* suspicious RCU usage in net/wireless/util.c:778
@ 2017-12-22 7:20 Dominik Brodowski
2017-12-30 13:11 ` v4.15-rc5 warning: " Dominik Brodowski
0 siblings, 1 reply; 9+ messages in thread
From: Dominik Brodowski @ 2017-12-22 7:20 UTC (permalink / raw)
To: netdev
[-- Attachment #1: Type: text/plain, Size: 2137 bytes --]
Dear all,
once the (wifi) link becomes ready, the following warning is emitted on
mainline (v4.15-rc4-202-gead68f216110) on my notebook:
[ 22.770422] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 22.772364] =============================
[ 22.772369] WARNING: suspicious RCU usage
[ 22.772375] 4.15.0-rc4+ #5 Not tainted
[ 22.772380] -----------------------------
[ 22.772386] /home/brodo/local/kernel/git/linux/net/wireless/util.c:778 suspicious rcu_dereference_check() usage!
[ 22.772391]
[ 22.772397]
[ 22.772402] 4 locks held by wpa_supplicant/774:
[ 22.772407] #0: (cb_lock){++++}, at: [<00000000276dc3a0>] genl_rcv+0x15/0x40
[ 22.772437] #1: (genl_mutex){+.+.}, at: [<0000000024d83eb3>] genl_rcv_msg+0x7a/0x90
[ 22.772463] #2: (rtnl_mutex){+.+.}, at: [<000000009de25a59>] nl80211_pre_doit+0xe9/0x190
[ 22.772489] #3: (&wdev->mtx){+.+.}, at: [<0000000089bf2cfd>] nl80211_send_iface+0x317/0x8d0
[ 22.772516]
[ 22.772522] CPU: 3 PID: 774 Comm: wpa_supplicant Not tainted 4.15.0-rc4+ #5
[ 22.772528] Hardware name: Dell Inc. XPS 13 9343/0TM99H, BIOS A11 12/08/2016
[ 22.772532] Call Trace:
[ 22.772544] dump_stack+0x67/0x95
[ 22.772553] ieee80211_bss_get_ie+0x66/0x70
[ 22.772562] nl80211_send_iface+0x344/0x8d0
[ 22.772585] nl80211_get_interface+0x4b/0xa0
[ 22.772598] genl_family_rcv_msg+0x32e/0x3f0
[ 22.772607] ? preempt_count_sub+0x92/0xd0
[ 22.772645] genl_rcv_msg+0x47/0x90
[ 22.772652] ? genl_family_rcv_msg+0x3f0/0x3f0
[ 22.772661] netlink_rcv_skb+0x8a/0x120
[ 22.772677] genl_rcv+0x24/0x40
[ 22.772684] netlink_unicast+0x174/0x1f0
[ 22.772698] netlink_sendmsg+0x386/0x3d0
[ 22.772719] sock_sendmsg+0x2d/0x40
[ 22.772728] ___sys_sendmsg+0x2a7/0x300
[ 22.772748] ? netlink_sendmsg+0x13d/0x3d0
[ 22.772791] ? __sys_sendmsg+0x67/0xb0
[ 22.772797] __sys_sendmsg+0x67/0xb0
[ 22.772822] entry_SYSCALL_64_fastpath+0x18/0x85
This warning wasn't present in 4.15. Despite of it, networking seems to
work fine. Nonetheless, the code seems to need a bugfix.
