From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
syzbot+7d4f142f6c288de8abfe@syzkaller.appspotmail.com,
Murad Masimov <m.masimov@mt-integration.ru>,
Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 42/97] wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
Date: Wed, 7 May 2025 20:39:17 +0200 [thread overview]
Message-ID: <20250507183808.684358089@linuxfoundation.org> (raw)
In-Reply-To: <20250507183806.987408728@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Murad Masimov <m.masimov@mt-integration.ru>
[ Upstream commit 0fb15ae3b0a9221be01715dac0335647c79f3362 ]
plfxlc_mac_release() asserts that mac->lock is held. This assertion is
incorrect, because even if it was possible, it would not be the valid
behaviour. The function is used when probe fails or after the device is
disconnected. In both cases mac->lock can not be held as the driver is
not working with the device at the moment. All functions that use mac->lock
unlock it just after it was held. There is also no need to hold mac->lock
for plfxlc_mac_release() itself, as mac data is not affected, except for
mac->flags, which is modified atomically.
This bug leads to the following warning:
================================================================
WARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlc_mac_release+0x7d/0xa0
Modules linked in:
CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:plfxlc_mac_release+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106
Call Trace:
<TASK>
probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694
usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
driver_probe_device+0x50/0x420 drivers/base/dd.c:815
__device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:1015
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3696
usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
driver_probe_device+0x50/0x420 drivers/base/dd.c:815
__device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:1015
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3696
usb_new_device+0xbdd/0x18f0 drivers/usb/core/hub.c:2620
hub_port_connect drivers/usb/core/hub.c:5477 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5617 [inline]
port_event drivers/usb/core/hub.c:5773 [inline]
hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5855
process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
================================================================
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 68d57a07bfe5 ("wireless: add plfxlc driver for pureLiFi X, XL, XC devices")
Reported-by: syzbot+7d4f142f6c288de8abfe@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7d4f142f6c288de8abfe
Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru>
Link: https://patch.msgid.link/20250321185226.71-2-m.masimov@mt-integration.ru
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/purelifi/plfxlc/mac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/purelifi/plfxlc/mac.c b/drivers/net/wireless/purelifi/plfxlc/mac.c
index 87a4ff888ddd4..70d6f5244e5e4 100644
--- a/drivers/net/wireless/purelifi/plfxlc/mac.c
+++ b/drivers/net/wireless/purelifi/plfxlc/mac.c
@@ -103,7 +103,6 @@ int plfxlc_mac_init_hw(struct ieee80211_hw *hw)
void plfxlc_mac_release(struct plfxlc_mac *mac)
{
plfxlc_chip_release(&mac->chip);
- lockdep_assert_held(&mac->lock);
}
int plfxlc_op_start(struct ieee80211_hw *hw)
--
2.39.5
next prev parent reply other threads:[~2025-05-07 18:46 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-07 18:38 [PATCH 6.1 00/97] 6.1.138-rc1 review Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 01/97] Revert "rndis_host: Flag RNDIS modems as WWAN devices" Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 02/97] ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 03/97] drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 04/97] EDAC/altera: Test the correct error reg offset Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 05/97] EDAC/altera: Set DDR and SDMMC interrupt mask before registration Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 06/97] i2c: imx-lpi2c: Fix clock count when probe defers Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 07/97] arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 08/97] parisc: Fix double SIGFPE crash Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 09/97] perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPUs value Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 10/97] amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 11/97] irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 12/97] mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 13/97] wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 14/97] dm-integrity: fix a warning on invalid table line Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 15/97] dm: always update the array size in realloc_argv on success Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 16/97] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 17/97] iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 18/97] platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 19/97] ksmbd: fix use-after-free in kerberos authentication Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 20/97] cpufreq: Avoid using inconsistent policy->min and policy->max Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 21/97] cpufreq: Fix setting policy limits when frequency tables are used Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 22/97] tracing: Fix oob write in trace_seq_to_buffer() Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 23/97] xfs: fix error returns from xfs_bmapi_write Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 24/97] xfs: fix xfs_bmap_add_extent_delay_real for partial conversions Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 25/97] xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 26/97] xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 27/97] xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 28/97] xfs: validate recovered name buffers when recovering xattr items Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 29/97] xfs: revert commit 44af6c7e59b12 Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 30/97] xfs: match lock mode in xfs_buffered_write_iomap_begin() Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 31/97] xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 32/97] xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 33/97] xfs: convert delayed extents to unwritten when zeroing post eof blocks Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 34/97] xfs: allow symlinks with short remote targets Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 35/97] xfs: make sure sb_fdblocks is non-negative Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 36/97] xfs: fix freeing speculative preallocations for preallocated files Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 37/97] xfs: allow unlinked symlinks and dirs with zero size Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 38/97] xfs: restrict when we try to align cow fork delalloc to cowextsz hints Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 39/97] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 40/97] dm-bufio: dont schedule in atomic context Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 41/97] ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Greg Kroah-Hartman
2025-05-07 18:39 ` Greg Kroah-Hartman [this message]
2025-05-07 18:39 ` [PATCH 6.1 43/97] vxlan: vnifilter: Fix unlocked deletion of default FDB entry Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 44/97] net/mlx5: E-Switch, Initialize MAC Address for Default GID Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 45/97] net/mlx5: E-switch, Fix error handling for enabling roce Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 46/97] net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 47/97] net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 48/97] net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 49/97] net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 50/97] net_sched: drr: Fix double list add in class with netem as child qdisc Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 51/97] net_sched: hfsc: Fix a UAF vulnerability " Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 52/97] net_sched: ets: Fix double list add " Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 53/97] net_sched: qfq: " Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 54/97] ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 55/97] net: dlink: Correct endianness handling of led_mode Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 56/97] net: dsa: felix: fix broken taprio gate states after clock jump Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 57/97] net: ipv6: fix UDPv6 GSO segmentation with NAT Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 58/97] bnxt_en: Fix coredump logic to free allocated buffer Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 59/97] bnxt_en: Fix out-of-bound memcpy() during ethtool -w Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 60/97] bnxt_en: Fix ethtool -d byte order for 32-bit values Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 61/97] nvme-tcp: fix premature queue removal and I/O failover Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 62/97] net: lan743x: Fix memleak issue when GSO enabled Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 63/97] net: fec: ERR007885 Workaround for conventional TX Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 64/97] net: hns3: store rx VLAN tag offload state for VF Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 65/97] net: hns3: fix an interrupt residual problem Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 66/97] net: hns3: fixed debugfs tm_qset size Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 67/97] net: hns3: defer calling ptp_clock_register() Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 68/97] net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 69/97] net: vertexcom: mse102x: Fix LEN_MASK Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 70/97] net: vertexcom: mse102x: Add range check for CMD_RTS Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 71/97] net: vertexcom: mse102x: Fix RX error handling Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 72/97] md: move initialization and destruction of io_acct_set to md.c Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 73/97] PCI: imx6: Skip controller_id generation logic for i.MX7D Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 74/97] sch_htb: make htb_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 75/97] sch_drr: make drr_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 76/97] sch_hfsc: make hfsc_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 77/97] sch_qfq: make qfq_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 78/97] sch_ets: make est_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 79/97] Revert "x86/kexec: Allocate PGD for x86_64 transition page tables separately" Greg Kroah-Hartman
2025-05-07 18:49 ` David Woodhouse
2025-05-07 18:39 ` [PATCH 6.1 80/97] firmware: arm_scmi: Balance device refcount when destroying devices Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 81/97] firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 82/97] ARM: dts: opos6ul: add ksz8081 phy properties Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 83/97] net: phy: microchip: force IRQ polling mode for lan88xx Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 84/97] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 85/97] irqchip/gic-v2m: Mark a few functions __init Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 86/97] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 87/97] memcg: drain obj stock on cpu hotplug teardown Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 88/97] riscv: uprobes: Add missing fence.i after building the XOL buffer Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 89/97] iommu/arm-smmu-v3: Use the new rb tree helpers Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 90/97] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 91/97] drm/amd/display: phase2 enable mst hdcp multiple displays Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 92/97] drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 93/97] drm/amd/display: Change HDCP update sequence for DM Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 94/97] drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 95/97] drm/amd/display: Fix slab-use-after-free in hdcp Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 96/97] ASoC: Use of_property_read_bool() Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 97/97] ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Greg Kroah-Hartman
2025-05-08 7:21 ` [PATCH 6.1 00/97] 6.1.138-rc1 review Pavel Machek
2025-05-08 9:45 ` Jon Hunter
2025-05-08 9:48 ` Jon Hunter
2025-05-08 9:52 ` Jon Hunter
2025-05-08 11:24 ` Greg Kroah-Hartman
2025-05-08 12:21 ` Jon Hunter
2025-05-08 11:28 ` Florian Fainelli
2025-05-08 15:00 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250507183808.684358089@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=m.masimov@mt-integration.ru \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+7d4f142f6c288de8abfe@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox