Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
mac80211: fix RCU usage in ieee80211_tx_h_select_key()
ieee80211_tx_h_select_key() is performing a series of RCU dereferences,
but none of the callers seems to be taking RCU read-side lock; let's
acquire the lock in ieee80211_tx_h_select_key() itself.
Spotted with rtw89 driver.
This fixes the splat below.
=============================
WARNING: suspicious RCU usage
5.17.0-rc4-00003-gccad664b7f14 #3 Tainted: G E
-----------------------------
net/mac80211/tx.c:593 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
2 locks held by kworker/u33:0/184:
#0: ffff9c0b14811d38 ((wq_completion)rtw89_tx_wq){+.+.}-{0:0}, at: process_one_work+0x258/0x660
#1: ffffb97380cf3e78 ((work_completion)(&rtwdev->txq_work)){+.+.}-{0:0}, at: process_one_work+0x258/0x660
stack backtrace:
CPU: 8 PID: 184 Comm: kworker/u33:0 Tainted: G E 5.17.0-rc4-00003-gccad664b7f14 #3 473b49ab0e7c2d6af2900c756bfd04efd7a9de13
Hardware name: LENOVO 20UJS2B905/20UJS2B905, BIOS R1CET63W(1.32 ) 04/09/2021
Workqueue: rtw89_tx_wq rtw89_core_txq_work [rtw89_core]
Call Trace:
<TASK>
dump_stack_lvl+0x58/0x71
ieee80211_tx_h_select_key+0x2c0/0x530 [mac80211 911c23e2351c0ae60b597a67b1204a5ea955e365]
ieee80211_tx_dequeue+0x1a7/0x1260 [mac80211 911c23e2351c0ae60b597a67b1204a5ea955e365]
rtw89_core_txq_work+0x1a6/0x420 [rtw89_core b39ba493f2e517ad75e0f8187ecc24edf58bbbea]
process_one_work+0x2d8/0x660
worker_thread+0x39/0x3e0
? process_one_work+0x660/0x660
kthread+0xe5/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
</TASK>
=============================
WARNING: suspicious RCU usage
5.17.0-rc4-00003-gccad664b7f14 #3 Tainted: G E
-----------------------------
net/mac80211/tx.c:607 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
2 locks held by kworker/u33:0/184:
#0: ffff9c0b14811d38 ((wq_completion)rtw89_tx_wq){+.+.}-{0:0}, at: process_one_work+0x258/0x660
#1: ffffb97380cf3e78 ((work_completion)(&rtwdev->txq_work)){+.+.}-{0:0}, at: process_one_work+0x258/0x660
stack backtrace:
CPU: 8 PID: 184 Comm: kworker/u33:0 Tainted: G E 5.17.0-rc4-00003-gccad664b7f14 #3 473b49ab0e7c2d6af2900c756bfd04efd7a9de13
Hardware name: LENOVO 20UJS2B905/20UJS2B905, BIOS R1CET63W(1.32 ) 04/09/2021
Workqueue: rtw89_tx_wq rtw89_core_txq_work [rtw89_core]
Call Trace:
<TASK>
dump_stack_lvl+0x58/0x71
ieee80211_tx_h_select_key+0x464/0x530 [mac80211 911c23e2351c0ae60b597a67b1204a5ea955e365]
ieee80211_tx_dequeue+0x1a7/0x1260 [mac80211 911c23e2351c0ae60b597a67b1204a5ea955e365]
rtw89_core_txq_work+0x1a6/0x420 [rtw89_core b39ba493f2e517ad75e0f8187ecc24edf58bbbea]
process_one_work+0x2d8/0x660
worker_thread+0x39/0x3e0
? process_one_work+0x660/0x660
kthread+0xe5/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
</TASK>
Fixes: a0761a3 ("mac80211: drop data frames without key on encrypted links")
Fixes: 46f6b06 ("mac80211: Encrypt "Group addressed privacy" action frames")
Fixes: 3cfcf6a ("mac80211: 802.11w - Use BIP (AES-128-CMAC)")
Fixes: f7e0104 ("mac80211: support separate default keys")
Signed-off-by: Jiri Kosina <jkosina@suse.cz>- Loading branch information
1 parent
167044a
commit cdfe17d7fc283e125686bdd9a6bbc6fd60909bd7