* Re: [PATCH] mwifiex: Fix possible ABBA deadlock
2021-11-30 0:47 ` [PATCH] mwifiex: Fix possible ABBA deadlock Brian Norris
@ 2021-11-30 2:18 ` Jia-Ju Bai
2021-12-01 21:09 ` Doug Anderson
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Jia-Ju Bai @ 2021-11-30 2:18 UTC (permalink / raw)
To: Brian Norris
Cc: amitkarwar, ganapathi017, sharvari.harisangam, huxinming820,
kvalo, David Miller, kuba, linux-wireless, netdev, linux-kernel,
Doug Anderson
Hi Brian,
Thanks for your reply and explanation!
The patch looks good to me :)
Best wishes,
Jia-Ju Bai
On 2021/11/30 8:47, Brian Norris wrote:
> Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
>
> mwifiex_dequeue_tx_packet()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
> mwifiex_send_addba()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
>
> mwifiex_process_sta_tx_pause()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
> mwifiex_update_ralist_tx_pause()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
>
> Similar report for mwifiex_process_uap_tx_pause().
>
> While the locking expectations in this driver are a bit unclear, the
> Fixed commit only intended to protect the sta_ptr, so we can drop the
> lock as soon as we're done with it.
>
> IIUC, this deadlock cannot actually happen, because command event
> processing (which calls mwifiex_process_sta_tx_pause()) is
> sequentialized with TX packet processing (e.g.,
> mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
> But it's good not to leave this potential issue lurking.
>
> Fixes: ("f0f7c2275fb9 mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
> Cc: Douglas Anderson <dianders@chromium.org>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> ---
>
> On Tue, Nov 23, 2021 at 11:31:34AM +0800, Jia-Ju Bai wrote:
>> I am not quite sure whether these possible deadlocks are real and how to fix
>> them if they are real.
>> Any feedback would be appreciated, thanks :)
> I think these are at least theoretically real, and so we should take
> something like the $subject patch probably. But I don't believe we can
> actually hit this due to the main-loop structure of this driver.
>
> Anyway, see the surrounding patch.
>
> Thanks,
> Brian
>
>
> drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/sta_event.c b/drivers/net/wireless/marvell/mwifiex/sta_event.c
> index 80e5d44bad9d..7d42c5d2dbf6 100644
> --- a/drivers/net/wireless/marvell/mwifiex/sta_event.c
> +++ b/drivers/net/wireless/marvell/mwifiex/sta_event.c
> @@ -365,10 +365,12 @@ static void mwifiex_process_uap_tx_pause(struct mwifiex_private *priv,
> sta_ptr = mwifiex_get_sta_entry(priv, tp->peermac);
> if (sta_ptr && sta_ptr->tx_pause != tp->tx_pause) {
> sta_ptr->tx_pause = tp->tx_pause;
> + spin_unlock_bh(&priv->sta_list_spinlock);
> mwifiex_update_ralist_tx_pause(priv, tp->peermac,
> tp->tx_pause);
> + } else {
> + spin_unlock_bh(&priv->sta_list_spinlock);
> }
> - spin_unlock_bh(&priv->sta_list_spinlock);
> }
> }
>
> @@ -400,11 +402,13 @@ static void mwifiex_process_sta_tx_pause(struct mwifiex_private *priv,
> sta_ptr = mwifiex_get_sta_entry(priv, tp->peermac);
> if (sta_ptr && sta_ptr->tx_pause != tp->tx_pause) {
> sta_ptr->tx_pause = tp->tx_pause;
> + spin_unlock_bh(&priv->sta_list_spinlock);
> mwifiex_update_ralist_tx_pause(priv,
> tp->peermac,
> tp->tx_pause);
> + } else {
> + spin_unlock_bh(&priv->sta_list_spinlock);
> }
> - spin_unlock_bh(&priv->sta_list_spinlock);
> }
> }
> }
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] mwifiex: Fix possible ABBA deadlock
2021-11-30 0:47 ` [PATCH] mwifiex: Fix possible ABBA deadlock Brian Norris
2021-11-30 2:18 ` Jia-Ju Bai
@ 2021-12-01 21:09 ` Doug Anderson
2021-12-08 18:37 ` Kalle Valo
2021-12-08 18:38 ` Kalle Valo
3 siblings, 0 replies; 6+ messages in thread
From: Doug Anderson @ 2021-12-01 21:09 UTC (permalink / raw)
To: Brian Norris
Cc: Jia-Ju Bai, amitkarwar, ganapathi017, sharvari.harisangam,
huxinming820, kvalo, David Miller, kuba, linux-wireless, netdev,
linux-kernel
Hi,
On Mon, Nov 29, 2021 at 4:47 PM Brian Norris <briannorris@chromium.org> wrote:
>
> Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
>
> mwifiex_dequeue_tx_packet()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
> mwifiex_send_addba()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
>
> mwifiex_process_sta_tx_pause()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
> mwifiex_update_ralist_tx_pause()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
>
> Similar report for mwifiex_process_uap_tx_pause().
>
> While the locking expectations in this driver are a bit unclear, the
> Fixed commit only intended to protect the sta_ptr, so we can drop the
> lock as soon as we're done with it.
>
> IIUC, this deadlock cannot actually happen, because command event
> processing (which calls mwifiex_process_sta_tx_pause()) is
> sequentialized with TX packet processing (e.g.,
> mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
> But it's good not to leave this potential issue lurking.
>
> Fixes: ("f0f7c2275fb9 mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
> Cc: Douglas Anderson <dianders@chromium.org>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> ---
>
> On Tue, Nov 23, 2021 at 11:31:34AM +0800, Jia-Ju Bai wrote:
> > I am not quite sure whether these possible deadlocks are real and how to fix
> > them if they are real.
> > Any feedback would be appreciated, thanks :)
>
> I think these are at least theoretically real, and so we should take
> something like the $subject patch probably. But I don't believe we can
> actually hit this due to the main-loop structure of this driver.
>
> Anyway, see the surrounding patch.
>
> Thanks,
> Brian
>
>
> drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Though I'm by no means an expert on this code and I wrote the patch in
question a long time ago, this seems reasonable to me. Thanks for
fixing.
Reviewed-by: Douglas Anderson <dianders@chromium.org>
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] mwifiex: Fix possible ABBA deadlock
2021-11-30 0:47 ` [PATCH] mwifiex: Fix possible ABBA deadlock Brian Norris
2021-11-30 2:18 ` Jia-Ju Bai
2021-12-01 21:09 ` Doug Anderson
@ 2021-12-08 18:37 ` Kalle Valo
2021-12-08 18:38 ` Kalle Valo
3 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2021-12-08 18:37 UTC (permalink / raw)
To: Brian Norris
Cc: Jia-Ju Bai, amitkarwar, ganapathi017, sharvari.harisangam,
huxinming820, kvalo, David Miller, kuba, linux-wireless, netdev,
linux-kernel, Doug Anderson
Brian Norris <briannorris@chromium.org> wrote:
> Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
>
> mwifiex_dequeue_tx_packet()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
> mwifiex_send_addba()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
>
> mwifiex_process_sta_tx_pause()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
> mwifiex_update_ralist_tx_pause()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
>
> Similar report for mwifiex_process_uap_tx_pause().
>
> While the locking expectations in this driver are a bit unclear, the
> Fixed commit only intended to protect the sta_ptr, so we can drop the
> lock as soon as we're done with it.
>
> IIUC, this deadlock cannot actually happen, because command event
> processing (which calls mwifiex_process_sta_tx_pause()) is
> sequentialized with TX packet processing (e.g.,
> mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
> But it's good not to leave this potential issue lurking.
>
> Fixes: ("f0f7c2275fb9 mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
> Cc: Douglas Anderson <dianders@chromium.org>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> Reviewed-by: Douglas Anderson <dianders@chromium.org>
Fixes tag is in wrong format, should be:
Fixes: f0f7c2275fb9 ("mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
I'll fix it during commit.
--
https://patchwork.kernel.org/project/linux-wireless/patch/YaV0pllJ5p/EuUat@google.com/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: mwifiex: Fix possible ABBA deadlock
2021-11-30 0:47 ` [PATCH] mwifiex: Fix possible ABBA deadlock Brian Norris
` (2 preceding siblings ...)
2021-12-08 18:37 ` Kalle Valo
@ 2021-12-08 18:38 ` Kalle Valo
3 siblings, 0 replies; 6+ messages in thread
From: Kalle Valo @ 2021-12-08 18:38 UTC (permalink / raw)
To: Brian Norris
Cc: Jia-Ju Bai, amitkarwar, ganapathi017, sharvari.harisangam,
huxinming820, kvalo, David Miller, kuba, linux-wireless, netdev,
linux-kernel, Doug Anderson
Brian Norris <briannorris@chromium.org> wrote:
> Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
>
> mwifiex_dequeue_tx_packet()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
> mwifiex_send_addba()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
>
> mwifiex_process_sta_tx_pause()
> spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
> mwifiex_update_ralist_tx_pause()
> spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
>
> Similar report for mwifiex_process_uap_tx_pause().
>
> While the locking expectations in this driver are a bit unclear, the
> Fixed commit only intended to protect the sta_ptr, so we can drop the
> lock as soon as we're done with it.
>
> IIUC, this deadlock cannot actually happen, because command event
> processing (which calls mwifiex_process_sta_tx_pause()) is
> sequentialized with TX packet processing (e.g.,
> mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
> But it's good not to leave this potential issue lurking.
>
> Fixes: f0f7c2275fb9 ("mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
> Cc: Douglas Anderson <dianders@chromium.org>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> Reviewed-by: Douglas Anderson <dianders@chromium.org>
Patch applied to wireless-drivers-next.git, thanks.
1b8bb8919ef8 mwifiex: Fix possible ABBA deadlock
--
https://patchwork.kernel.org/project/linux-wireless/patch/YaV0pllJ5p/EuUat@google.com/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 6+ messages in thread