Re: wl12xx compat wireless rcu_read_lock issue

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Luciano Coelho <coelho@ti.com>
To: "DE CESCO, Jonathan" <jonathanc@ti.com>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
	Arik Nemtsov <arik@wizery.com>
Subject: Re: wl12xx compat wireless rcu_read_lock issue
Date: Tue, 11 Jan 2011 13:28:20 +0200	[thread overview]
Message-ID: <1294745300.12992.90.camel@pimenta> (raw)
In-Reply-To: <13872098A06B02418CF379A158C0F146015BEB592B@dnce02.ent.ti.com>

On Tue, 2011-01-11 at 11:22 +0100, DE CESCO, Jonathan wrote:
> Hi,
> 
> When trying to test wl12xx driver from compat-wireless-2010-12-13 (with a wl1273 device), I notice a crash when initializing the wlan interface.
> 
> Find below the patch that seems to solve the issue:
> 
> diff --git a/compat-wireless-2010-12-13/drivers/net/wireless/wl12xx/main.c b/compat-wireless-2010-12-13/drivers/net/wireless/wl12xx/main.c
> index 1fc5a36..480f44b 100644
> --- a/compat-wireless-2010-12-13/drivers/net/wireless/wl12xx/main.c
> +++ b/compat-wireless-2010-12-13/drivers/net/wireless/wl12xx/main.c
> @@ -1858,11 +1858,17 @@ static void wl1271_op_bss_info_changed(struct ieee80211_hw *hw,
>  {
>             enum wl1271_cmd_ps_mode mode;
>             struct wl1271 *wl = hw->priv;
> -           struct ieee80211_sta *sta = ieee80211_find_sta(vif, bss_conf->bssid);
> +          rcu_read_lock();
> +          struct ieee80211_sta *sta;
>             bool do_join = false;
>             bool set_assoc = false;
>             int ret;
> 
> +          sta = ieee80211_find_sta(vif, bss_conf->bssid);
> +          if (!sta) {
> +                      rcu_read_unlock();
> +                      return;
> +          }
> 
>             wl1271_debug(DEBUG_MAC80211, "mac80211 bss info changed");
> +     	rcu_read_unlock();
>             mutex_lock(&wl->mutex);
> 
> --
> 
> Is this a known bug that has already been encountered? I am using the compat wireless flavor of the mac80211 framework and driver so I don't really know if you can come across this issue with standard kernel.

I hadn't seen it before, but then again, I just integrated the AP
patches which added this code.  The code has been tested quite well
before, but indeed this is broken.

We need to lock the RCU before calling ieee80211_find_sta() and also
whenever we access the resulting pointer.

In your patch, the if (!sta) part is wrong, because we still do lots of
things in this function even if sta is NULL.  So that if can be removed.

Also, because the RCU lock needs to be held when the returned pointer is
accessed, we should hold it until the end of the function.

>From mac80211 documentation:

/**
 * ieee80211_find_sta - find a station
 *
 * @vif: virtual interface to look for station on
 * @addr: station's address
 *
 * This function must be called under RCU lock and the
 * resulting pointer is only valid under RCU lock as well.
 */

Thanks for reporting this!

-- 
Cheers,
Luca.

next prev parent reply	other threads:[~2011-01-11 11:28 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-03 13:42 [PATCH 0/2] wl12xx: BA Initiator & receiver support Shahar Levi
2011-01-03 13:42 ` [PATCH v5 1/2] wl12xx: BA initiator support Shahar Levi
2011-01-10 15:00   ` Luciano Coelho
     [not found]     ` <AANLkTi=KnSjVVCN=9=PaL9_GYpDOpJFvD-LGxFXEevhw@mail.gmail.com>
2011-01-11  0:18       ` Levi, Shahar
2011-01-11  8:04         ` Luciano Coelho
2011-01-16  9:12           ` Levi, Shahar
2011-01-11 10:22         ` wl12xx compat wireless rcu_read_lock issue DE CESCO, Jonathan
2011-01-11 11:28           ` Luciano Coelho [this message]
     [not found]             ` <AANLkTi=4H6TXvXWi_KVBEn3G_aNW_8qZfBF7g36WRED6@mail.gmail.com>
2011-01-11 16:59               ` Luciano Coelho
2011-01-03 13:42 ` [PATCH v3 2/2] wl12xx: BA receiver support Shahar Levi
2011-01-10 15:44   ` Luciano Coelho
2011-01-11  0:54     ` Levi, Shahar
2011-01-16 13:38       ` Levi, Shahar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1294745300.12992.90.camel@pimenta \
    --to=coelho@ti.com \
    --cc=arik@wizery.com \
    --cc=jonathanc@ti.com \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).