Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp127588pxb; Tue, 15 Feb 2022 09:43:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJznCPGJU44RZxwCiAfqxM/I4WgwFS3ffOS7SAUbnthn5qrjDYFb9pi9SUcGePvhCW+Ad+Eu X-Received: by 2002:a17:902:c192:: with SMTP id d18mr5161167pld.149.1644947004668; Tue, 15 Feb 2022 09:43:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644947004; cv=none; d=google.com; s=arc-20160816; b=fsKXM2/ZRnizToYDyNB27h2T++qNzAIi1nf2bJOh0/G4Mb6hghvaD66dPO6iBUlEb/ aSA2ZDTNwVhxsQpgHeL9TYsXjtv3b0hHL9cAVXZTlqqnsO2R3Loy+0G6VYGbMoDEZ/Ok rr9hnUZTNjY7idrsKkXKfUO1S1Vt8e6mvvIqK5ATINxNNBZo47iWZoQkRXJP6hgV9kdo rLScML8LYU6wz3LF0/k/Aep0NgiHEGmoy25xNbZkv9CCyIUZK4iqCo3BskGuWHdwUOvi t77aEK1HzWgnubiqyK/i1UiTzryRmA915SxuKI3+AleZFTaFJUM+JrSPYABszuX1f1uI LDaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to :date:references:subject:cc:to:from:dkim-signature; bh=HTNqxuBv2+l/SSzww6OxSexttwnvWF91E88YVR0z/lk=; b=yOTH/10D1TYjKTcHkMrKU5SN9Ctbx/y6QzSggZ7dZShOFmKMiJ70F9iTduYGaaLJ5B gg+GxRiMrSLhZ0GV8CyQqMTtlSq6eH5ZGhPns5us5IB/RscXy4uVorr4WFaV+ScFoGiY GD7qze2WYNHj0eiNHC1jtjlWPgiHwu0uyEepM+qmwH0FOl0BXaqusG6ll2QJ3W1jvKfI QwWTsTiaSr/UwmqdcJd6Zw8bCl2IVS97a7VO3x1nb5ObMNZVaHsgDj0rWLC3Hw1KrAi0 2ZnG+aGfIzdnUwLY9+tj1k2GU0eaVWKjB72BWVX2nHwLaTTOk4NfocUPNki0QDZs7+DW mKtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KvR4Ziau; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t18si16321654plg.257.2022.02.15.09.43.08; Tue, 15 Feb 2022 09:43:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KvR4Ziau; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242504AbiBOR17 (ORCPT + 72 others); Tue, 15 Feb 2022 12:27:59 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:40138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239101AbiBOR17 (ORCPT ); Tue, 15 Feb 2022 12:27:59 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58BF1193DB; Tue, 15 Feb 2022 09:27:48 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DE64B61575; Tue, 15 Feb 2022 17:27:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3753EC340EB; Tue, 15 Feb 2022 17:27:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1644946067; bh=9osc3hzFuzOFX+241F/uqhFA2Bcn170aOY5xY1mkJfo=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=KvR4ZiaujsDq4e2XP9eqbgzrBToKp9+wwyEvaGsI0+Xr0dxTvNBYNhMxJqUSfnQUl WpQ4+sugZbxYSpkmVQJXwYP8fI8xTrBeHoKWfdzaS7rkAkJAfdAteIY8XB3XqN6/2i B9iyNyen0StFaMh+6mhziG8RbCb+Z49B0LpdObDxyO3mabfX8hZJ4kT/a5rmzYJZA7 RP3jMwzQ3XAVw6lU15mv5ilHRziUwwL28QGIFeh/gbnbzUbmEm0afvvl0UFD2OpXCr cIZ2O1Gl5oIR/STu48rwBDF5xfwBxzEK7i7JiV+2C1ZQUOvDZOAcEcYJeLaheDogYz rs5UcIhAwdMKw== From: Kalle Valo To: Jiri Kosina Cc: Johannes Berg , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Ping-Ke Shih Subject: Re: [PATCH] rtw89: fix RCU usage in rtw89_core_txq_push() (was Re: [PATCH] mac80211: fix RCU usage in ieee80211_tx_h_select_key()) References: Date: Tue, 15 Feb 2022 19:27:43 +0200 In-Reply-To: (Jiri Kosina's message of "Tue, 15 Feb 2022 17:11:11 +0100 (CET)") Message-ID: <87r1849h0w.fsf@tynnyri.adurom.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Jiri Kosina writes: > On Tue, 15 Feb 2022, Johannes Berg wrote: > >> > >> > ieee80211_tx_h_select_key() is performing a series of RCU dereferences, >> > but none of the callers seems to be taking RCU read-side lock; let's >> > acquire the lock in ieee80211_tx_h_select_key() itself. >> > >> but but ... >> >> > ieee80211_tx_dequeue+0x1a7/0x1260 [mac80211 911c23e2351c0ae60b597a67b1204a5ea955e365] >> > rtw89_core_txq_work+0x1a6/0x420 [rtw89_core b39ba493f2e517ad75e0f8187ecc24edf58bbbea] >> >> /** >> * ieee80211_tx_dequeue - dequeue a packet from a software tx queue >> * >> * @hw: pointer as obtained from ieee80211_alloc_hw() >> * @txq: pointer obtained from station or virtual interface, or from >> * ieee80211_next_txq() >> * >> * Returns the skb if successful, %NULL if no frame was available. >> * >> * Note that this must be called in an rcu_read_lock() critical section, >> * which can only be released after the SKB was handled. Some pointers in >> [...] >> >> -> driver bug? > > Right you are, thanks. > > CCing Ping-Ke Shih; find updated fix below. > > > > > From: Jiri Kosina > Subject: [PATCH] rtw89: fix RCU usage in rtw89_core_txq_push() > > ieee80211_tx_h_select_key() is performing a series of RCU dereferences, > but rtw89_core_txq_push() is calling it (via ieee80211_tx_dequeue_ni()) > without RCU read-side lock held; fix that. I think we have discussed this before, but patchwork can't handle patches the way you embed them in email discussions: https://patchwork.kernel.org/project/linux-wireless/patch/nycvar.YFH.7.76.2202151700540.11721@cbobk.fhfr.pm/ Please resubmit. -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches