From: Luca Coelho <luca@coelho.fi>
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org, Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH] cfg80211: pmsr: fix abort locking
Date: Wed, 6 Feb 2019 08:03:10 +0200 [thread overview]
Message-ID: <20190206060310.12200-1-luca@coelho.fi> (raw)
In-Reply-To: <b2d8b60f32aacd58d18307d58c5cc4810899029f.camel@coelho.fi>
From: Johannes Berg <johannes.berg@intel.com>
When we destroy the interface we already hold the wdev->mtx
while calling cfg80211_pmsr_wdev_down(), which assumes this
isn't true and flushes the worker that takes the lock, thus
leading to a deadlock.
Fix this by refactoring the worker and calling its code in
cfg80211_pmsr_wdev_down() directly.
We still need to flush the work later to make sure it's not
still running and will crash, but it will not do anything.
Fixes: 9bb7e0f24e7e ("cfg80211: add peer measurement with FTM initiator API")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/wireless/core.c | 2 ++
net/wireless/pmsr.c | 22 +++++++++++++++-------
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 623dfe5e211c..b36ad8efb5e5 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1068,6 +1068,8 @@ static void __cfg80211_unregister_wdev(struct wireless_dev *wdev, bool sync)
ASSERT_RTNL();
+ flush_work(&wdev->pmsr_free_wk);
+
nl80211_notify_iface(rdev, wdev, NL80211_CMD_DEL_INTERFACE);
list_del_rcu(&wdev->list);
diff --git a/net/wireless/pmsr.c b/net/wireless/pmsr.c
index f2e388e329fd..78c3f5633692 100644
--- a/net/wireless/pmsr.c
+++ b/net/wireless/pmsr.c
@@ -529,14 +529,14 @@ void cfg80211_pmsr_report(struct wireless_dev *wdev,
}
EXPORT_SYMBOL_GPL(cfg80211_pmsr_report);
-void cfg80211_pmsr_free_wk(struct work_struct *work)
+static void cfg80211_pmsr_process_abort(struct wireless_dev *wdev)
{
- struct wireless_dev *wdev = container_of(work, struct wireless_dev,
- pmsr_free_wk);
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
struct cfg80211_pmsr_request *req, *tmp;
LIST_HEAD(free_list);
+ lockdep_assert_held(&wdev->mtx);
+
spin_lock_bh(&wdev->pmsr_lock);
list_for_each_entry_safe(req, tmp, &wdev->pmsr_list, list) {
if (req->nl_portid)
@@ -546,14 +546,22 @@ void cfg80211_pmsr_free_wk(struct work_struct *work)
spin_unlock_bh(&wdev->pmsr_lock);
list_for_each_entry_safe(req, tmp, &free_list, list) {
- wdev_lock(wdev);
rdev_abort_pmsr(rdev, wdev, req);
- wdev_unlock(wdev);
kfree(req);
}
}
+void cfg80211_pmsr_free_wk(struct work_struct *work)
+{
+ struct wireless_dev *wdev = container_of(work, struct wireless_dev,
+ pmsr_free_wk);
+
+ wdev_lock(wdev);
+ cfg80211_pmsr_process_abort(wdev);
+ wdev_unlock(wdev);
+}
+
void cfg80211_pmsr_wdev_down(struct wireless_dev *wdev)
{
struct cfg80211_pmsr_request *req;
@@ -567,8 +575,8 @@ void cfg80211_pmsr_wdev_down(struct wireless_dev *wdev)
spin_unlock_bh(&wdev->pmsr_lock);
if (found)
- schedule_work(&wdev->pmsr_free_wk);
- flush_work(&wdev->pmsr_free_wk);
+ cfg80211_pmsr_process_abort(wdev);
+
WARN_ON(!list_empty(&wdev->pmsr_list));
}
--
2.20.1
next prev parent reply other threads:[~2019-02-06 6:03 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-15 9:03 [PATCH 00/24] cfg80211/mac80211 patches from our internal tree 2018-12-15 Luca Coelho
2018-12-15 9:03 ` [PATCH 01/24] mac80211: suspicious RCU usage fix Luca Coelho
2018-12-15 9:03 ` [PATCH 02/24] ieee80211: add bits for TWT in Extended Capabilities IE Luca Coelho
2018-12-15 9:03 ` [PATCH 03/24] mac80211: propagate the support for TWT to the driver Luca Coelho
2018-12-15 9:03 ` [PATCH 04/24] mac80211: update HE operation fields to D3.0 Luca Coelho
2018-12-15 9:03 ` [PATCH 05/24] mac80211: free skb fraglist before freeing the skb Luca Coelho
2018-12-15 9:03 ` [PATCH 06/24] mac80211: don't build AMSDU from GSO packets Luca Coelho
2018-12-15 9:03 ` [PATCH 07/24] mac80211: document RCU requirements for ieee80211_tx_dequeue() Luca Coelho
2018-12-15 9:03 ` [PATCH 08/24] mac80211: remove superfluous NULL check Luca Coelho
2018-12-15 9:03 ` [PATCH 09/24] mac80211: fix a kernel panic when TXing after TXQ teardown Luca Coelho
2018-12-15 9:03 ` [PATCH 10/24] mac80211: never pass NULL params to ieee80211_if_add() Luca Coelho
2018-12-15 9:03 ` [PATCH 11/24] mac80211: fix radiotap vendor presence bitmap handling Luca Coelho
2018-12-15 9:03 ` [PATCH 12/24] mac80211: ignore NullFunc frames in the duplicate detection Luca Coelho
2018-12-15 17:31 ` Emmanuel Grumbach
2018-12-18 0:55 ` Coelho, Luciano
2018-12-15 9:03 ` [PATCH 13/24] cfg80211: pmsr: fix MAC address setting Luca Coelho
2018-12-18 12:17 ` Johannes Berg
2019-02-06 5:47 ` Luca Coelho
2019-02-06 5:53 ` Luca Coelho
2019-02-06 5:59 ` [PATCH v2 1/2] " Luca Coelho
2019-02-06 5:59 ` [PATCH 2/2] " Luca Coelho
2019-02-06 6:01 ` Luca Coelho
2019-02-06 6:03 ` Luca Coelho [this message]
2018-12-15 9:03 ` [PATCH 14/24] mac80211: update driver when MU EDCA params change Luca Coelho
2018-12-15 9:03 ` [PATCH 15/24] cfg80211: fix ieee80211_get_vht_max_nss() Luca Coelho
2018-12-15 9:03 ` [PATCH 16/24] mac80211: Properly handle SKB with radiotap only Luca Coelho
2018-12-15 9:03 ` [PATCH 17/24] cfg80211: Include the PMK and PMKID in NL80211_CMD_EXTERNAL_AUTH Luca Coelho
2019-01-25 12:41 ` Johannes Berg
2019-02-06 8:02 ` [PATCH v2] " Luca Coelho
2019-02-22 12:41 ` Johannes Berg
2019-03-08 11:26 ` Luciano Coelho
2018-12-15 9:03 ` [PATCH 18/24] mac80211: set STA flag DISABLE_HE if HE is not supported Luca Coelho
2018-12-15 9:03 ` [PATCH 19/24] mac80211: do not advertise HE cap IE if HE disabled Luca Coelho
2018-12-15 9:03 ` [PATCH 20/24] cfg80211: add some missing fall through annotations Luca Coelho
2018-12-15 9:03 ` [PATCH 21/24] nl80211: fix memory leak if validate_pae_over_nl80211() fails Luca Coelho
2018-12-15 9:03 ` [PATCH 22/24] cfg80211: clarify LCI/civic location documentation Luca Coelho
2018-12-15 9:03 ` [PATCH 23/24] mac80211: ftm responder: remove pointless defensive coding Luca Coelho
2018-12-15 9:03 ` [PATCH 24/24] mac80211: Properly access radiotap vendor data Luca Coelho
2018-12-18 12:06 ` [PATCH 00/24] cfg80211/mac80211 patches from our internal tree 2018-12-15 Johannes Berg
2018-12-18 12:08 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190206060310.12200-1-luca@coelho.fi \
--to=luca@coelho.fi \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).