Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp895289pxf; Wed, 7 Apr 2021 14:24:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBjTUpB0A0r53eThqi78MItouRR6uFfrquDokTti9EeWuLnPSsB1z2BWDFwHn3yBgS1IG6 X-Received: by 2002:a92:340e:: with SMTP id b14mr4337220ila.285.1617830684631; Wed, 07 Apr 2021 14:24:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617830684; cv=none; d=google.com; s=arc-20160816; b=dhkKCzFl/f8tQqpR2zZEnoFSj5M0ovfZ+Rk/iB6QNlCKG0y6IEG4IoMQLhrQO0aoHI guc88lCmkpXcZR1sBN+QU4L1OyB8YiXGkwixQlQuzSUm9INoa2exZc/zG6HiEb2K3Mj1 RgdiumATCY6Zq6XDJXf/Uwgp/4rlnHh7dOFT3qG92wFppOuP4OmdFmzyXA/Mk2+h7YQi 1nV2UGdXGmTbusR0UKaRiLmW0W7apHseKz1rM9eohzEZo+MITAz0SzdzoebUSKfceW+y 7RIfNkX1blUx1oeUkrvTc5crtLgMLShxCL3OjUDENzlVhREySNeskhKHeYew5jFSU6S2 x3Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=QZTtdfbp0hKKzeEA5oeLryqyYOoAJsUkhzsEUr5u5bs=; b=RQbkIQ+wquEFSaGKkoFdIchZlfxsfx/bt3Zkc7wPqeMpNyb9VzRACqGNrebz9qNuv3 JrqzjHFGQ9Q74pqCY5on4afmzhAoQX+mUZucK7+e3JmomowyOEPuImktXIHfLsLLmTc0 j1wQLFpB+/nFIEcKQaAt0jd8paoZ6MHbLdE9FusK9dRRqcneJBUbs9fanyebjwGZLBDf B1kvRp0Wwmwu09YjGaHvns91s9ZcyKuhvi5N6wc8gi4QOrJMz3gXHtDQNkNPrZNDib+U ADKi2ofkwNX8EJb4xqd3YwW8pXnIotTGzd6q3unpM5m08WCGj3ikvn+WIaonq7mWb02a q3PA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x14si3750026jat.96.2021.04.07.14.24.31; Wed, 07 Apr 2021 14:24:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347309AbhDGPvf (ORCPT + 99 others); Wed, 7 Apr 2021 11:51:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353883AbhDGPvZ (ORCPT ); Wed, 7 Apr 2021 11:51:25 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A532C06175F for ; Wed, 7 Apr 2021 08:51:15 -0700 (PDT) Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94) (envelope-from ) id 1lUASQ-008ckl-R4; Wed, 07 Apr 2021 17:51:06 +0200 Message-ID: <043656c28804db4f8c3dfc9eae5a599ac3a357c7.camel@sipsolutions.net> Subject: Re: [PATCH] net: wireless: convert WARN_ON() to pr_warn() in cfg80211_sme_connect From: Johannes Berg To: Du Cheng , Greg Kroah-Hartman Cc: linux-wireless@vger.kernel.org, Shuah Khan , syzbot+5f9392825de654244975@syzkaller.appspotmail.com Date: Wed, 07 Apr 2021 17:51:05 +0200 In-Reply-To: (sfid-20210407_174743_958166_F348F0E2) References: <20210407021903.384158-1-ducheng2@gmail.com> (sfid-20210407_174743_958166_F348F0E2) Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-malware-bazaar: not-scanned Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi, > I have spent some time to understand the netlink subsystem as a IPC mechanism. > What I have now is a reliable sequence of steps to reproduce the crash, by > condensing the syzkaller C reproducer: > [link to reproducer: https://syzkaller.appspot.com/text?tag=ReproC&x=1414c997900000] > > * hwsim80211_create_device (sendmsg: HWSIM_CMD_NEW_RADIO) > * nl80211_set_interface (sendmsg: NL80211_CMD_SET_INTERFACE) > * set_interface_state (ioctl: SIOCSIFFLAGS) > * nl80211_join_ibss (sendmsg: NL80211_CMD_JOIN_IBSS) > * sendmsg: NL80211_CMD_SET_INTERFACE > * 1st sendmsg: NL80211_CMD_CONNECT > * 2nd sendmsg: NL80211_CMD_CONNECT <- this triggers the WARN_ON(wdev->conn) > * (if kernel not panic yet) more sendmsg: NL80211_CMD_CONNECT ... > > If the code skips WARN_ON() and instead returns -EINPROGRESS, user application > will receive error from the following recv(sock, ...). User application can hence > choose to handle this error accordingly while kernel soldiers on without panicking. > > If dev_warn() is added, for every subsequent NL80211_CMD_CONNECT, the console is > flooded with the printout. > > Maybe it is ok to silently return -EINPROGRESS for the 2nd NL80211_CMD_CONNECT > and beyond. > Yeah, I think the right thing to do is to just drop the WARN_ON entirely. In fact, I can't really seem to figure out now why it was added there (even if I probably did that myself), nothing else seems to prevent getting to this code path multiple times directly one after another. johannes