From: greearb@candelatech.com
To: linux-wireless@vger.kernel.org
Cc: Ben Greear <greearb@candelatech.com>
Subject: [PATCH wireless-next v2 08/28] wifi: mac80211: Debugfs safety checks.
Date: Thu, 12 Mar 2026 10:00:06 -0700 [thread overview]
Message-ID: <20260312170026.285494-9-greearb@candelatech.com> (raw)
In-Reply-To: <20260312170026.285494-1-greearb@candelatech.com>
From: Ben Greear <greearb@candelatech.com>
Safety checks in case links are not be properly cleaned up at
the time we are removing netdev debugfs. Since link debugfs
is child of netdev debugfs, and we are about to recursively clean
up the netdev tree, be sure to null out any debugfs inode pointers
in the child links.
Root cause of the inode use-after-free is something
different, but this patch may also make system more resiliant.
Signed-off-by: Ben Greear <greearb@candelatech.com>
---
net/mac80211/debugfs_netdev.c | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index bc2da35db4ae..000859b8c005 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -1037,9 +1037,33 @@ static void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata,
add_link_files(&sdata->deflink, sdata->vif.debugfs_dir);
}
+static void
+ieee80211_debugfs_clear_link_ptr(struct ieee80211_sub_if_data *sdata,
+ struct dentry *dir)
+{
+ struct ieee80211_link_data *link;
+ int i;
+
+ rcu_read_lock();
+
+ if (sdata->vif.debugfs_dir == dir)
+ sdata->vif.debugfs_dir = NULL;
+
+ for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
+ link = rcu_access_pointer(sdata->link[i]);
+ if (!link)
+ continue;
+
+ if (dir == link->debugfs_dir)
+ link->debugfs_dir = NULL;
+ }
+ rcu_read_unlock();
+}
+
void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
{
struct ieee80211_link_data *link;
+ struct dentry *dir;
int i;
if (!sdata->vif.debugfs_dir)
@@ -1061,8 +1085,10 @@ void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
}
rcu_read_unlock();
- debugfs_remove_recursive(sdata->vif.debugfs_dir);
+ dir = sdata->vif.debugfs_dir;
+ debugfs_remove_recursive(dir);
sdata->vif.debugfs_dir = NULL;
+ ieee80211_debugfs_clear_link_ptr(sdata, dir);
sdata->debugfs.subdir_stations = NULL;
}
@@ -1151,7 +1177,7 @@ void ieee80211_link_debugfs_drv_remove(struct ieee80211_link_data *link)
/* Recreate the directory excluding the driver data */
debugfs_remove_recursive(link->debugfs_dir);
- link->debugfs_dir = NULL;
+ ieee80211_debugfs_clear_link_ptr(link->sdata, link->debugfs_dir);
ieee80211_link_debugfs_add(link);
}
--
2.42.0
next prev parent reply other threads:[~2026-03-12 17:01 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-12 16:59 [PATCH wireless-next v2 00/28] iwlwifi + mac80211 stability greearb
2026-03-12 16:59 ` [PATCH wireless-next v2 01/28] wifi: iwlwifi: mld: Check for NULL before lookup greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 02/28] wifi: iwlwifi: mld: Add check for null vif in stats callback greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 03/28] wifi: wireless: Check debugfs create return values greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 04/28] wifi: mac80211: Check debugfs creation " greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 05/28] wifi: mac80211: do not fail taking sta to lower state greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 06/28] wifi: mac80211: Mark sta as uploaded if single transition succeeds greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 07/28] wifi: mac80211: Fix use-after-free of debugfs inodes greearb
2026-03-12 17:00 ` greearb [this message]
2026-03-12 17:00 ` [PATCH wireless-next v2 09/28] wifi: mac80211: Use warn-on-once in drv_remove_chanctxt greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 10/28] wifi: mac80211: Ensure sta debugfs is not double-freed greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 11/28] wifi: iwlwifi: mld: Fix stale reference in fw_id_to_link_sta greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 12/28] wifi: iwlwifi: mld: Improve logging in error cases greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 13/28] wifi: iwlwifi: mld: Remove warning about BAID greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 14/28] wifi: mac80211: Add dmesg log regarding warn-on in drv-stop greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 15/28] wifi: iwlwifi: mld: Fix use-after-free of bss_conf greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 16/28] wifi: iwlwifi: mld: Check for null in iwl_mld_wait_sta_txqs_empty greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 17/28] wifi: iwlwifi: mld: use warn-on-once in error path greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 18/28] wifi: iwlwifi: mld: Use warn-on-once in emlsr exit logic greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 19/28] wifi: iwlwifi: mld: Improve error message in rx path greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 20/28] wifi: iwlwifi: mld: Improve logging message greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 21/28] wifi: iwlwifi: mld: Protect from null mld_sta greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 22/28] wifi: mac80211: Add force-cleanup call to driver greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 23/28] wifi: iwlwifi: mld: Support force-cleanup op greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 24/28] wifi: iwlwifi: mld: Fix NPE in flush logic greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 25/28] wifi: iwlwifi: mld: Fix bad return address in tx code greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 26/28] wifi: mac80211: Ensure link work-items are only initialized once greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 27/28] wifi: iwlwifi: mld: Convert to WARN_ONCE in link removal path greearb
2026-03-12 17:00 ` [PATCH wireless-next v2 28/28] wifi: mac80211: Decrease WARN spam greearb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260312170026.285494-9-greearb@candelatech.com \
--to=greearb@candelatech.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox