From: Stefano Brivio <stefano.brivio@polimi.it>
To: Johannes Berg <johannes@sipsolutions.net>,
Michael Wu <flamingice@sourmilk.net>, Jiri Benc <jbenc@suse.cz>
Cc: linux-wireless@vger.kernel.org
Subject: [RFC PATCH 7/7] mac80211: fix sta_info locking
Date: Sun, 23 Dec 2007 05:08:44 +0100 [thread overview]
Message-ID: <20071223050844.4e6b8c13@morte> (raw)
In-Reply-To: <20071223033633.710907923@polimi.it>
While tinkering with a sta_info refcounting bug in rc80211-pid algorithm, I
discovered that calling sta_info_get() and then sta_info_put() right after
would cause a kernel panic on my uniprocessor, preemptible kernel. I
couldn't set up netconsole, however, most of the trace is reported below
(my camera did its best, as the trace wouldn't fit on the screen and I
couldn't scroll, so wasn't able to see the first part with naked eyes :).
EIP at delay_tsc+0x22/0x50
[couldn't read the EBX and such, but I guess you won't care]
panic+0xf9/0x100
die+0x1e0/0x1f0
do_page_fault+0x357/0x640
autoremove_wake_function+0x1b/0x50
__wake_up_common+0x3e/0x70
do_page_fault+0x0/0x640
error_code+0x6a/0x70
sta_info_get+0x3a/0x60 [mac80211]
__ieee80211_rx+0x290/0x1830 [mac80211]
skb_queue_tail+0x3b/0x70
ieee80211_rx_irqsafe+0x30/0x80 [mac80211]
ssb_pci_write32+0x22/0x70 [ssb]
ieee80211_tasklet_handler+0xaf/0xe0 [mac80211]
hrtimer_run_queues+0xf6/0x1a0
process_timeout+0x0/0x10
tasklet_action+0x27/0x60
__do_softirq+0x54/0xb0
do_softirq+0x7b/0xe0
handle_level_irq+0x0/0x110
irq_exit+0x30/0x40
do_IRQ+0x83/0xd0
common_interrupt+0x23/0x20
[...]
So I guessed that locking was lacking somewhere. The following patch fixes
the issue for me, but I'm not sure at all that it's the right fix. Thanks.
NOT-Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
---
Index: wireless-2.6/net/mac80211/sta_info.c
===================================================================
--- wireless-2.6.orig/net/mac80211/sta_info.c
+++ wireless-2.6/net/mac80211/sta_info.c
@@ -105,6 +105,7 @@ static void sta_info_release(struct kref
struct ieee80211_local *local = sta->local;
struct sk_buff *skb;
+ write_lock_bh(&local->sta_lock);
/* free sta structure; it has already been removed from
* hash table etc. external structures. Make sure that all
* buffered frames are release (one might have been added
@@ -118,6 +119,8 @@ static void sta_info_release(struct kref
}
rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv);
rate_control_put(sta->rate_ctrl);
+ write_unlock_bh(&local->sta_lock);
+
kfree(sta);
}
--
Ciao
Stefano
next prev parent reply other threads:[~2007-12-23 4:11 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20071223033633.710907923@polimi.it>
2007-12-23 3:39 ` [PATCH 1/7] rc80211-pid: export human-readable target_pf value to debugfs Stefano Brivio
[not found] ` <20071223120124.39050@gmx.net>
[not found] ` <20071223131135.391cc0bb@morte>
2007-12-23 12:19 ` Mattias Nissler
2007-12-23 12:41 ` Stefano Brivio
2007-12-23 3:40 ` [PATCH 2/7] rc80211-pid: add kerneldoc for tunable parameters Stefano Brivio
2007-12-23 3:41 ` [PATCH 3/7] rc80211-pid: simplify and fix shift_adjust Stefano Brivio
2007-12-23 3:43 ` [PATCH 4/7] rc80211-pid: fix sta_info refcounting Stefano Brivio
2007-12-23 10:15 ` Johannes Berg
2007-12-23 3:44 ` [PATCH 5/7] rc80211-pid: pf_target tuning Stefano Brivio
2007-12-23 3:46 ` [PATCH 6/7] rc80211-pid: add MAINTAINERS entry Stefano Brivio
2007-12-23 4:08 ` Stefano Brivio [this message]
2007-12-23 7:38 ` [RFC PATCH 7/7] mac80211: fix sta_info locking Johannes Berg
2007-12-23 10:18 ` Stefano Brivio
2007-12-23 10:36 ` Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071223050844.4e6b8c13@morte \
--to=stefano.brivio@polimi.it \
--cc=flamingice@sourmilk.net \
--cc=jbenc@suse.cz \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.