <Larry.Finger@lwfinger.net> writes:

> On 6/22/20 8:21 AM, Reto Schneider wrote:
>> Prevent code from calling itself indirectly, causing the driver to hang
>> and consume 100% CPU.
>>
>> Without this fix, the following script can bring down a single CPU
>> system:
>> ```
>> while true; do
>>    rmmod rtl8192cu
>>    modprobe rtl8192cu
>> done
>> ```
>>
>> Signed-off-by: Reto Schneider <code@reto-schneider.ch>
>
> I have one small comment. Patches for the rtlwifi family of drivers
> have patch subjects of the form [PATCH] rtlwifi: rtl8192cu: blah blah.
> I'll let Kalle decide if he wants ignore my comment, manually change
> the subjects, or request a V2. Otherwise all 3 patches are OK.

I can fix the titles during commit.

-- 
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH 1/3] rtlwifi: rtl8192cu: Fix deadlock
  2020-06-22 13:21 ` [PATCH 1/3] rtl8192cu: Fix deadlock Reto Schneider
  2020-06-22 18:01   ` Larry Finger
@ 2020-07-15 10:37   ` Kalle Valo
  1 sibling, 0 replies; 7+ messages in thread
From: Kalle Valo @ 2020-07-15 10:37 UTC (permalink / raw)
  To: Reto Schneider; +Cc: linux-wireless, Larry.Finger, Reto Schneider

Reto Schneider <code@reto-schneider.ch> wrote:

> Prevent code from calling itself indirectly, causing the driver to hang
> and consume 100% CPU.
> 
> Without this fix, the following script can bring down a single CPU
> system:
> ```
> while true; do
>   rmmod rtl8192cu
>   modprobe rtl8192cu
> done
> ```
> 
> Signed-off-by: Reto Schneider <code@reto-schneider.ch>
> ACKed-by: Larry Finger <Larry.Finger@lwfinger.net>

3 patches applied to wireless-drivers-next.git, thanks.

ec89032cd148 rtlwifi: rtl8192cu: Fix deadlock
03128643eb54 rtlwifi: rtl8192cu: Prevent leaking urb
a7f7c15e945a rtlwifi: rtl8192cu: Free ieee80211_hw if probing fails

-- 
https://patchwork.kernel.org/patch/11617759/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches


^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-07-15 10:37 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-22 13:21 [PATCH 0/3] rtl8192cu: Fixes for leaks and deadlock Reto Schneider
2020-06-22 13:21 ` [PATCH 1/3] rtl8192cu: Fix deadlock Reto Schneider
2020-06-22 18:01   ` Larry Finger
2020-06-23  9:20     ` Kalle Valo
2020-07-15 10:37   ` [PATCH 1/3] rtlwifi: " Kalle Valo
2020-06-22 13:21 ` [PATCH 2/3] rtl8192cu: Prevent leaking urb Reto Schneider
2020-06-22 13:21 ` [PATCH 3/3] rtl8192cu: Free ieee80211_hw if probing fails Reto Schneider

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.