lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 15 Aug 2016 18:40:41 +0900
From:	Masami Hiramatsu <mhiramat@...nel.org>
To:	Arend van Spriel <arend.vanspriel@...adcom.com>,
	Franky Lin <franky.lin@...adcom.com>,
	Hante Meuleman <hante.meuleman@...adcom.com>,
	Kalle Valo <kvalo@...eaurora.org>,
	Pieter-Paul Giesberts <pieterpg@...adcom.com>,
	Rafał Miłecki <zajec5@...il.com>
Cc:	linux-wireless@...r.kernel.org,
	brcm80211-dev-list.pdl@...adcom.com, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [BUGFIX PATCH 0/2] Bugfixes for brcmfmac

Hi,

Here are 2 patches for fixing bugs which I recently faced on my PC.

There are 2 bugs I've hit on brcmfmac, one issue was critical,
the other was just found when I investigated the first issue.

1) when I shutdown or reboot my pc with wifi, it always stopped
 when disabling networking. I tried to just disable wifi and saw
 task hung up messages on dmesg.
 All those taskes were blocked on rtnl_lock according to the
 stacktrace, and found a suspicious task in the list. Actually
 the wpa_supplicant is blocked while stopping the interface.

2) I also tried to get more information about that and enabled
 DEBUG_ATOMIC_SLEEP and got another warning in brcmfmac. That
 warned a mutex (which can yeild/sleep) is held in !TASK_RUNNING
 state. I've found a mutex is held when in wait_event_timeout()
 condition parameter.

I traced the source code and found that #1 was caused by double
locking of rtnl_lock in brcmfmac driver, because it doesn't
check the rtnl_lock is already held in a path (actually, other
paths checked that). So I fixed it by checking rtnl_locked and
skip locking rtnl_lock. It works, but not seems the best way
to fix, since original code (rtnl_lock locking around
cfg80211_unregister_wdev) itself looks add-hoc. Anyway, since
I don't have any knowladge of this subsystem, I'd like to ask
maintainer's help.

To fix #2 issue, I've checked the mutex (vif_event_lock) in
struct brcmf_cfg80211_vif_event just protect updating other
members and can be replaced by a spinlock because in the
protected regions are not involving any scheduler related
code.


Thank you,
---

Masami Hiramatsu (2):
      brcmfmac: Check rtnl_lock is locked when removing interface
      brcmfmac: Change vif_event_lock to spinlock


 .../broadcom/brcm80211/brcmfmac/cfg80211.c         |   26 ++++++++++----------
 .../broadcom/brcm80211/brcmfmac/cfg80211.h         |    2 +-
 .../wireless/broadcom/brcm80211/brcmfmac/core.c    |    2 +-
 .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c |    8 ++++--
 .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h |    2 +-
 5 files changed, 21 insertions(+), 19 deletions(-)

--
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists