All of lore.kernel.org
 help / color / mirror / Atom feed
From: Doug Anderson <dianders@chromium.org>
To: Brian Norris <briannorris@chromium.org>
Cc: Jia-Ju Bai <baijiaju1990@gmail.com>,
	amitkarwar@gmail.com, ganapathi017@gmail.com,
	sharvari.harisangam@nxp.com, huxinming820@gmail.com,
	kvalo@codeaurora.org, David Miller <davem@davemloft.net>,
	kuba@kernel.org, linux-wireless@vger.kernel.org,
	netdev@vger.kernel.org,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] mwifiex: Fix possible ABBA deadlock
Date: Wed, 1 Dec 2021 13:09:24 -0800	[thread overview]
Message-ID: <CAD=FV=UEA8JG8=tNWMdv2p9jgEm6KCGUeMCi1O4T7eVVnefZjg@mail.gmail.com> (raw)
In-Reply-To: <YaV0pllJ5p/EuUat@google.com>

Hi,

On Mon, Nov 29, 2021 at 4:47 PM Brian Norris <briannorris@chromium.org> wrote:
>
> Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
>
>   mwifiex_dequeue_tx_packet()
>      spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
>      mwifiex_send_addba()
>        spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
>
>   mwifiex_process_sta_tx_pause()
>      spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
>      mwifiex_update_ralist_tx_pause()
>        spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
>
> Similar report for mwifiex_process_uap_tx_pause().
>
> While the locking expectations in this driver are a bit unclear, the
> Fixed commit only intended to protect the sta_ptr, so we can drop the
> lock as soon as we're done with it.
>
> IIUC, this deadlock cannot actually happen, because command event
> processing (which calls mwifiex_process_sta_tx_pause()) is
> sequentialized with TX packet processing (e.g.,
> mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
> But it's good not to leave this potential issue lurking.
>
> Fixes: ("f0f7c2275fb9 mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
> Cc: Douglas Anderson <dianders@chromium.org>
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
> Signed-off-by: Brian Norris <briannorris@chromium.org>
> ---
>
> On Tue, Nov 23, 2021 at 11:31:34AM +0800, Jia-Ju Bai wrote:
> > I am not quite sure whether these possible deadlocks are real and how to fix
> > them if they are real.
> > Any feedback would be appreciated, thanks :)
>
> I think these are at least theoretically real, and so we should take
> something like the $subject patch probably. But I don't believe we can
> actually hit this due to the main-loop structure of this driver.
>
> Anyway, see the surrounding patch.
>
> Thanks,
> Brian
>
>
>  drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

Though I'm by no means an expert on this code and I wrote the patch in
question a long time ago, this seems reasonable to me. Thanks for
fixing.

Reviewed-by: Douglas Anderson <dianders@chromium.org>

  parent reply	other threads:[~2021-12-01 21:09 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-23  3:31 [BUG] marvell: mwifiex: two possible ABBA deadlocks Jia-Ju Bai
2021-11-30  0:47 ` [PATCH] mwifiex: Fix possible ABBA deadlock Brian Norris
2021-11-30  2:18   ` Jia-Ju Bai
2021-12-01 21:09   ` Doug Anderson [this message]
2021-12-08 18:37   ` Kalle Valo
2021-12-08 18:38   ` Kalle Valo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAD=FV=UEA8JG8=tNWMdv2p9jgEm6KCGUeMCi1O4T7eVVnefZjg@mail.gmail.com' \
    --to=dianders@chromium.org \
    --cc=amitkarwar@gmail.com \
    --cc=baijiaju1990@gmail.com \
    --cc=briannorris@chromium.org \
    --cc=davem@davemloft.net \
    --cc=ganapathi017@gmail.com \
    --cc=huxinming820@gmail.com \
    --cc=kuba@kernel.org \
    --cc=kvalo@codeaurora.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sharvari.harisangam@nxp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.