Re: Suspicious RCU usage in mac80211

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
	Larry Finger <Larry.Finger@lwfinger.net>,
	Mohammed Shafi <shafi.wireless@gmail.com>,
	wireless <linux-wireless@vger.kernel.org>
Subject: Re: Suspicious RCU usage in mac80211
Date: Wed, 2 May 2012 13:09:55 -0700	[thread overview]
Message-ID: <20120502200955.GI2450@linux.vnet.ibm.com> (raw)
In-Reply-To: <1335978471.4295.3.camel@jlt3.sipsolutions.net>

On Wed, May 02, 2012 at 07:07:51PM +0200, Johannes Berg wrote:
> On Wed, 2012-05-02 at 11:00 +0100, Catalin Marinas wrote:
> 
> > > Your patch does not help. I still get the following dump in the log:
> 
> The patch is also wrong, we hold the mutex there and can't hold RCU read
> lock.
> 
> > > #0:  (scan_mutex){+.+...}, at: [<ffffffff8113b0d6>] kmemleak_scan_thread+0x56/0xd0
> > > #1:  (&tid_tx->session_timer){+.-...}, at: [<ffffffff8104853a>] 
> > > run_timer_softirq+0xfa/0x6e0
> > > #2:  (rcu_read_lock){.+.+..}, at: [<ffffffffa0449ff0>] 
> > > sta_tx_agg_session_timer_expired+0x0/0x2a0 [mac80211]
> > > 
> > > stack backtrace:
> > > Pid: 622, comm: kmemleak Not tainted 3.4.0-rc5-wl+ #287
> > > Call Trace:
> > >   <IRQ>  [<ffffffff8109309d>] lockdep_rcu_suspicious+0xfd/0x130
> > >   [<ffffffffa044a1cf>] sta_tx_agg_session_timer_expired+0x1df/0x2a0 [mac80211]
> > >   [<ffffffffa0449ff0>] ? ieee80211_start_tx_ba_session+0x450/0x450 [mac80211]
> > >   [<ffffffff810485c5>] run_timer_softirq+0x185/0x6e0
> > > 
> > > As kmemleak seems to be involved, I have added Catalin Marinas to the Cc list.
> 
> > Looking at the code and the logs, ieee80211_start_tx_ba_session() calls
> 
> I'm almost certain that ieee80211_start_tx_ba_session() is a bogus
> calltrace entry, since we're in a timer and that's not called from a
> timer.
> 
> > rcu_dereference_protected_tid_tx() which calls
> > rcu_dereference_protected() with the (lockdep_is_held(&sta->lock) ||
> > lockdep_is_held(&sta->ampdu_mlme.mtx)) condition which is false. As the
> > kernel log says, none of these locks are held, hence the warning.
> 
> So does that just mean we need to add rcu_read_lock_held() to the
> conditions? I thought that wasn't necessary? +Paul.

If you are using rcu_dereference_protected(), you really would need
to add rcu_read_lock_held().  Except that it is not legal to use
rcu_dereference_protected() within an RCU read-side critical section
because rcu_dereference_protected() does nothing to protect against
misordering mischief from the compiler and the CPU.  Actually, that
sounds like a useful coccinelle check, now that you mention it.

So you should instead use rcu_dereference_check().  This may be used
in an RCU read-side critical section, but may also be passed things like
(lockdep_is_held(&sta->lock) || lockdep_is_held(&sta->ampdu_mlme.mtx)).

							Thanx, Paul

next prev parent reply	other threads:[~2012-05-02 20:11 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-10  3:19 Suspicious RCU usage in mac80211 Larry Finger
2012-04-12  3:31 ` Johannes Berg
2012-04-12  3:51   ` Larry Finger
2012-04-12  3:54     ` Johannes Berg
2012-04-12 15:51       ` Larry Finger
2012-04-12 15:55         ` Johannes Berg
2012-05-01 14:25           ` Mohammed Shafi
2012-05-01 19:18             ` Larry Finger
2012-05-02  5:02               ` Mohammed Shafi
2012-05-02 10:00               ` Catalin Marinas
2012-05-02 17:07                 ` Johannes Berg
2012-05-02 20:09                   ` Paul E. McKenney [this message]
2012-05-03 18:38                     ` Johannes Berg
2012-05-04  6:17                       ` Larry Finger
2012-05-04  6:40                         ` Mohammed Shafi
2012-05-04  6:48                           ` Mohammed Shafi
2012-05-04 13:45                             ` Larry Finger
2012-05-04 14:35                               ` Mohammed Shafi
2012-05-03  3:02                   ` Larry Finger
2012-05-03  8:47                     ` Catalin Marinas
2012-05-03 16:54                       ` Larry Finger
2012-05-03 17:12                         ` Paul E. McKenney
2012-05-03 17:46                           ` Larry Finger
2012-05-03 18:22                             ` Paul E. McKenney
2012-05-03 18:32                               ` Larry Finger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120502200955.GI2450@linux.vnet.ibm.com \
    --to=paulmck@linux.vnet.ibm.com \
    --cc=Larry.Finger@lwfinger.net \
    --cc=catalin.marinas@arm.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=shafi.wireless@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).