Thanks,
Dominik
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread* v4.15-rc5 warning: suspicious RCU usage in net/wireless/util.c:778 2017-12-22 7:20 suspicious RCU usage in net/wireless/util.c:778 Dominik Brodowski @ 2017-12-30 13:11 ` Dominik Brodowski 2018-01-08 10:04 ` v4.15-rc7 regression/warning: " Dominik Brodowski 0 siblings, 1 reply; 9+ messages in thread From: Dominik Brodowski @ 2017-12-30 13:11 UTC (permalink / raw) To: netdev, linux-kernel; +Cc: regressions On Fri, Dec 22, 2017 at 08:20:12AM +0100, Dominik Brodowski wrote: > Dear all, > > once the (wifi) link becomes ready, the following warning is emitted on > mainline (v4.15-rc4-202-gead68f216110) on my notebook: ... and it is still present as of v4.15-rc5-149-g5aa90a845892 > [ 22.770422] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready > > [ 22.772364] ============================= > [ 22.772369] WARNING: suspicious RCU usage > [ 22.772375] 4.15.0-rc4+ #5 Not tainted > [ 22.772380] ----------------------------- > [ 22.772386] /home/brodo/local/kernel/git/linux/net/wireless/util.c:778 suspicious rcu_dereference_check() usage! > [ 22.772391] > [ 22.772397] > [ 22.772402] 4 locks held by wpa_supplicant/774: > [ 22.772407] #0: (cb_lock){++++}, at: [<00000000276dc3a0>] genl_rcv+0x15/0x40 > [ 22.772437] #1: (genl_mutex){+.+.}, at: [<0000000024d83eb3>] genl_rcv_msg+0x7a/0x90 > [ 22.772463] #2: (rtnl_mutex){+.+.}, at: [<000000009de25a59>] nl80211_pre_doit+0xe9/0x190 > [ 22.772489] #3: (&wdev->mtx){+.+.}, at: [<0000000089bf2cfd>] nl80211_send_iface+0x317/0x8d0 > [ 22.772516] > [ 22.772522] CPU: 3 PID: 774 Comm: wpa_supplicant Not tainted 4.15.0-rc4+ #5 > [ 22.772528] Hardware name: Dell Inc. XPS 13 9343/0TM99H, BIOS A11 12/08/2016 > [ 22.772532] Call Trace: > [ 22.772544] dump_stack+0x67/0x95 > [ 22.772553] ieee80211_bss_get_ie+0x66/0x70 > [ 22.772562] nl80211_send_iface+0x344/0x8d0 > [ 22.772585] nl80211_get_interface+0x4b/0xa0 > [ 22.772598] genl_family_rcv_msg+0x32e/0x3f0 > [ 22.772607] ? preempt_count_sub+0x92/0xd0 > [ 22.772645] genl_rcv_msg+0x47/0x90 > [ 22.772652] ? genl_family_rcv_msg+0x3f0/0x3f0 > [ 22.772661] netlink_rcv_skb+0x8a/0x120 > [ 22.772677] genl_rcv+0x24/0x40 > [ 22.772684] netlink_unicast+0x174/0x1f0 > [ 22.772698] netlink_sendmsg+0x386/0x3d0 > [ 22.772719] sock_sendmsg+0x2d/0x40 > [ 22.772728] ___sys_sendmsg+0x2a7/0x300 > [ 22.772748] ? netlink_sendmsg+0x13d/0x3d0 > [ 22.772791] ? __sys_sendmsg+0x67/0xb0 > [ 22.772797] __sys_sendmsg+0x67/0xb0 > [ 22.772822] entry_SYSCALL_64_fastpath+0x18/0x85 > > This warning wasn't present in 4.15. Despite of it, networking seems to > work fine. Nonetheless, the code seems to need a bugfix. Thanks, Dominik ^ permalink raw reply [flat|nested] 9+ messages in thread
* v4.15-rc7 regression/warning: suspicious RCU usage in net/wireless/util.c:778 2017-12-30 13:11 ` v4.15-rc5 warning: " Dominik Brodowski @ 2018-01-08 10:04 ` Dominik Brodowski 2018-01-14 18:03 ` [PATCH] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() Dominik Brodowski 0 siblings, 1 reply; 9+ messages in thread From: Dominik Brodowski @ 2018-01-08 10:04 UTC (permalink / raw) To: netdev, linux-kernel; +Cc: regressions On Sat, Dec 30, 2017 at 02:11:33PM +0100, Dominik Brodowski wrote: > On Fri, Dec 22, 2017 at 08:20:12AM +0100, Dominik Brodowski wrote: > > Dear all, > > > > once the (wifi) link becomes ready, the following warning is emitted on > > mainline (v4.15-rc4-202-gead68f216110) on my notebook: > > ... and it is still present as of v4.15-rc5-149-g5aa90a845892 ... and still present in v4.15-rc7: [ 0.000000] Linux version 4.15.0-rc7+ (brodo@light) (gcc