| Message ID | 20230131090057.241779-1-martin@kaiser.cx |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2641853wrn;
Tue, 31 Jan 2023 01:05:44 -0800 (PST)
X-Google-Smtp-Source:
AK7set8UEnPau2UZL/XlhpMqiJ8Hzn3iY5u/AEE4A1B0mnUG1OFsfDBC5kBJjnPAc+SD8plofnYA
X-Received: by 2002:aa7:87cf:0:b0:593:b17e:ff89 with SMTP id
i15-20020aa787cf000000b00593b17eff89mr8362210pfo.1.1675155944064;
Tue, 31 Jan 2023 01:05:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1675155944; cv=none;
d=google.com; s=arc-20160816;
b=fAE0woyYErc5jHgSl74Nm2oeUpuf5ee/aFca+eRoqQqvJnQ1Xz6b4l3xoVglRSbo2L
LJpUV4a84j+3gkKlKeTen9mCprK7GANHNGXSZz4T3CJS9RXw2QskHQl0i6YMrXpP8ugo
40BPgiS8FXt0QCub16kUvJbJnlJuz/U3tGhGRZU4Q3XJPCk0C6TwpGNlgy6enrTZ3WFm
oP/IqknKSibrMczmiHi6bEk7XlEg/jvWBd+doCsIr8LSpJa/7WLUAcVn99QRGr7bbxXr
4UmcRNLsPtpC60OAFAiqpnouXc15tklf1fPZfQVHUIeipi8pPn6pyI3mscZLWdF0R3gZ
rbHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=sqOh214yh13tthZ7brHognvhVbXHbTsaJYB9e42XCx8=;
b=y4exPLnpHire1BTOYwEhPIFQn/yutlQAsExoypkaHXGWIfTgLi08fhYN0tPZoRKLLE
srejxCBva6ILLBdSrebAbT2eyjSM5EEin2HIoYl5AkiGMg229698X2TA+O2WCWR6xxz8
nOdOrgWZlQE4l4qGftxDefDQx5tYZ3Lk5K6M30xUFsGtyo+K8ARrg1ue23UNTaUqdWla
OLOGNIZEJe551d7/4Mc7j2o9ZMohXnfLKLc/HtimUDWSh62w9syfezV1l7kZDZuZPtEg
f+r5OOyVoXsTEVXo2r2VbYhAI1LmznkPbrGHV2K+774SzF8/lwmObj4c+FOXM+prWeeB
oSgQ==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
bq16-20020a056a000e1000b00590732902c5si14988440pfb.161.2023.01.31.01.05.31;
Tue, 31 Jan 2023 01:05:44 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231285AbjAaJFE (ORCPT <rfc822;maxin.john@gmail.com> + 99 others);
Tue, 31 Jan 2023 04:05:04 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57990 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232115AbjAaJEm (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 31 Jan 2023 04:04:42 -0500
Received: from viti.kaiser.cx (viti.kaiser.cx
[IPv6:2a01:238:43fe:e600:cd0c:bd4a:7a3:8e9f])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD46E4ED32
for <linux-kernel@vger.kernel.org>;
Tue, 31 Jan 2023 01:01:11 -0800 (PST)
Received: from dslb-188-096-143-205.188.096.pools.vodafone-ip.de
([188.96.143.205] helo=martin-debian-2.paytec.ch)
by viti.kaiser.cx with esmtpsa
(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.89)
(envelope-from <martin@kaiser.cx>)
id 1pMmVh-00052y-H3; Tue, 31 Jan 2023 10:01:01 +0100
From: Martin Kaiser <martin@kaiser.cx>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Larry Finger <Larry.Finger@lwfinger.net>,
Phillip Potter <phil@philpotter.co.uk>,
Michael Straube <straube.linux@gmail.com>,
Pavel Skripkin <paskripkin@gmail.com>,
linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org,
Martin Kaiser <martin@kaiser.cx>
Subject: [PATCH] staging: r8188eu: fix NULL check for rcu pointer
Date: Tue, 31 Jan 2023 10:00:57 +0100
Message-Id: <20230131090057.241779-1-martin@kaiser.cx>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756528319373741530?=
X-GMAIL-MSGID: =?utf-8?q?1756528319373741530?=
|
| Series |
staging: r8188eu: fix NULL check for rcu pointer
|
|
Commit Message
Martin Kaiser
Jan. 31, 2023, 9 a.m. UTC
Fix the NULL check for padapter->pnetdev->rx_handler_data.
The current code calls rcu_dereference while it holds the rcu read lock
and checks the pointer after releasing the lock. An rcu pointer may only be
used between calls to rcu_read_lock and rcu_read_unlock.
