From patchwork Mon Apr 24 06:44:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mirsad Todorovac X-Patchwork-Id: 86883 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2558016vqo; Mon, 24 Apr 2023 00:20:29 -0700 (PDT) X-Google-Smtp-Source: AKy350ZjW13Qw7dnh1Jcc0vdsI56lM18PWIyS8xKPTE4RhSC5zH9/O9RTkk32fdqWNuWFgtfvQv/ X-Received: by 2002:a17:90a:4384:b0:24b:2d04:9174 with SMTP id r4-20020a17090a438400b0024b2d049174mr12909852pjg.0.1682320828990; Mon, 24 Apr 2023 00:20:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682320828; cv=none; d=google.com; s=arc-20160816; b=mP5GovJQIm3p1kbsiB1ZgpUzgdvLxbfnMxa4vwXoSOy7Nm5uNOTPE0pNu2yx56QUZm CHc+ZRz9nmPfFFrk6MZOCKhC4PfoZpBpgcYAAy7vPjKWXyqH2ThtBp5g+FZ+TF2+CtR9 UdpKdueloeUWeuOWPJDJAHW2c9NQKDMeVCk/VrdFu281wybSa+RYvJCx03SQKEHD55g/ V43URZPU+5JitmiN25OCCgMdmpPLdDKcFAQ10aEfp+kUozBG+Ff09ba7bza8kEgffxD8 gRS5aSjl7k40kvsOAp2S1LNPKG7fi7Rn1Mxhrxs2Pc1AgQhXT6JH7C+fd7/DxudHR6wV ySgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-signature; bh=gMMGzxj8uc9c/wsBXe4Z5PnbMVuJ21nPymphpTv4xSs=; b=NfhRCxEBdKdjyZnL66KUXD882Odz/FJDL6lOg1Nh/cAe7HInV3HUxcSig0wsaIR9Z7 0YQzGJNgoxTEmbIqzzJ8u0kz4tfI4A9uyQd9Nm59Ad7kLKevcJGZzceNvduCev9moNBL PPOYy/Q53Dx428g0t9zY7iKmDKx6YRNA11FyQQD4ZX7FMOL1uluYeYADgWu+svLN+atk ATPik+MjiUnsgdL2DZrYWCUZsc8MYazbxWkTkYBKu8jHCLOcx57FrWABb52pHcfGEOz4 ntuvio45X9BE/firksvqkEawuatYz9wckXvEYe5BMfzqERMXsUZU4okRcRYcsj4NfeYC fTZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=FgKxJXCq; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b="jt3vC/Je"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qe2-20020a17090b4f8200b00246d179dc81si11462743pjb.126.2023.04.24.00.20.14; Mon, 24 Apr 2023 00:20:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=FgKxJXCq; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b="jt3vC/Je"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230396AbjDXG72 (ORCPT + 99 others); Mon, 24 Apr 2023 02:59:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229603AbjDXG7Z (ORCPT ); Mon, 24 Apr 2023 02:59:25 -0400 Received: from domac.alu.hr (domac.alu.unizg.hr [161.53.235.3]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8490A10C; Sun, 23 Apr 2023 23:59:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by domac.alu.hr (Postfix) with ESMTP id 2BEFA6015E; Mon, 24 Apr 2023 08:59:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1682319560; bh=3tO6EbVQ8z0eptUMkn2/s5yOHPojDse+yfFlAtWzSHk=; h=From:To:Cc:Subject:Date:From; b=FgKxJXCqkW1O6MaQ9mOkf4fXsDK9sZvESxDfHqsE86G2edqmRxGMdNoRo/Ww1Zi3n 1cPgFnejWV55P6EEKDk/6jytmh72sJzaAnpNXg+JUePBJRef7ajxv7r0qcDCsj+wzk dmAf4321PPMLARQpOtxgxEFh+nBIqjzq/ByIkdpbZAbraAbkEra4EW4ka2YqyxxcJZ HCYkKPohQ1gCd+we0IB025648EKcgENuEUwFM1rAbZQqWmQ/1EGC7NYuhEjwjVAeor HA3CN8QtVH2N4UQFhg22iVWCWyb6BIRS1kyi3nz2a0JFYTIIKs6YZrhQhyknQexPRj 17O0w/9ZPmrzQ== X-Virus-Scanned: Debian amavisd-new at domac.alu.hr Received: from domac.alu.hr ([127.0.0.1]) by localhost (domac.alu.hr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VDsNyFfa392k; Mon, 24 Apr 2023 08:59:17 +0200 (CEST) Received: by domac.alu.hr (Postfix, from userid 1014) id 998B86015F; Mon, 24 Apr 2023 08:59:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1682319557; bh=3tO6EbVQ8z0eptUMkn2/s5yOHPojDse+yfFlAtWzSHk=; h=From:To:Cc:Subject:Date:From; b=jt3vC/JeoOa4aKnvVNMGQ7v6xDQIlMRJb7LF8NLKu6L+x8YbIrnKKitxKew5iJ39q fQmdjVueQTVFADdgESxNkzgvPb1sTWouH7CzwiKnneCzpoh8x9sHUXFeH6J9QHAiz5 6+ZLofUskV6UvMzj4gLFblNqlUDF8zJ/a2z0XXN+8eSyvQAbbw1/K16OlEdvJY8AJh Jub0zMblyHjgDRI/1SYNN8GVKHPoDzuc4EH8BPEYvcHc7gLA5CMOLR6O9wNARXw8hb hB32HL0GZJsZNJ/FDJz00JbhTKiWllXtiKu3QTtcgi1gjATpWcU0js3c5pAu2pknOq uo5LGrn/kq+kg== From: Mirsad Goran Todorovac To: Johannes Berg , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Johannes Berg , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Mirsad Goran Todorovac , Gregory Greenman , Alexander Wetzel Subject: [PATCH RFC v2 1/1] net: mac80211: fortify the spinlock against deadlock by interrupt Date: Mon, 24 Apr 2023 08:44:01 +0200 Message-Id: <20230424064359.45219-1-mirsad.todorovac@alu.unizg.hr> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1764041245934803299?= X-GMAIL-MSGID: =?utf-8?q?1764041245934803299?= In the function ieee80211_tx_dequeue() there is a particular locking sequence: begin: spin_lock(&local->queue_stop_reason_lock); q_stopped = local->queue_stop_reasons[q]; spin_unlock(&local->queue_stop_reason_lock); However small the chance (increased by ftracetest), an asynchronous interrupt can occur in between of spin_lock() and spin_unlock(), and the interrupt routine will attempt to lock the same &local->queue_stop_reason_lock again. This will cause a costly reset of the CPU and the wifi device or an altogether hang in the single CPU and single core scenario. This is the probable trace of the deadlock: Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: Possible unsafe locking scenario: Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: CPU0 Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: ---- Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: lock(&local->queue_stop_reason_lock); Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: lock(&local->queue_stop_reason_lock); Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel: *** DEADLOCK *** Fixes: 4444bc2116ae Link: https://lore.kernel.org/all/1f58a0d1-d2b9-d851-73c3-93fcc607501c@alu.unizg.hr/ Reported-by: Mirsad Goran Todorovac Cc: Gregory Greenman Cc: Johannes Berg Cc: David S. Miller Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Alexander Wetzel Signed-off-by: Mirsad Goran Todorovac --- v2: Minor rewording and clarification. Cc:-ed people that replied to the original bug report (forgot in v1 by omission). net/mac80211/tx.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 7699fb410670..45cb8e7bcc61 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3781,6 +3781,7 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, ieee80211_tx_result r; struct ieee80211_vif *vif = txq->vif; int q = vif->hw_queue[txq->ac]; + unsigned long flags; bool q_stopped; WARN_ON_ONCE(softirq_count() == 0); @@ -3789,9 +3790,9 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, return NULL; begin: - spin_lock(&local->queue_stop_reason_lock); + spin_lock_irqsave(&local->queue_stop_reason_lock, flags); q_stopped = local->queue_stop_reasons[q]; - spin_unlock(&local->queue_stop_reason_lock); + spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); if (unlikely(q_stopped)) { /* mark for waking later */