Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1243518ybi; Fri, 24 May 2019 20:49:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqwE7O+xIxlEwZDygqUo0qmyznfH5tcN0aeIVmU2Vb1jyVU+0vTXv7rEJ8rMbpI6i1//MRSc X-Received: by 2002:a63:1622:: with SMTP id w34mr7474516pgl.45.1558756172778; Fri, 24 May 2019 20:49:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558756172; cv=none; d=google.com; s=arc-20160816; b=Pc2xv4gjJ7olbOAY/L5lN7OuCWybAI5ez9oCBCP21S1uDFm8m3X6fyhKs66GorLL4G YsA+xvdAWbDL+DzNJKnDSTKa8D0h8ovABV6FEFFXBgyWFGSSZGK4zA/u7V7Wy2fnmcpq 60+eQtZVI0xi45s4Fb80hRodQtohQdbAA5rrjni6C2GHsAPZvpW0Yd7rH5+gwrlbWkef 87J+Ye4SEMNDM7PLFxCDV3Htg+bR2fwLDnqbD6WO44XByLMtSdwBI3avQA4D1B1bgeyl 5EuNdO2F7yhdJ1DApFwOzn0eLw9bS8Fiiyj/PJAdQTS5sadXVTwO/lgfwABwl3bpTcgG uoQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ReUtPBqL58WYnd/5rJenMtO9LN3Zrp2YnhBMRbcxDAo=; b=p+PQwFt68ofctqttuToiWuABE0uAvSQO0kryCSBgyD9t2qAnALRy2/ytGqoCdmp8ur X9OmMeGEmcheKJZ+0hqGHUaerfarI5vDOGYSAh1eRQKVon//U0/9brPsPtr5q9DKMj7Y wWhe/EBO8qBFMHshIp/EdqJCvNaYtJG+1LvFydku2FTSk/ouqV1dh4ZVSUknYwApKSYH iALy5o5fOr8LtLpOBeNUVfeZCgGF0OOSNmNY4CpJZP8KLNzoPMhINKTSRDIB3wE9Ghw7 ZSylmAoFZBNum+xOmEO1kgZtiHagT4OY11J0RUqmt/DUlfAnnGer9ZQzTUd2F7aZzLBH oY5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@eero.com header.s=google header.b=YAQgyvIH; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=eero.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a13si6007805pjs.78.2019.05.24.20.48.58; Fri, 24 May 2019 20:49:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@eero.com header.s=google header.b=YAQgyvIH; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=eero.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726668AbfEYDqf (ORCPT + 99 others); Fri, 24 May 2019 23:46:35 -0400 Received: from mail-oi1-f194.google.com ([209.85.167.194]:43148 "EHLO mail-oi1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726641AbfEYDqe (ORCPT ); Fri, 24 May 2019 23:46:34 -0400 Received: by mail-oi1-f194.google.com with SMTP id t187so8447673oie.10 for ; Fri, 24 May 2019 20:46:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eero.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ReUtPBqL58WYnd/5rJenMtO9LN3Zrp2YnhBMRbcxDAo=; b=YAQgyvIHQrUUQeGs1jC5DxqBe0SGCvlV/F2vlAV8Pubm9zc15GgQh7aMmb95w+0u5J /+iteHtow+ANm9bq/5FebeH4o3ZdCCQRUzcSLi1ziVFml/6VqHfVPjkAyKxYnRErcn2s L/H9ie+j6BxVQMZF0Plg9br1+1rRt+F3zHhnM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ReUtPBqL58WYnd/5rJenMtO9LN3Zrp2YnhBMRbcxDAo=; b=nshqIbyF4sDFsHB8GvSUbWyGVk1AfA0E6RgVg1OdH9gHkhdXcd/6l0vQT6B471c8wV 7OLBJCSwKZKaaAUcaR9UTozaVho+qwQrBxPzzzYkDCtH3jqZ5kBpMIqSZms7xaJqjjm8 /NJk7P38Y0D1YOzXMLFcyECylFig/ZuI1Rn+kSgN+qTAnds42hnqwrJuT9n36NkYGAwm BtEYBQFVhuS9/o6B4nwRv/F5miw5IC4UMOSirdOKqDuijo1/SYQLBNC70OVu53hiQkvS ES57MCBEWQoX/ipcsL87PaMyjZwEk2yg9Ugx6X/FwrD+vAVjCaFrjygDmf5GyC8NE71O PntQ== X-Gm-Message-State: APjAAAXmuqvCsx0mlLLpH9I9yAdap7rJsFy+huCuklACs4z5OVyE6lPY DbjKP5dEvGWmRcWhGLTiNIOUgJJaZ8me3o+G/+xb9Q== X-Received: by 2002:aca:f189:: with SMTP id p131mr601289oih.89.1558755993830; Fri, 24 May 2019 20:46:33 -0700 (PDT) MIME-Version: 1.0 References: <1557958906-1432-1-git-send-email-thomas@eero.com> <6e162d98ba05a71577c623fe1e8e06a7051eb01c.camel@sipsolutions.net> In-Reply-To: <6e162d98ba05a71577c623fe1e8e06a7051eb01c.camel@sipsolutions.net> From: Thomas Pedersen Date: Fri, 24 May 2019 20:46:22 -0700 Message-ID: Subject: Re: [PATCH] mac80211: mesh: fix RCU warning To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Peter Oh Content-Type: text/plain; charset="UTF-8" Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Fri, May 24, 2019 at 1:29 AM Johannes Berg wrote: > > On Wed, 2019-05-15 at 15:21 -0700, Thomas Pedersen wrote: > > ifmsh->csa was being dereferenced without the RCU read > > lock held. > > > +++ b/net/mac80211/mesh.c > > @@ -1220,10 +1220,12 @@ int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data *sdata) > > ifmsh->chsw_ttl = 0; > > > > /* Remove the CSA and MCSP elements from the beacon */ > > + rcu_read_lock(); > > tmp_csa_settings = rcu_dereference(ifmsh->csa); > > RCU_INIT_POINTER(ifmsh->csa, NULL); > > if (tmp_csa_settings) > > kfree_rcu(tmp_csa_settings, rcu_head); > > + rcu_read_unlock(); > > This seems wrong to me. > > Really this code is the *writer* side, so you should do something like > this: Thanks this looks correct. I should've thought about this a tiny bit more ;) > diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c > index 766e5e5bab8a..d578147ad7e8 100644 > --- a/net/mac80211/mesh.c > +++ b/net/mac80211/mesh.c > @@ -1220,7 +1220,8 @@ int ieee80211_mesh_finish_csa(struct > ieee80211_sub_if_data *sdata) > ifmsh->chsw_ttl = 0; > > /* Remove the CSA and MCSP elements from the beacon */ > - tmp_csa_settings = rcu_dereference(ifmsh->csa); > + tmp_csa_settings = rcu_dereference_protected(ifmsh->csa, > + lockdep_is_held(&sdata->wdev.mtx)); > RCU_INIT_POINTER(ifmsh->csa, NULL); > if (tmp_csa_settings) > kfree_rcu(tmp_csa_settings, rcu_head); > @@ -1242,6 +1243,8 @@ int ieee80211_mesh_csa_beacon(struct > ieee80211_sub_if_data *sdata, > struct mesh_csa_settings *tmp_csa_settings; > int ret = 0; > > + lockdep_assert_held(&sdata->wdev.mtx); > + > tmp_csa_settings = kmalloc(sizeof(*tmp_csa_settings), > GFP_ATOMIC); > if (!tmp_csa_settings) > > > Can you test that and send a proper patch? > > johannes > -- thomas