From: Cong Wang <xiyou.wangcong@gmail.com>
To: Ben Greear <greearb@candelatech.com>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: [PATCH v2] net-fq: Add WARN_ON check for null flow.
Date: Thu, 7 Jun 2018 17:13:41 -0700 [thread overview]
Message-ID: <CAM_iQpU8PjkQgmHRSi144L0LHUXrbOKYaetqUV3ECHzWs2cD-A@mail.gmail.com> (raw)
In-Reply-To: <1528415316-6379-1-git-send-email-greearb@candelatech.com>
On Thu, Jun 7, 2018 at 4:48 PM, <greearb@candelatech.com> wrote:
> From: Ben Greear <greearb@candelatech.com>
>
> While testing an ath10k firmware that often crashed under load,
> I was seeing kernel crashes as well. One of them appeared to
> be a dereference of a NULL flow object in fq_tin_dequeue.
>
> I have since fixed the firmware flaw, but I think it would be
> worth adding the WARN_ON in case the problem appears again.
>
> BUG: unable to handle kernel NULL pointer dereference at 000000000000003c
> IP: ieee80211_tx_dequeue+0xfb/0xb10 [mac80211]
Instead of adding WARN_ON(), you need to think about
the locking there, it is suspicious:
fq is from struct ieee80211_local:
struct fq *fq = &local->fq;
tin is from struct txq_info:
struct fq_tin *tin = &txqi->tin;
I don't know if fq and tin are supposed to be 1:1, if not there is
a bug in the locking, because ->new_flows and ->old_flows are
both inside tin instead of fq, but they are protected by fq->lock....
next prev parent reply other threads:[~2018-06-08 0:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-07 23:48 [PATCH v2] net-fq: Add WARN_ON check for null flow greearb
2018-06-07 23:59 ` Cong Wang
2018-06-08 14:08 ` Ben Greear
[not found] ` <CAM_iQpULrWMNtgDcrZkc-uLtB0XOVFeZxQ6cFgpXwv7DtA9jzA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-06-08 15:17 ` Ben Greear
[not found] ` <1f11144f-7580-03f4-72bd-76b0907d7ed1-my8/4N5VtI7c+919tysfdA@public.gmane.org>
2018-06-08 21:40 ` Arend van Spriel
2018-06-10 17:10 ` Michał Kazior
2018-06-11 13:18 ` Ben Greear
2018-06-08 0:13 ` Cong Wang [this message]
2018-06-08 14:10 ` Ben Greear
2018-06-08 14:53 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAM_iQpU8PjkQgmHRSi144L0LHUXrbOKYaetqUV3ECHzWs2cD-A@mail.gmail.com \
--to=xiyou.wangcong@gmail.com \
--cc=greearb@candelatech.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).