[PATCH 4.19 12/91] mac80211: mesh: fix RCU warning

Fri, 12 Jul 2019 05:43:10 -0700 

[ Upstream commit 551842446ed695641a00782cd118cbb064a416a1 ]

ifmsh->csa is an RCU-protected pointer. The writer context
in ieee80211_mesh_finish_csa() is already mutually
exclusive with wdev->sdata.mtx, but the RCU checker did
not know this. Use rcu_dereference_protected() to avoid a
warning.

fixes the following warning:

[   12.519089] =============================
[   12.520042] WARNING: suspicious RCU usage
[   12.520652] 5.1.0-rc7-wt+ #16 Tainted: G        W
[   12.521409] -----------------------------
[   12.521972] net/mac80211/mesh.c:1223 suspicious rcu_dereference_check() 
usage!
[   12.522928] other info that might help us debug this:
[   12.523984] rcu_scheduler_active = 2, debug_locks = 1
[   12.524855] 5 locks held by kworker/u8:2/152:
[   12.525438]  #0: 00000000057be08c ((wq_completion)phy0){+.+.}, at: 
process_one_work+0x1a2/0x620
[   12.526607]  #1: 0000000059c6b07a 
((work_completion)(&sdata->csa_finalize_work)){+.+.}, at: 
process_one_work+0x1a2/0x620
[   12.528001]  #2: 00000000f184ba7d (&wdev->mtx){+.+.}, at: 
ieee80211_csa_finalize_work+0x2f/0x90
[   12.529116]  #3: 00000000831a1f54 (&local->mtx){+.+.}, at: 
ieee80211_csa_finalize_work+0x47/0x90
[   12.530233]  #4: 00000000fd06f988 (&local->chanctx_mtx){+.+.}, at: 
ieee80211_csa_finalize_work+0x51/0x90

Signed-off-by: Thomas Pedersen <tho...@eero.com>
Signed-off-by: Johannes Berg <johannes.b...@intel.com>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 net/mac80211/mesh.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index d51da26e9c18..0f9446ab7e4f 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1212,7 +1212,8 @@ int ieee80211_mesh_finish_csa(struct 
ieee80211_sub_if_data *sdata)
        ifmsh->chsw_ttl = 0;
 
        /* Remove the CSA and MCSP elements from the beacon */
-       tmp_csa_settings = rcu_dereference(ifmsh->csa);
+       tmp_csa_settings = rcu_dereference_protected(ifmsh->csa,
+                                           lockdep_is_held(&sdata->wdev.mtx));
        RCU_INIT_POINTER(ifmsh->csa, NULL);
        if (tmp_csa_settings)
                kfree_rcu(tmp_csa_settings, rcu_head);
@@ -1234,6 +1235,8 @@ int ieee80211_mesh_csa_beacon(struct 
ieee80211_sub_if_data *sdata,
        struct mesh_csa_settings *tmp_csa_settings;
        int ret = 0;
 
+       lockdep_assert_held(&sdata->wdev.mtx);
+
        tmp_csa_settings = kmalloc(sizeof(*tmp_csa_settings),
                                   GFP_ATOMIC);
        if (!tmp_csa_settings)
-- 
2.20.1

Reply via email to