From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Thomas Pedersen <thomas@eero.com>, Johannes Berg <johannes.berg@intel.com>, Sasha Levin <sashal@kernel.org>, linux-wireless@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.1 19/95] mac80211: mesh: fix RCU warning Date: Wed, 26 Jun 2019 20:29:04 -0400 Message-ID: <20190627003021.19867-19-sashal@kernel.org> (raw) In-Reply-To: <20190627003021.19867-1-sashal@kernel.org> From: Thomas Pedersen <thomas@eero.com> [ Upstream commit 551842446ed695641a00782cd118cbb064a416a1 ] ifmsh->csa is an RCU-protected pointer. The writer context in ieee80211_mesh_finish_csa() is already mutually exclusive with wdev->sdata.mtx, but the RCU checker did not know this. Use rcu_dereference_protected() to avoid a warning. fixes the following warning: [ 12.519089] ============================= [ 12.520042] WARNING: suspicious RCU usage [ 12.520652] 5.1.0-rc7-wt+ #16 Tainted: G W [ 12.521409] ----------------------------- [ 12.521972] net/mac80211/mesh.c:1223 suspicious rcu_dereference_check() usage! [ 12.522928] other info that might help us debug this: [ 12.523984] rcu_scheduler_active = 2, debug_locks = 1 [ 12.524855] 5 locks held by kworker/u8:2/152: [ 12.525438] #0: 00000000057be08c ((wq_completion)phy0){+.+.}, at: process_one_work+0x1a2/0x620 [ 12.526607] #1: 0000000059c6b07a ((work_completion)(&sdata->csa_finalize_work)){+.+.}, at: process_one_work+0x1a2/0x620 [ 12.528001] #2: 00000000f184ba7d (&wdev->mtx){+.+.}, at: ieee80211_csa_finalize_work+0x2f/0x90 [ 12.529116] #3: 00000000831a1f54 (&local->mtx){+.+.}, at: ieee80211_csa_finalize_work+0x47/0x90 [ 12.530233] #4: 00000000fd06f988 (&local->chanctx_mtx){+.+.}, at: ieee80211_csa_finalize_work+0x51/0x90 Signed-off-by: Thomas Pedersen <thomas@eero.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> --- net/mac80211/mesh.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index 766e5e5bab8a..d5aba5029cb0 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -1220,7 +1220,8 @@ int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data *sdata) ifmsh->chsw_ttl = 0; /* Remove the CSA and MCSP elements from the beacon */ - tmp_csa_settings = rcu_dereference(ifmsh->csa); + tmp_csa_settings = rcu_dereference_protected(ifmsh->csa, + lockdep_is_held(&sdata->wdev.mtx)); RCU_INIT_POINTER(ifmsh->csa, NULL); if (tmp_csa_settings) kfree_rcu(tmp_csa_settings, rcu_head); @@ -1242,6 +1243,8 @@ int ieee80211_mesh_csa_beacon(struct ieee80211_sub_if_data *sdata, struct mesh_csa_settings *tmp_csa_settings; int ret = 0; + lockdep_assert_held(&sdata->wdev.mtx); + tmp_csa_settings = kmalloc(sizeof(*tmp_csa_settings), GFP_ATOMIC); if (!tmp_csa_settings) -- 2.20.1
next prev parent reply index Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <20190627003021.19867-1-sashal@kernel.org> 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 08/95] bpf: fix out-of-bounds read in __bpf_skc_lookup Sasha Levin 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 09/95] samples, bpf: fix to change the buffer size for read() Sasha Levin 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 10/95] samples, bpf: suppress compiler warning Sasha Levin 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 11/95] bpf, riscv: clear target register high 32-bits for and/or/xor on ALU32 Sasha Levin 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 12/95] bpf: sockmap, restore sk_write_space when psock gets dropped Sasha Levin 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 13/95] mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() Sasha Levin 2019-06-27 0:28 ` [PATCH AUTOSEL 5.1 14/95] bpf: sockmap, fix use after free from sleep in psock backlog workqueue Sasha Levin 2019-06-27 0:29 ` Sasha Levin [this message] 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 20/95] mac80211: free peer keys before vif down in mesh Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 22/95] mwifiex: Fix possible buffer overflows at parsing bss descriptor Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 23/95] mwifiex: Abort at too short BSS descriptor element Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 24/95] bpf, riscv: clear high 32 bits for ALU32 add/sub/neg/lsh/rsh/arsh Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 25/95] iwlwifi: fix load in rfkill flow for unified firmware Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 26/95] iwlwifi: clear persistence bit according to device family Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 27/95] iwlwifi: fix