[2/2] cfg80211: fix dead lock for nl80211_del_interface()

Message ID	20220921091913.110749-2-arda@allwinnertech.com (mailing list archive)
State	Rejected
Delegated to:	Johannes Berg
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Aran Dalton <arda@allwinnertech.com> To: johannes@sipsolutions.net, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com Cc: johannes.berg@intel.com, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/2] cfg80211: fix dead lock for nl80211_del_interface() Date: Wed, 21 Sep 2022 17:19:13 +0800 Message-Id: <20220921091913.110749-2-arda@allwinnertech.com> In-Reply-To: <20220921091913.110749-1-arda@allwinnertech.com> References: <20220921091913.110749-1-arda@allwinnertech.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[1/2] cfg80211: fix dead lock for nl80211_new_interface() \| expand [1/2] cfg80211: fix dead lock for nl80211_new_interface() [2/2] cfg80211: fix dead lock for nl80211_del_interface()

Message ID

20220921091913.110749-2-arda@allwinnertech.com (mailing list archive)

State

Rejected

Delegated to:

Johannes Berg

Headers

From: Aran Dalton <arda@allwinnertech.com>
To: johannes@sipsolutions.net, davem@davemloft.net,
        edumazet@google.com, kuba@kernel.org, pabeni@redhat.com
Cc: johannes.berg@intel.com, linux-wireless@vger.kernel.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 2/2] cfg80211: fix dead lock for nl80211_del_interface()
Date: Wed, 21 Sep 2022 17:19:13 +0800
Message-Id: <20220921091913.110749-2-arda@allwinnertech.com>
In-Reply-To: <20220921091913.110749-1-arda@allwinnertech.com>
References: <20220921091913.110749-1-arda@allwinnertech.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[1/2] cfg80211: fix dead lock for nl80211_new_interface() | expand

Commit Message

Aran Dalton Sept. 21, 2022, 9:19 a.m. UTC

Both nl80211_del_interface and cfg80211_netdev_notifier_call hold the
same wiphy_lock, then cause deadlock.

The main call stack as bellow:

nl80211_del_interface() takes wiphy_lock
 -> cfg80211_remove_virtual_intf
  -> rdev_del_virtual_intf
   -> rdev->ops->del_virtual_intf
    -> cfg80211_unregister_netdevice
     -> cfg80211_unregister_wdev
      -> _cfg80211_unregister_wdev
       -> unregister_netdevice
        -> unregister_netdevice_queue
         -> unregister_netdevice_many
          -> call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
           -> call_netdevice_notifiers_extack
            -> call_netdevice_notifiers_info
             -> raw_notifier_call_chain
              -> cfg80211_netdev_notifier_call
               -> wiphy_lock(&rdev->wiphy), _cfg80211_unregister_wdev

Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver")
Signed-off-by: Aran Dalton <arda@allwinnertech.com>
---
 net/wireless/nl80211.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index bdacddc3ffa3..664bf977b7bc 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4269,6 +4269,7 @@  static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
 {
 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
 	struct wireless_dev *wdev = info->user_ptr[1];
+	int ret;
 
 	if (!rdev->ops->del_virtual_intf)
 		return -EOPNOTSUPP;
@@ -4296,9 +4297,11 @@  static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
 	else
 		dev_close(wdev->netdev);
 
+	ret = cfg80211_remove_virtual_intf(rdev, wdev);
+
 	mutex_lock(&rdev->wiphy.mtx);
 
-	return cfg80211_remove_virtual_intf(rdev, wdev);
+	return ret;
 }
 
 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)

[2/2] cfg80211: fix dead lock for nl80211_del_interface()

Commit Message

Patch