Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp738481rwn; Thu, 15 Sep 2022 05:57:11 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6VNi0v1xrvcwBKL/eLWXExgBG4YcopzPIBC039dLEmUot1iXX/fv98N4zDf+OZEKsnlCL6 X-Received: by 2002:a17:906:7313:b0:780:5b91:7722 with SMTP id di19-20020a170906731300b007805b917722mr2367436ejc.338.1663246631289; Thu, 15 Sep 2022 05:57:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663246631; cv=none; d=google.com; s=arc-20160816; b=oKS7UWmx8bm1dXgRXiFETF2W1TsjkZzBiJa1IdMgy51O02ylOFFaxqz5YkOMFWVN3X 0XshJM2UNYysVHrHrwDORXqj1JwFG/FMpPR35YyTwO5zvNn4MJxuuEYpeqwd7C29Cxny yY3O/mGmVq+3N+D6gRXuclHtvAkkKFtiiI2/zDBqKoF0cl21X1L4bjWa2RrT0OPLlWOa dTJlo3GLqk+jyEIzTnJrocinzg/wPJZKkxk9dpz5XSN3P04A0Nsb6D+3EWvtkv1guYwb qqJ9q3gVaM5rZ65OcXgndUZeybg2cx8EgpkapFYZ5GypGgo7EPBnMPonvluG3zS6Eiob GRzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:dkim-signature:from; bh=SgDuh0+vP4Xfc89QrOmqMgO5T2+i/X9Qlz6v9vtMWEI=; b=GwiVUigVcXIsNUxfO/n6N4vXLZ7GNS2pMf2HJr2vbx/E6jr0UdrIN6er1LihxyEvDL +9XyEXPTaZqDT491DiCbJjXkReUs8t6qPDcHo1kON1WuJxTtmrmJh2ViPi50nQipT2t1 Vo30F2Zyj/B3b1gGDm1ZkTtIorGXOlaKydxieMLUr0yKOlekiF7+LiD6ymbmg0TYik8e 7QQ8dajUp01WAvsVjoSpfp1M5wUTS2+4LAbYTf/A0UQh4x46ijtNryE9i/mrUpxk176B nA21WXGpuvtfkxZXrZBNkvEH05/uNHHMM6EANCwmBgVcDtKBe5crWmqm2t68+MR/CEyo Eyuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@wetzel-home.de header.s=wetzel-home header.b=o4cj4DeW; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=wetzel-home.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc4-20020a1709071c0400b007799cb3317csi15266492ejc.280.2022.09.15.05.56.32; Thu, 15 Sep 2022 05:57:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@wetzel-home.de header.s=wetzel-home header.b=o4cj4DeW; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=wetzel-home.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229642AbiIOMwb (ORCPT + 64 others); Thu, 15 Sep 2022 08:52:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229591AbiIOMwa (ORCPT ); Thu, 15 Sep 2022 08:52:30 -0400 X-Greylist: delayed 545 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 15 Sep 2022 05:52:28 PDT Received: from ns2.wdyn.eu (ns2.wdyn.eu [5.252.227.236]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 48BB3876AB for ; Thu, 15 Sep 2022 05:52:28 -0700 (PDT) From: Alexander Wetzel DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de; s=wetzel-home; t=1663245799; bh=BWMUrbwCsBnvb29ULObdwGqAAjEVYyG+fdGEuy9c9ak=; h=From:To:Cc:Subject:Date; b=o4cj4DeWwL/2W/iWQjRQ2Mtgj+hvVw6TIESEkCFwsZ7EVHCHDIs5GNVsxiSQIhGQM OaBzW9e6fhgn5SgUq0y4misj96PvIh5h/H4d2BPw1C0D7+N1/x1JhPpphBR70bN/95 z8/IPkZulBk6aleb3QnKObf1D8kv+8XsIjdGPv8w= To: linux-wireless@vger.kernel.org Cc: Johannes Berg , Alexander Wetzel Subject: [PATCH] mac80211: Fix deadlock: Don't start TX while holding fq->lock Date: Thu, 15 Sep 2022 14:41:20 +0200 Message-Id: <20220915124120.301918-1-alexander@wetzel-home.de> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org ieee80211_txq_purge() calls fq_tin_reset() and ieee80211_purge_tx_queue(); Both are then calling ieee80211_free_txskb(). Which can decide to TX the skb again. There are at least two ways to get a deadlock: 1) When we have a TDLS teardown packet queued in either tin or frags ieee80211_tdls_td_tx_handle() will call ieee80211_subif_start_xmit() while we still hold fq->lock. ieee80211_txq_enqueue() will thus deadlock. 2) A variant of the above happens if aggregation is up and running: In that case ieee80211_iface_work() will deadlock with the original task: The original tasks already holds fq->lock and tries to get sta->lock after kicking off ieee80211_iface_work(). But the worker can get sta->lock prior to the original task and will then spin for fq->lock. Avoid these deadlocks by not sending out any skbs when called via ieee80211_free_txskb(). Signed-off-by: Alexander Wetzel --- I have deadlock traces for the two scenarios above I can share, if desired. I found the issue while running the hostapd tests with my WIP patch to switch all drivers over to iTXQ. net/mac80211/status.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mac80211/status.c b/net/mac80211/status.c index 8e77fd2e9fdf..3f9ddd7f04b6 100644 --- a/net/mac80211/status.c +++ b/net/mac80211/status.c @@ -729,7 +729,7 @@ static void ieee80211_report_used_skb(struct ieee80211_local *local, if (!sdata) { skb->dev = NULL; - } else { + } else if (!dropped) { unsigned int hdr_size = ieee80211_hdrlen(hdr->frame_control); -- 2.37.3