version 7.2.1 20171224 (GCC)) #2 SMP PREEMPT Mon Jan 8 08:58:57 CET 2018 ... [ 19.182497] wlan0: associated [ 19.323473] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 19.324512] ============================= [ 19.324525] WARNING: suspicious RCU usage [ 19.324531] 4.15.0-rc7+ #2 Not tainted [ 19.324535] ----------------------------- [ 19.324541] /home/brodo/local/kernel/git/linux/net/wireless/util.c:778 suspicious rcu_dereference_check() usage! [ 19.324545] other info that might help us debug this: [ 19.324551] rcu_scheduler_active = 2, debug_locks = 1 [ 19.324556] 4 locks held by wpa_supplicant/777: [ 19.324561] #0: (cb_lock){++++}, at: [<00000000a93b95ca>] genl_rcv+0x15/0x40 [ 19.324590] #1: (genl_mutex){+.+.}, at: [<0000000088de9868>] genl_rcv_msg+0x7a/0x90 [ 19.324614] #2: (rtnl_mutex){+.+.}, at: [<00000000d05b811d>] nl80211_pre_doit+0xe9/0x190 [ 19.324639] #3: (&wdev->mtx){+.+.}, at: [<0000000015e6766b>] nl80211_send_iface+0x319/0x8d0 [ 19.324663] stack backtrace: [ 19.324670] CPU: 3 PID: 777 Comm: wpa_supplicant Not tainted 4.15.0-rc7+ #2 [ 19.324674] Hardware name: Dell Inc. XPS 13 9343/0TM99H, BIOS A11 12/08/2016 [ 19.324679] Call Trace: [ 19.324690] dump_stack+0x67/0x95 [ 19.324698] ieee80211_bss_get_ie+0x66/0x70 [ 19.324707] nl80211_send_iface+0x346/0x8d0 [ 19.324726] nl80211_get_interface+0x4b/0xa0 [ 19.324738] genl_family_rcv_msg+0x32e/0x3f0 [ 19.324747] ? preempt_count_sub+0x92/0xd0 [ 19.324780] genl_rcv_msg+0x47/0x90 [ 19.324787] ? genl_family_rcv_msg+0x3f0/0x3f0 [ 19.324796] netlink_rcv_skb+0x8a/0x120 [ 19.324811] genl_rcv+0x24/0x40 [ 19.324818] netlink_unicast+0x174/0x1f0 [ 19.324831] netlink_sendmsg+0x383/0x3d0 [ 19.324851] sock_sendmsg+0x2d/0x40 [ 19.324859] ___sys_sendmsg+0x2a8/0x300 [ 19.324877] ? netlink_sendmsg+0x13a/0x3d0 [ 19.324919] ? __sys_sendmsg+0x67/0xb0 [ 19.324925] __sys_sendmsg+0x67/0xb0 [ 19.324949] entry_SYSCALL_64_fastpath+0x18/0x85 [ 19.324955] RIP: 0033:0x779ea30ac037 [ 19.324960] RSP: 002b:00007ffd9ea8aa28 EFLAGS: 00000246 Anyone? Thanks, Dominik ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() 2018-01-08 10:04 ` v4.15-rc7 regression/warning: " Dominik Brodowski @ 2018-01-14 18:03 ` Dominik Brodowski 2018-01-14 21:58 ` Johannes Berg 0 siblings, 1 reply; 9+ messages in thread From: Dominik Brodowski @ 2018-01-14 18:03 UTC (permalink / raw) To: johannes.berg; +Cc: regressions, netdev, linux-wireless, linux-kernel As ieee80211_bss_get_ie() derefences an RCU, it needs to be called with rcu_read_lock held. Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces") Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> --- This patch fixes the regression I reported in the last couple of weeks for various v4.15-rcX revisions to netdev, where a "suspicious RCU usage" showed up in net/wireless/util.c:778. diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 2b3dbcd40e46..1eecc249fb5e 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2618,8 +2618,10 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag const u8 *ssid_ie; if (!wdev->current_bss) break; + rcu_read_lock(); ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub, WLAN_EID_SSID); + rcu_read_unlock(); if (!ssid_ie) break; if (nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() 2018-01-14 18:03 ` [PATCH] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() Dominik Brodowski @ 2018-01-14 21:58 ` Johannes Berg 2018-01-14 22:22 ` [PATCH v2] " Dominik Brodowski 0 siblings, 1 reply; 9+ messages in thread From: Johannes Berg @ 2018-01-14 21:58 UTC (permalink / raw) To: Dominik Brodowski; +Cc: regressions, netdev, linux-wireless, linux-kernel Hi, > Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces") > Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> > --- > > This patch fixes the regression I reported in the last couple of weeks for > various v4.15-rcX revisions to netdev, where a "suspicious RCU usage" > showed up in net/wireless/util.c:778. Huh. You should added linux-wireless to those reports, I simply didn't see them! > diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c > index 2b3dbcd40e46..1eecc249fb5e 100644 > --- a/net/wireless/nl80211.c > +++ b/net/wireless/nl80211.c > @@ -2618,8 +2618,10 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag > const u8 *ssid_ie; > if (!wdev->current_bss) > break; > + rcu_read_lock(); > ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub, > WLAN_EID_SSID); > + rcu_read_unlock(); > if (!ssid_ie) > break; > if (nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) This uses the ssid_ie, so that doesn't really seem right? The protection should extend beyond the usage. johannes ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() 2018-01-14 21:58 ` Johannes Berg @ 2018-01-14 22:22 ` Dominik Brodowski 2018-01-14 22:40 ` Johannes Berg 0 siblings, 1 reply; 9+ messages in thread From: Dominik Brodowski @ 2018-01-14 22:22 UTC (permalink / raw) To: Johannes Berg; +Cc: regressions, netdev, linux-wireless, linux-kernel As ieee80211_bss_get_ie() derefences an RCU, it needs to be called with rcu_read_lock held. Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces") Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> --- > This uses the ssid_ie, so that doesn't really seem right? The > protection should extend beyond the usage. Indeed -- I had misread the code and hadn't thought of ssid_ie also needing the protection during its lifetime. So here's a new version 2 -- which I will only be able to test tomorrow, though... Thanks, Dominik diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 2b3dbcd40e46..b53bd8db7974 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2618,12 +2618,15 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag const u8 *ssid_ie; if (!wdev->current_bss) break; + rcu_read_lock(); ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub, WLAN_EID_SSID); if (!ssid_ie) - break; + goto nla_rcu_unlock; if (nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) - goto nla_put_failure_locked; + goto nla_put_failure_rcu_locked; + nla_rcu_unlock: + rcu_read_unlock(); break; } default: @@ -2635,6 +2638,8 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag genlmsg_end(msg, hdr); return 0; + nla_put_failure_rcu_locked: + rcu_read_unlock(); nla_put_failure_locked: wdev_unlock(wdev); nla_put_failure: ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v2] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() 2018-01-14 22:22 ` [PATCH v2] " Dominik Brodowski @ 2018-01-14 22:40 ` Johannes Berg 2018-01-15 7:12 ` [PATCH v3] " Dominik Brodowski 0 siblings, 1 reply; 9+ messages in thread From: Johannes Berg @ 2018-01-14 22:40 UTC (permalink / raw) To: Dominik Brodowski; +Cc: regressions, netdev, linux-wireless, linux-kernel On Sun, 2018-01-14 at 23:22 +0100, Dominik Brodowski wrote: > > + rcu_read_lock(); > ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub, > WLAN_EID_SSID); > if (!ssid_ie) > - break; nit-picking now: that "break" here may have been easier before these changes > + goto nla_rcu_unlock; > if (nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) > - goto nla_put_failure_locked; > + goto nla_put_failure_rcu_locked; > + nla_rcu_unlock: > + rcu_read_unlock(); > break; but after, perhaps it's easier to just do if (ssid_ie && nla_put(...) goto nla_put_failure_rcu_locked; and avoid the extra label (but yeah, it's getting late) johannes ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v3] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() 2018-01-14 22:40 ` Johannes Berg @ 2018-01-15 7:12 ` Dominik Brodowski 2018-01-15 8:15 ` Johannes Berg 0 siblings, 1 reply; 9+ messages in thread From: Dominik Brodowski @ 2018-01-15 7:12 UTC (permalink / raw) To: Johannes Berg; +Cc: regressions, netdev, linux-wireless, linux-kernel As ieee80211_bss_get_ie() derefences an RCU to return ssid_ie, both the call to this function and any operation on this variable need protection by the RCU read lock. Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces") Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> --- > but after, perhaps it's easier to just do > > if (ssid_ie && > nla_put(...) > goto nla_put_failure_rcu_locked; > > and avoid the extra label (but yeah, it's getting late) OK, done that (and updated the commit message), and testet it. Thanks, Dominik diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 2b3dbcd40e46..ed87a97fcb0b 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2618,12 +2618,13 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag const u8 *ssid_ie; if (!wdev->current_bss) break; + rcu_read_lock(); ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub, WLAN_EID_SSID); - if (!ssid_ie) - break; - if (nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) - goto nla_put_failure_locked; + if (ssid_ie && + nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2)) + goto nla_put_failure_rcu_locked; + rcu_read_unlock(); break; } default: @@ -2635,6 +2636,8 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag genlmsg_end(msg, hdr); return 0; + nla_put_failure_rcu_locked: + rcu_read_unlock(); nla_put_failure_locked: wdev_unlock(wdev); nla_put_failure: ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v3] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() 2018-01-15 7:12 ` [PATCH v3] " Dominik Brodowski @ 2018-01-15 8:15 ` Johannes Berg 0 siblings, 0 replies; 9+ messages in thread From: Johannes Berg @ 2018-01-15 8:15 UTC (permalink / raw) To: Dominik Brodowski; +Cc: regressions, netdev, linux-wireless, linux-kernel On Mon, 2018-01-15 at 08:12 +0100, Dominik Brodowski wrote: > As ieee80211_bss_get_ie() derefences an RCU to return ssid_ie, both > the call to this function and any operation on this variable need > protection by the RCU read lock. > > Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces") > Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> > --- > > > but after, perhaps it's easier to just do > > > > if (ssid_ie && > > nla_put(...) > > goto nla_put_failure_rcu_locked; > > > > and avoid the extra label (but yeah, it's getting late) > > OK, done that (and updated the commit message), and testet it. > Applied, thanks! johannes ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-01-15 8:15 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-12-22 7:20 suspicious RCU usage in net/wireless/util.c:778 Dominik Brodowski 2017-12-30 13:11 ` v4.15-rc5 warning: " Dominik Brodowski 2018-01-08 10:04 ` v4.15-rc7 regression/warning: " Dominik Brodowski 2018-01-14 18:03 ` [PATCH] nl80211: take RCU read lock when calling ieee80211_bss_get_ie() Dominik Brodowski 2018-01-14 21:58 ` Johannes Berg 2018-01-14 22:22 ` [PATCH v2] " Dominik Brodowski 2018-01-14 22:40 ` Johannes Berg 2018-01-15 7:12 ` [PATCH v3] " Dominik Brodowski 2018-01-15 8:15 ` Johannes Berg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).