From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Ben Greear <greearb@candelatech.com>,
Johannes Berg <johannes@sipsolutions.net>,
"linux-wireless\@vger.kernel.org"
<linux-wireless@vger.kernel.org>
Subject: Re: lockdep warning in mac80211/tx.c, 4.13.16+ kernel, ath9k related
Date: Fri, 02 Feb 2018 11:19:29 +0100 [thread overview]
Message-ID: <87607f1yoe.fsf@toke.dk> (raw)
In-Reply-To: <488be568-d9c1-0697-9fa4-e1a623b4bed5@candelatech.com>
Ben Greear <greearb@candelatech.com> writes:
> On 02/01/2018 02:47 PM, Johannes Berg wrote:
>> On Thu, 2018-02-01 at 23:40 +0100, Johannes Berg wrote:
>>>
>>> The code does a plain rcu_dereference(), no locking other than
>>> rcu_read_lock() involved.
>>>
>>> On second thought though, I'm not convinced that your modifications
>>> caused the problem.
>>>
>>> Given your call stack, we'd expect rcu_read_lock() somewhere around
>>> ath_tid_dequeue (or its caller(s)), since ieee80211_tx_dequeue clearly
>>> requires it.
>>>
>>> Normally, ieee80211_tx_dequeue() is called from various places that
>>> probably come from mac80211 and already hold the rcu_read_lock(), e.g.
>>> the wake_tx_queue op.
>>>
>>> In this case, you're coming from drv_sta_state, so not sure why the
>>> driver thinks it's OK to call the dequeue there.
>>
>> Just to clarify - it could just be that in the "normal" case, when a
>> station dies, there's nothing on the queues - so the dequeue just
>> doesn't do anything and never goes into the code path where the
>> rcu_dereference() is, hence it might be a bug in mainline that just
>> never triggers in ordinary scenarios.
>
> It looks like the code in ath9k has not been changed in that area for
> some time.
Hmm, I think the issue here is that after the switch to mac80211 txqs,
the driver is now draining mac80211 queues, whereas before it was only
draining its own driver-internal queues (which are protected by the
ath_txq_lock() that ath_tx_node_cleanup() does grab). And when the
switch to the mac80211 queues happened, a call to rcu_read_lock() should
have been added. But, well, I had no idea this was needed until just
now, so obviously I didn't add that... :)
> Would adding rcu_read_lock in drv_sta_state() be a possibility?
Think it should probably just be added in ath_tx_node_cleanup()? Can
send a patch...
-Toke
prev parent reply other threads:[~2018-02-02 10:19 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 0:53 lockdep warning in mac80211/tx.c, 4.13.16+ kernel, ath9k related Ben Greear
2018-02-01 22:23 ` Johannes Berg
2018-02-01 22:33 ` Ben Greear
2018-02-01 22:40 ` Johannes Berg
2018-02-01 22:47 ` Johannes Berg
2018-02-01 23:21 ` Ben Greear
2018-02-02 10:19 ` Toke Høiland-Jørgensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87607f1yoe.fsf@toke.dk \
--to=toke@toke.dk \
--cc=greearb@candelatech.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).