From: Xinming Hu <huxm@marvell.com>
To: Brian Norris <briannorris@chromium.org>,
Ganapathi Bhat <gbhat@marvell.com>,
Nishant Sarmukadam <nishants@marvell.com>,
Cathy Luo <cluo@marvell.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Dmitry Torokhov" <dmitry.torokhov@gmail.com>,
Amitkumar Karwar <amitkarwar@gmail.com>,
Kalle Valo <kvalo@codeaurora.org>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
"Doug Anderson" <dianders@chromium.org>
Subject: RE: [PATCH 01/11] mwifiex: fixup error cases in mwifiex_add_virtual_intf()
Date: Wed, 17 May 2017 04:02:46 +0000 [thread overview]
Message-ID: <fe24e109e6524e57814a1d2060a45905@SC-EXCH02.marvell.com> (raw)
In-Reply-To: <20170512164208.38725-1-briannorris@chromium.org>
Hi,
This patch serials looks fine, thanks.
> -----Original Message-----
> From: linux-wireless-owner@vger.kernel.org
> [mailto:linux-wireless-owner@vger.kernel.org] On Behalf Of Brian Norris
> Sent: 2017年5月13日 0:42
> To: Ganapathi Bhat; Nishant Sarmukadam
> Cc: linux-kernel@vger.kernel.org; Dmitry Torokhov; Amitkumar Karwar; Kalle
> Valo; linux-wireless@vger.kernel.org; Doug Anderson; Brian Norris
> Subject: [PATCH 01/11] mwifiex: fixup error cases in mwifiex_add_virtual_intf()
>
> If we fail to add an interface in mwifiex_add_virtual_intf(), we might hit a
> BUG_ON() in the networking code, because we didn't tear things down
> properly. Among the problems:
>
> (a) when failing to allocate workqueues, we fail to unregister the
> netdev before calling free_netdev()
> (b) even if we do try to unregister the netdev, we're still holding the
> rtnl lock, so the device never properly unregistered; we'll be at
> state NETREG_UNREGISTERING, and then hit free_netdev()'s:
> BUG_ON(dev->reg_state != NETREG_UNREGISTERED);
> (c) we're allocating some dependent resources (e.g., DFS workqueues)
> after we've registered the interface; this may or may not cause
> problems, but it's good practice to allocate these before registering
> (d) we're not even trying to unwind anything when mwifiex_send_cmd() or
> mwifiex_sta_init_cmd() fail
>
> To fix these issues, let's:
>
> * add a stacked set of error handling labels, to keep error handling
> consistent and properly ordered (resolving (a) and (d))
> * move the workqueue allocations before the registration (to resolve
> (c); also resolves (b) by avoiding error cases where we have to
> unregister)
>
> [Incidentally, it's pretty easy to interrupt the alloc_workqueue() in, e.g., the
> following:
>
> iw phy phy0 interface add mlan0 type station
>
> by sending it SIGTERM.]
>
> This bugfix covers commits like commit 7d652034d1a0 ("mwifiex: channel
> switch support for mwifiex"), but parts of this bug exist all the way back to the
> introduction of dynamic interface handling in commit
> 93a1df48d224 ("mwifiex: add cfg80211 handlers add/del_virtual_intf").
>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> ---
> drivers/net/wireless/marvell/mwifiex/cfg80211.c | 71
> ++++++++++++-------------
> 1 file changed, 35 insertions(+), 36 deletions(-)
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> index 7ec06bf13413..025bc06a19d6 100644
> --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> @@ -2964,10 +2964,8 @@ struct wireless_dev
> *mwifiex_add_virtual_intf(struct wiphy *wiphy,
> if (!dev) {
> mwifiex_dbg(adapter, ERROR,
> "no memory available for netdevice\n");
> - memset(&priv->wdev, 0, sizeof(priv->wdev));
> - priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;
> - priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
> - return ERR_PTR(-ENOMEM);
> + ret = -ENOMEM;
> + goto err_alloc_netdev;
> }
>
> mwifiex_init_priv_params(priv, dev);
> @@ -2976,11 +2974,11 @@ struct wireless_dev
> *mwifiex_add_virtual_intf(struct wiphy *wiphy,
> ret = mwifiex_send_cmd(priv, HostCmd_CMD_SET_BSS_MODE,
> HostCmd_ACT_GEN_SET, 0, NULL, true);
> if (ret)
> - return ERR_PTR(ret);
> + goto err_set_bss_mode;
>
> ret = mwifiex_sta_init_cmd(priv, false, false);
> if (ret)
> - return ERR_PTR(ret);
> + goto err_sta_init;
>
> mwifiex_setup_ht_caps(&wiphy->bands[NL80211_BAND_2GHZ]->ht_cap,
> priv);
> if (adapter->is_hw_11ac_capable)
> @@ -3011,31 +3009,14 @@ struct wireless_dev
> *mwifiex_add_virtual_intf(struct wiphy *wiphy,
>
> SET_NETDEV_DEV(dev, adapter->dev);
>
> - /* Register network device */
> - if (register_netdevice(dev)) {
> - mwifiex_dbg(adapter, ERROR,
> - "cannot register virtual network device\n");
> - free_netdev(dev);
> - priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
> - priv->netdev = NULL;
> - memset(&priv->wdev, 0, sizeof(priv->wdev));
> - priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;
> - return ERR_PTR(-EFAULT);
> - }
> -
> priv->dfs_cac_workqueue = alloc_workqueue("MWIFIEX_DFS_CAC%s",
> WQ_HIGHPRI |
> WQ_MEM_RECLAIM |
> WQ_UNBOUND, 1, name);
> if (!priv->dfs_cac_workqueue) {
> - mwifiex_dbg(adapter, ERROR,
> - "cannot register virtual network device\n");
> - free_netdev(dev);
> - priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
> - priv->netdev = NULL;
> - memset(&priv->wdev, 0, sizeof(priv->wdev));
> - priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;
> - return ERR_PTR(-ENOMEM);
> + mwifiex_dbg(adapter, ERROR, "cannot alloc DFS CAC queue\n");
> + ret = -ENOMEM;
> + goto err_alloc_cac;
> }
>
> INIT_DELAYED_WORK(&priv->dfs_cac_work,
> mwifiex_dfs_cac_work_queue); @@ -3044,16 +3025,9 @@ struct wireless_dev
> *mwifiex_add_virtual_intf(struct wiphy *wiphy,
> WQ_HIGHPRI | WQ_UNBOUND |
> WQ_MEM_RECLAIM, 1, name);
> if (!priv->dfs_chan_sw_workqueue) {
> - mwifiex_dbg(adapter, ERROR,
> - "cannot register virtual network device\n");
> - free_netdev(dev);
> - priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
> - priv->netdev = NULL;
> - memset(&priv->wdev, 0, sizeof(priv->wdev));
> - priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;
> - destroy_workqueue(priv->dfs_cac_workqueue);
> - priv->dfs_cac_workqueue = NULL;
> - return ERR_PTR(-ENOMEM);
> + mwifiex_dbg(adapter, ERROR, "cannot alloc DFS channel sw
> queue\n");
> + ret = -ENOMEM;
> + goto err_alloc_chsw;
> }
>
> INIT_DELAYED_WORK(&priv->dfs_chan_sw_work,
> @@ -3061,6 +3035,13 @@ struct wireless_dev
> *mwifiex_add_virtual_intf(struct wiphy *wiphy,
>
> sema_init(&priv->async_sem, 1);
>
> + /* Register network device */
> + if (register_netdevice(dev)) {
> + mwifiex_dbg(adapter, ERROR, "cannot register network device\n");
> + ret = -EFAULT;
> + goto err_reg_netdev;
> + }
> +
> mwifiex_dbg(adapter, INFO,
> "info: %s: Marvell 802.11 Adapter\n", dev->name);
>
> @@ -3081,11 +3062,29 @@ struct wireless_dev
> *mwifiex_add_virtual_intf(struct wiphy *wiphy,
> adapter->curr_iface_comb.p2p_intf++;
> break;
> default:
> + /* This should be dead code; checked above */
> mwifiex_dbg(adapter, ERROR, "type not supported\n");
> return ERR_PTR(-EINVAL);
> }
>
> return &priv->wdev;
> +
> +err_reg_netdev:
> + destroy_workqueue(priv->dfs_chan_sw_workqueue);
> + priv->dfs_chan_sw_workqueue = NULL;
> +err_alloc_chsw:
> + destroy_workqueue(priv->dfs_cac_workqueue);
> + priv->dfs_cac_workqueue = NULL;
> +err_alloc_cac:
> + free_netdev(dev);
> + priv->netdev = NULL;
> +err_sta_init:
> +err_set_bss_mode:
> +err_alloc_netdev:
> + memset(&priv->wdev, 0, sizeof(priv->wdev));
> + priv->wdev.iftype = NL80211_IFTYPE_UNSPECIFIED;
> + priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
> + return ERR_PTR(ret);
> }
> EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf);
>
Regards,
Simon
> --
> 2.13.0.rc2.291.g57267f2277-goog
next prev parent reply other threads:[~2017-05-17 4:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-12 16:41 [PATCH 01/11] mwifiex: fixup error cases in mwifiex_add_virtual_intf() Brian Norris
2017-05-12 16:41 ` [PATCH 02/11] mwifiex: Don't release tx_ba_stream_tbl_lock while iterating Brian Norris
2017-05-12 16:42 ` [PATCH 03/11] mwifiex: Don't release cmd_pending_q_lock " Brian Norris
2017-05-12 16:42 ` [PATCH 04/11] mwifiex: Add locking to mwifiex_11n_delba Brian Norris
2017-05-12 16:42 ` [PATCH 05/11] mwifiex: don't drop lock between list-retrieval / list-deletion Brian Norris
2017-05-12 16:42 ` [PATCH 06/11] mwifiex: don't leak stashed beacon buffer on reset Brian Norris
2017-05-12 16:42 ` [PATCH 07/11] mwifiex: remove useless 'mwifiex_lock' Brian Norris
2017-05-12 16:42 ` [PATCH 08/11] mwifiex: remove redundant 'adapter' check in mwifiex_adapter_cleanup Brian Norris
2017-05-12 16:42 ` [PATCH 09/11] mwifiex: 11h: drop unnecessary check for '!priv' Brian Norris
2017-05-12 16:42 ` [PATCH 10/11] mwifiex: pcie: remove useless pdev check Brian Norris
2017-05-12 16:42 ` [PATCH 11/11] mwifiex: pcie: stop setting/clearing 'surprise_removed' Brian Norris
2017-05-17 4:02 ` Xinming Hu [this message]
2017-05-19 6:02 ` [01/11] mwifiex: fixup error cases in mwifiex_add_virtual_intf() Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe24e109e6524e57814a1d2060a45905@SC-EXCH02.marvell.com \
--to=huxm@marvell.com \
--cc=amitkarwar@gmail.com \
--cc=briannorris@chromium.org \
--cc=cluo@marvell.com \
--cc=dianders@chromium.org \
--cc=dmitry.torokhov@gmail.com \
--cc=gbhat@marvell.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=nishants@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).