Replace the check with rcu_access_pointer. My understanding is that this
function returns the value of the pointer and needs no locking. We can
then check the pointer but we must not dereference it.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
---
drivers/staging/r8188eu/core/rtw_xmit.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
Comments
On Tue, Jan 31, 2023 at 10:00:57AM +0100, Martin Kaiser wrote: > Fix the NULL check for padapter->pnetdev->rx_handler_data. > > The current code calls rcu_dereference while it holds the rcu read lock > and checks the pointer after releasing the lock. An rcu pointer may only be > used between calls to rcu_read_lock and rcu_read_unlock. > > Replace the check with rcu_access_pointer. My understanding is that this > function returns the value of the pointer and needs no locking. We can > then check the pointer but we must not dereference it. > > Signed-off-by: Martin Kaiser <martin@kaiser.cx> What commit id does this fix? thanks, greg k-h
[ Resending because my email setup is crap and silently eats my out going mail. ] On Tue, Jan 31, 2023 at 10:00:57AM +0100, Martin Kaiser wrote: > Fix the NULL check for padapter->pnetdev->rx_handler_data. > > The current code calls rcu_dereference while it holds the rcu read lock > and checks the pointer after releasing the lock. An rcu pointer may only be > used between calls to rcu_read_lock and rcu_read_unlock. > > Replace the check with rcu_access_pointer. My understanding is that this > function returns the value of the pointer and needs no locking. We can > then check the pointer but we must not dereference it. > > Signed-off-by: Martin Kaiser <martin@kaiser.cx> This patch is fine but it's a clean up and not a fix. The original code doesn't dereference "br_port". I guess the new code is faster and especially if you have lockdep enabled, so maybe in that sense it is a fix. regards, dan carpenter
Hello Greg and all, Thus wrote Greg Kroah-Hartman (gregkh@linuxfoundation.org): > On Tue, Jan 31, 2023 at 10:00:57AM +0100, Martin Kaiser wrote: > > Fix the NULL check for padapter->pnetdev->rx_handler_data. > > The current code calls rcu_dereference while it holds the rcu read lock > > and checks the pointer after releasing the lock. An rcu pointer may only be > > used between calls to rcu_read_lock and rcu_read_unlock. > > Replace the check with rcu_access_pointer. My understanding is that this > > function returns the value of the pointer and needs no locking. We can > > then check the pointer but we must not dereference it. > > Signed-off-by: Martin Kaiser <martin@kaiser.cx> > What commit id does this fix? the code that checks br_port has been around since the driver was imported into staging. If the patch is considered as a fix, it should have Fixes: 15865124feed ("staging: r8188eu: introduce new core dir for RTL8188eu driver") Best regards, Martin
Hello Dan and all, Thus wrote Dan Carpenter (error27@gmail.com): > This patch is fine but it's a clean up and not a fix. The original code > doesn't dereference "br_port". I guess the new code is faster and > especially if you have lockdep enabled, so maybe in that sense it is a > fix. ok, I see. The br_port pointer may no longer be valid after rcu_unlock but we can still check it for NULL at that time without dereferencing it. Thanks for the clarification, Martin
On Tue, Jan 31, 2023 at 06:16:13PM +0100, Martin Kaiser wrote: > Hello Greg and all, > > Thus wrote Greg Kroah-Hartman (gregkh@linuxfoundation.org): > > > On Tue, Jan 31, 2023 at 10:00:57AM +0100, Martin Kaiser wrote: > > > Fix the NULL check for padapter->pnetdev->rx_handler_data. > > > > The current code calls rcu_dereference while it holds the rcu read lock > > > and checks the pointer after releasing the lock. An rcu pointer may only be > > > used between calls to rcu_read_lock and rcu_read_unlock. > > > > Replace the check with rcu_access_pointer. My understanding is that this > > > function returns the value of the pointer and needs no locking. We can > > > then check the pointer but we must not dereference it. > > > > Signed-off-by: Martin Kaiser <martin@kaiser.cx> > > > What commit id does this fix? > > the code that checks br_port has been around since the driver was > imported into staging. > > If the patch is considered as a fix, it should have > > Fixes: 15865124feed ("staging: r8188eu: introduce new core dir for RTL8188eu driver") I don't think it is a fix as we discuss later in the thread. But if it were then it's still really useful to record that. I normally don't record when Fixes are from before the git era because one time, ten years ago, one person said not to do that. But really even there I personally think Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") is useful. It tells the tools how far to backport things. It tells us if most of our bugs come from the very start or if we're introducing them later. regards, dan carpenter
diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c index 91f92ec5ef69..18941320e70e 100644 --- a/drivers/staging/r8188eu/core/rtw_xmit.c +++ b/drivers/staging/r8188eu/core/rtw_xmit.c @@ -1631,18 +1631,14 @@ s32 rtw_xmit(struct adapter *padapter, struct sk_buff **ppkt) struct xmit_priv *pxmitpriv = &padapter->xmitpriv; struct xmit_frame *pxmitframe = NULL; struct mlme_priv *pmlmepriv = &padapter->mlmepriv; - void *br_port = NULL; s32 res; pxmitframe = rtw_alloc_xmitframe(pxmitpriv); if (!pxmitframe) return -1; - rcu_read_lock(); - br_port = rcu_dereference(padapter->pnetdev->rx_handler_data); - rcu_read_unlock(); - - if (br_port && check_fwstate(pmlmepriv, WIFI_STATION_STATE | WIFI_ADHOC_STATE)) { + if (rcu_access_pointer(padapter->pnetdev->rx_handler_data) && + check_fwstate(pmlmepriv, WIFI_STATION_STATE | WIFI_ADHOC_STATE)) { res = rtw_br_client_tx(padapter, ppkt); if (res == -1) { rtw_free_xmitframe(pxmitpriv, pxmitframe);