AX201 killer sku loading firmware issue Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 28/95] iwlwifi: Fix double-free problems in iwl_req_fw_callback() Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 29/95] mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 30/95] bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 31/95] bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 32/95] netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 33/95] tools: bpftool: Fix JSON output when lookup fails Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 36/95] netfilter: ipv6: nf_defrag: accept duplicate fragments again Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 37/95] dt-bindings: can: mcp251x: add mcp25625 support Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 38/95] can: mcp251x: add support for mcp25625 Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 39/95] can: m_can: implement errata "Needless activation of MRAF irq" Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 40/95] can: af_can: Fix error path of can_init() Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 41/95] can: flexcan: Remove unneeded registration message Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 42/95] net: phy: rename Asix Electronics PHY driver Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 43/95] ibmvnic: Do not close unopened driver during reset Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 44/95] ibmvnic: Refresh device multicast list after reset Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 45/95] ibmvnic: Fix unchecked return codes of memory allocations Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 48/95] bpf: lpm_trie: check left child of last leftmost node for NULL Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 54/95] xdp: check device pointer before clearing Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 56/95] mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 58/95] bpf: fix div64 overflow tests to properly detect errors Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 64/95] mac80211: only warn once on chanctx_conf being NULL Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 65/95] mac80211: do not start any work during reconfigure flow Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 66/95] cfg80211: util: fix bit count off by one Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 67/95] cfg80211: report measurement start TSF correctly Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 68/95] bpf, devmap: Fix premature entry free on destroying map Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 69/95] bpf, devmap: Add missing bulk queue free Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 70/95] bpf, devmap: Add missing RCU read lock on flush Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 71/95] bpf, x64: fix stack layout of JITed bpf code Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 72/95] qmi_wwan: add support for QMAP padding in the RX path Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 73/95] qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode Sasha Levin 2019-06-27 0:29 ` [PATCH AUTOSEL 5.1 74/95] qmi_wwan: extend permitted QMAP mux_id value range Sasha Levin 2019-06-27 0:30 ` [PATCH AUTOSEL 5.1 75/95] bpf: fix nested bpf tracepoints with per-cpu data Sasha Levin 2019-06-27 0:30 ` [PATCH AUTOSEL 5.1 84/95] bnx2x: Check if transceiver implements DDM before access Sasha Levin 2019-06-27 0:30 ` [PATCH AUTOSEL 5.1 86/95] ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL Sasha Levin 2019-06-27 0:30 ` [PATCH AUTOSEL 5.1 87/95] net: lio_core: fix potential sign-extension overflow on large shift Sasha Levin 2019-06-27 0:30 ` [PATCH AUTOSEL 5.1 92/95] net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() Sasha Levin 2019-06-27 0:30 ` [PATCH AUTOSEL 5.1 95/95] net :sunrpc :clnt :Fix xps refcount imbalance on the error path Sasha Levin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190627003021.19867-19-sashal@kernel.org \ --to=sashal@kernel.org \ --cc=johannes.berg@intel.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-wireless@vger.kernel.org \ --cc=netdev@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=thomas@eero.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Netdev Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \ netdev@vger.kernel.org public-inbox-index netdev Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.netdev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git