Re: Suspicious RCU usage in mac80211

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Catalin Marinas <catalin.marinas@arm.com>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Mohammed Shafi <shafi.wireless@gmail.com>,
	Johannes Berg <johannes@sipsolutions.net>,
	wireless <linux-wireless@vger.kernel.org>
Subject: Re: Suspicious RCU usage in mac80211
Date: Wed, 2 May 2012 11:00:12 +0100	[thread overview]
Message-ID: <20120502100012.GA8492@arm.com> (raw)
In-Reply-To: <4FA0371E.9040704@lwfinger.net>

On Tue, May 01, 2012 at 08:18:54PM +0100, Larry Finger wrote:
> On 05/01/2012 09:25 AM, Mohammed Shafi wrote:
> > i just looked into the code and compared it with
> > sta_addba_resp_timer_expired and thought whether we should do
> > this..
> 
> Your patch does not help. I still get the following dump in the log:
> 
> ===============================
> [ INFO: suspicious RCU usage. ]
> 3.4.0-rc5-wl+ #287 Not tainted
> -------------------------------
> net/mac80211/sta_info.h:456 suspicious rcu_dereference_protected() usage!
> 
> other info that might help us debug this:
> 
> rcu_scheduler_active = 1, debug_locks = 0
> 3 locks held by kmemleak/622:
> #0:  (scan_mutex){+.+...}, at: [<ffffffff8113b0d6>] kmemleak_scan_thread+0x56/0xd0
> #1:  (&tid_tx->session_timer){+.-...}, at: [<ffffffff8104853a>] 
> run_timer_softirq+0xfa/0x6e0
> #2:  (rcu_read_lock){.+.+..}, at: [<ffffffffa0449ff0>] 
> sta_tx_agg_session_timer_expired+0x0/0x2a0 [mac80211]
> 
> stack backtrace:
> Pid: 622, comm: kmemleak Not tainted 3.4.0-rc5-wl+ #287
> Call Trace:
>   <IRQ>  [<ffffffff8109309d>] lockdep_rcu_suspicious+0xfd/0x130
>   [<ffffffffa044a1cf>] sta_tx_agg_session_timer_expired+0x1df/0x2a0 [mac80211]
>   [<ffffffffa0449ff0>] ? ieee80211_start_tx_ba_session+0x450/0x450 [mac80211]
>   [<ffffffff810485c5>] run_timer_softirq+0x185/0x6e0
> 
> As kmemleak seems to be involved, I have added Catalin Marinas to the Cc list.

It doesn't look related to kmemleak. It just happens that
sta_tx_agg_session_timer_expired() was called from a timer when the
kmemleak scanning thread was running (pretty likely as this thread can
take minutes to complete).

Looking at the code and the logs, ieee80211_start_tx_ba_session() calls
rcu_dereference_protected_tid_tx() which calls
rcu_dereference_protected() with the (lockdep_is_held(&sta->lock) ||
lockdep_is_held(&sta->ampdu_mlme.mtx)) condition which is false. As the
kernel log says, none of these locks are held, hence the warning.

Either the rcu_dereference annotation is wrong (introduced by commit
40b275 "mac80211: sparse RCU annotations") or there is something wrong
in the code and the RCU pointer is dereferenced without any of those
locks held.

-- 
Catalin

next prev parent reply	other threads:[~2012-05-02 10:00 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-10  3:19 Suspicious RCU usage in mac80211 Larry Finger
2012-04-12  3:31 ` Johannes Berg
2012-04-12  3:51   ` Larry Finger
2012-04-12  3:54     ` Johannes Berg
2012-04-12 15:51       ` Larry Finger
2012-04-12 15:55         ` Johannes Berg
2012-05-01 14:25           ` Mohammed Shafi
2012-05-01 19:18             ` Larry Finger
2012-05-02  5:02               ` Mohammed Shafi
2012-05-02 10:00               ` Catalin Marinas [this message]
2012-05-02 17:07                 ` Johannes Berg
2012-05-02 20:09                   ` Paul E. McKenney
2012-05-03 18:38                     ` Johannes Berg
2012-05-04  6:17                       ` Larry Finger
2012-05-04  6:40                         ` Mohammed Shafi
2012-05-04  6:48                           ` Mohammed Shafi
2012-05-04 13:45                             ` Larry Finger
2012-05-04 14:35                               ` Mohammed Shafi
2012-05-03  3:02                   ` Larry Finger
2012-05-03  8:47                     ` Catalin Marinas
2012-05-03 16:54                       ` Larry Finger
2012-05-03 17:12                         ` Paul E. McKenney
2012-05-03 17:46                           ` Larry Finger
2012-05-03 18:22                             ` Paul E. McKenney
2012-05-03 18:32                               ` Larry Finger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120502100012.GA8492@arm.com \
    --to=catalin.marinas@arm.com \
    --cc=Larry.Finger@lwfinger.net \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=shafi.wireless@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.