Return-path: Received: from mail-vc0-f174.google.com ([209.85.220.174]:61244 "EHLO mail-vx0-f174.google.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750907Ab2EDGsV convert rfc822-to-8bit (ORCPT ); Fri, 4 May 2012 02:48:21 -0400 Received: by vcqp1 with SMTP id p1so1831041vcq.19 for ; Thu, 03 May 2012 23:48:21 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <4F83A6DE.7070109@lwfinger.net> <1334201497.3788.1.camel@jlt3.sipsolutions.net> <4F865155.2000202@lwfinger.net> <1334202842.3788.10.camel@jlt3.sipsolutions.net> <4F86FA05.5080404@lwfinger.net> <1334246145.4062.0.camel@jlt3.sipsolutions.net> <4FA0371E.9040704@lwfinger.net> <20120502100012.GA8492@arm.com> <1335978471.4295.3.camel@jlt3.sipsolutions.net> <20120502200955.GI2450@linux.vnet.ibm.com> <1336070304.5167.4.camel@jlt3.sipsolutions.net> <4FA37461.6050304@lwfinger.net> Date: Fri, 4 May 2012 12:18:21 +0530 Message-ID: (sfid-20120504_084825_553557_CBF5DDD6) Subject: Re: Suspicious RCU usage in mac80211 From: Mohammed Shafi To: Larry Finger Cc: Johannes Berg , Catalin Marinas , wireless Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-wireless-owner@vger.kernel.org List-ID: On Fri, May 4, 2012 at 12:10 PM, Mohammed Shafi wrote: > Hi Larry, > > On Fri, May 4, 2012 at 11:47 AM, Larry Finger wrote: >> On 05/03/2012 01:38 PM, Johannes Berg wrote: >>> >>> diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c >>> index 5b7053c..40d3ff4 100644 >>> --- a/net/mac80211/agg-tx.c >>> +++ b/net/mac80211/agg-tx.c >>> @@ -421,16 +421,22 @@ static void >>> sta_tx_agg_session_timer_expired(unsigned long data) >>> ? ? ? ?struct tid_ampdu_tx *tid_tx; >>> ? ? ? ?unsigned long timeout; >>> >>> - ? ? ? tid_tx = rcu_dereference_protected_tid_tx(sta, *ptid); >>> - ? ? ? if (!tid_tx) >>> + ? ? ? rcu_read_lock(); >>> + ? ? ? tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[*ptid]); Larry, Johannes seems to use rcu_dereference straight way just like in 'sta_addba_resp_timer_expired' and have it protected by rcu_read_locks >>> + ? ? ? if (!tid_tx) { >>> + ? ? ? ? ? ? ? rcu_read_unlock(); >>> ? ? ? ? ? ? ? ?return; >>> + ? ? ? } >>> >>> ? ? ? ?timeout = tid_tx->last_tx + TU_TO_JIFFIES(tid_tx->timeout); >>> ? ? ? ?if (time_is_after_jiffies(timeout)) { >>> ? ? ? ? ? ? ? ?mod_timer(&tid_tx->session_timer, timeout); >>> + ? ? ? ? ? ? ? rcu_read_unlock(); >>> ? ? ? ? ? ? ? ?return; >>> ? ? ? ?} >>> >>> + ? ? ? rcu_read_unlock(); >>> + >>> ?#ifdef CONFIG_MAC80211_HT_DEBUG >>> ? ? ? ?printk(KERN_DEBUG "tx session timer expired on tid %d\n", >>> (u16)*ptid); >>> ?#endif >> >> >> This patch is the same as was proposed by Mohammed on May 1. I must have >> messed up the testing as I thought it failed; however, it is now working. > > honestly i am not sure about the technical details, but Johannes patch > seems to follow almost similar > what's is done in 'sta_addba_resp_timer_expired'. while thought that > is being also with mutex under hold > but the difference is ?the lock is unhold before > ieee80211_stop_tx_ba_session is called. > >> >> Mohammed - I plan on submitting this to John with a "From:" from you along >> with your s-o-b. Is that OK. It will be submitted for inclusion in 3.5. >> >> Larry >> > > > -- > thanks, > shafi -- thanks, shafi