Re: [PATCH net] wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kalle Valo <kvalo@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Paolo Abeni" <pabeni@redhat.com>,
	"Johannes Berg" <johannes@sipsolutions.net>,
	linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
	eric.dumazet@gmail.com, "Toke Høiland-Jørgensen" <toke@toke.dk>
Subject: Re: [PATCH net] wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
Date: Mon, 17 Jun 2024 16:15:25 +0300	[thread overview]
Message-ID: <87zfrjk8wi.fsf@kernel.org> (raw)
In-Reply-To: <20240615160800.250667-1-edumazet@google.com> (Eric Dumazet's message of "Sat, 15 Jun 2024 16:08:00 +0000")

Eric Dumazet <edumazet@google.com> writes:

> syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM
> to 2^31.
>
> We had a similar issue in sch_fq, fixed with commit
> d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM")
>
> watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]
> Modules linked in:
> irq event stamp: 131135
>  hardirqs last  enabled at (131134): [<ffff80008ae8778c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]
>  hardirqs last  enabled at (131134): [<ffff80008ae8778c>] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95
>  hardirqs last disabled at (131135): [<ffff80008ae85378>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
>  hardirqs last disabled at (131135): [<ffff80008ae85378>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
>  softirqs last  enabled at (125892): [<ffff80008907e82c>] neigh_hh_init net/core/neighbour.c:1538 [inline]
>  softirqs last  enabled at (125892): [<ffff80008907e82c>] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553
>  softirqs last disabled at (125896): [<ffff80008904166c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
> CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
> Workqueue: mld mld_ifc_work
> pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>  pc : __list_del include/linux/list.h:195 [inline]
>  pc : __list_del_entry include/linux/list.h:218 [inline]
>  pc : list_move_tail include/linux/list.h:310 [inline]
>  pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]
>  pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854
>  lr : __list_del_entry include/linux/list.h:218 [inline]
>  lr : list_move_tail include/linux/list.h:310 [inline]
>  lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]
>  lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854
> sp : ffff800093d36700
> x29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000
> x26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0
> x23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0
> x20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0
> x17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8
> x14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff
> x11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000
> x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
> x5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc
> x2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470
> Call trace:
>   __list_del include/linux/list.h:195 [inline]
>   __list_del_entry include/linux/list.h:218 [inline]
>   list_move_tail include/linux/list.h:310 [inline]
>   fq_tin_dequeue include/net/fq_impl.h:112 [inline]
>   ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854
>   wake_tx_push_queue net/mac80211/util.c:294 [inline]
>   ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315
>   drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]
>   schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]
>   ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664
>   ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966
>   ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062
>   __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338
>   ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532
>   __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
>   netdev_start_xmit include/linux/netdevice.h:4917 [inline]
>   xmit_one net/core/dev.c:3531 [inline]
>   dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547
>   __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341
>   dev_queue_xmit include/linux/netdevice.h:3091 [inline]
>   neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563
>   neigh_output include/net/neighbour.h:542 [inline]
>   ip6_finish_output2+0x104c/0x1ee8 net/ipv6/ip6_output.c:137
>   ip6_finish_output+0x428/0x7a0 net/ipv6/ip6_output.c:222
>   NF_HOOK_COND include/linux/netfilter.h:303 [inline]
>   ip6_output+0x270/0x594 net/ipv6/ip6_output.c:243
>   dst_output include/net/dst.h:450 [inline]
>   NF_HOOK+0x160/0x4f0 include/linux/netfilter.h:314
>   mld_sendpack+0x7b4/0x10f4 net/ipv6/mcast.c:1818
>   mld_send_cr net/ipv6/mcast.c:2119 [inline]
>   mld_ifc_work+0x840/0xd0c net/ipv6/mcast.c:2650
>   process_one_work+0x7b8/0x15d4 kernel/workqueue.c:3267
>   process_scheduled_works kernel/workqueue.c:3348 [inline]
>   worker_thread+0x938/0xef4 kernel/workqueue.c:3429
>   kthread+0x288/0x310 kernel/kthread.c:388
>   ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
>
> Fixes: 52539ca89f36 ("cfg80211: Expose TXQ stats and parameters to userspace")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

cfg80211 patches go to wireless tree, not net.

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

next prev parent reply	other threads:[~2024-06-17 13:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-15 16:08 [PATCH net] wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Eric Dumazet
2024-06-17 10:35 ` Toke Høiland-Jørgensen
2024-06-19  9:07   ` Eric Dumazet
2024-06-19  9:22     ` Eric Dumazet
2024-06-17 13:15 ` Kalle Valo [this message]
2024-06-19  9:10   ` Eric Dumazet
2024-06-19  9:52     ` Kalle Valo
2024-06-19  9:56       ` Eric Dumazet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87zfrjk8wi.fsf@kernel.org \
    --to=kvalo@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=johannes@sipsolutions.net \
    --cc=kuba@kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=toke@toke.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.