| Message ID | 20220921091913.110749-1-arda@allwinnertech.com (mailing list archive) |
|---|---|
| State | Rejected |
| Delegated to: | Johannes Berg |
| Headers | show |
| Series | [1/2] cfg80211: fix dead lock for nl80211_new_interface() | expand |
On 9/21/2022 2:19 AM, Aran Dalton wrote: > Both nl80211_new_interface and cfg80211_netdev_notifier_call hold the > same wiphy_lock, then cause deadlock. > > The main call stack as bellow: > > nl80211_new_interface() takes wiphy_lock > -> _nl80211_new_interface: > -> rdev_add_virtual_intf > -> rdev->ops->add_virtual_intf > -> register_netdevice > -> call_netdevice_notifiers(NETDEV_REGISTER, dev); > -> call_netdevice_notifiers_extack > -> call_netdevice_notifiers_info > -> raw_notifier_call_chain > -> cfg80211_netdev_notifier_call > -> wiphy_lock(&rdev->wiphy), cfg80211_register_wdev In both of your patches please describe what you are doing in the patch to fix the problem, and in particular describe why your fix is safe. > > Fixes: ea6b2098dd02 ("cfg80211: fix locking in netlink owner interface destruction") > Signed-off-by: Aran Dalton <arda@allwinnertech.com> > --- > net/wireless/nl80211.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c > index 2705e3ee8fc4..bdacddc3ffa3 100644 > --- a/net/wireless/nl80211.c > +++ b/net/wireless/nl80211.c > @@ -4260,9 +4260,7 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) > /* to avoid failing a new interface creation due to pending removal */ > cfg80211_destroy_ifaces(rdev); > > - wiphy_lock(&rdev->wiphy); > ret = _nl80211_new_interface(skb, info); > - wiphy_unlock(&rdev->wiphy); > > return ret; > }
On Wed, 2022-09-21 at 17:19 +0800, Aran Dalton wrote: > Both nl80211_new_interface and cfg80211_netdev_notifier_call hold the > same wiphy_lock, then cause deadlock. > > The main call stack as bellow: > > nl80211_new_interface() takes wiphy_lock > -> _nl80211_new_interface: > -> rdev_add_virtual_intf > -> rdev->ops->add_virtual_intf > -> register_netdevice The bug is yours, here, you're no longer allowed to call register_netdevice() here. If you have an out-of-tree driver that we couldn't update when doing tree-wide changes, you probably shouldn't assume that the bug is upstream and send random locking patches ... :) johannes
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 2705e3ee8fc4..bdacddc3ffa3 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4260,9 +4260,7 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) /* to avoid failing a new interface creation due to pending removal */ cfg80211_destroy_ifaces(rdev); - wiphy_lock(&rdev->wiphy); ret = _nl80211_new_interface(skb, info); - wiphy_unlock(&rdev->wiphy); return ret; }
Both nl80211_new_interface and cfg80211_netdev_notifier_call hold the same wiphy_lock, then cause deadlock. The main call stack as bellow: nl80211_new_interface() takes wiphy_lock -> _nl80211_new_interface: -> rdev_add_virtual_intf -> rdev->ops->add_virtual_intf -> register_netdevice -> call_netdevice_notifiers(NETDEV_REGISTER, dev); -> call_netdevice_notifiers_extack -> call_netdevice_notifiers_info -> raw_notifier_call_chain -> cfg80211_netdev_notifier_call -> wiphy_lock(&rdev->wiphy), cfg80211_register_wdev Fixes: ea6b2098dd02 ("cfg80211: fix locking in netlink owner interface destruction") Signed-off-by: Aran Dalton <arda@allwinnertech.com> --- net/wireless/nl80211.c | 2 -- 1 file changed, 2 deletions(-)