lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20230514204033.GA20187@matrix-ESPRIMO-P710>
Date:   Sun, 14 May 2023 22:40:33 +0200
From:   Philipp Hortmann <philipp.g.hortmann@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: [PATCH] staging: rtl8192e: Exclude scan_mutex in
 rtllib_softmac_stop_scan

Exclude scan_mutex from cancel_delayed_work_sync(&ieee->softmac_scan_wq) as
ieee->softmac_scan_wq takes scan_mutex as well.

Signed-off-by: Philipp Hortmann <philipp.g.hortmann@...il.com>
---
Tested with rtl8192e (WLL6130-D99)
Transferred this patch over wlan connection of rtl8192e

[ 1766.998408] ======================================================
[ 1766.998410] WARNING: possible circular locking dependency detected
[ 1766.998411] 6.3.0+ #8 Tainted: G         C OE
[ 1766.998413] ------------------------------------------------------
[ 1766.998414] wpa_supplicant/1184 is trying to acquire lock:
[ 1766.998416] ffff91e404469ec8 ((work_completion)(&(&ieee->softmac_scan_wq)->work)){+.+.}-{0:0}, at: __flush_work+0x4d/0x490
[ 1766.998425]
               but task is already holding lock:
[ 1766.998426] ffff91e404469150 (&ieee->scan_mutex){+.+.}-{4:4}, at: rtllib_softmac_stop_scan+0x20/0x80 [rtllib]
[ 1766.998439]
               which lock already depends on the new lock.

[ 1766.998440]
               the existing dependency chain (in reverse order) is:
[ 1766.998442]
               -> #1 (&ieee->scan_mutex){+.+.}-{4:4}:
[ 1766.998445]        __mutex_lock+0x99/0xce0
[ 1766.998450]        mutex_lock_nested+0x1b/0x30
[ 1766.998453]        rtllib_softmac_scan_wq+0x62/0x1e0 [rtllib]
[ 1766.998461]        process_one_work+0x2ba/0x5a0
[ 1766.998463]        worker_thread+0x4d/0x3d0
[ 1766.998465]        kthread+0x116/0x150
[ 1766.998469]        ret_from_fork+0x2c/0x50
[ 1766.998473]
               -> #0 ((work_completion)(&(&ieee->softmac_scan_wq)->work)){+.+.}-{0:0}:
[ 1766.998476]        __lock_acquire+0x1494/0x1fc0
[ 1766.998479]        lock_acquire+0xdc/0x2c0
[ 1766.998480]        __flush_work+0x6d/0x490
[ 1766.998482]        __cancel_work_timer+0x137/0x1c0
[ 1766.998485]        cancel_delayed_work_sync+0x13/0x20
[ 1766.998487]        rtllib_softmac_stop_scan+0x60/0x80 [rtllib]
[ 1766.998494]        rtllib_stop_protocol.part.0+0x113/0x130 [rtllib]
[ 1766.998503]        rtllib_stop_protocol+0x1c/0x30 [rtllib]
[ 1766.998510]        rtllib_wx_set_essid+0x12a/0x150 [rtllib]
[ 1766.998519]        _rtl92e_wx_set_essid+0x4e/0xa0 [r8192e_pci]
[ 1766.998527]        ioctl_standard_iw_point+0x2de/0x3b0
[ 1766.998531]        ioctl_standard_call+0xaa/0xe0
[ 1766.998533]        wireless_process_ioctl+0x194/0x1e0
[ 1766.998535]        wext_handle_ioctl+0x9e/0x100
[ 1766.998537]        sock_ioctl+0x200/0x340
[ 1766.998540]        __x64_sys_ioctl+0x95/0xd0
[ 1766.998543]        do_syscall_64+0x3b/0x90
[ 1766.998546]        entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1766.998550]
               other info that might help us debug this:

[ 1766.998551]  Possible unsafe locking scenario:

[ 1766.998552]        CPU0                    CPU1
[ 1766.998553]        ----                    ----
[ 1766.998554]   lock(&ieee->scan_mutex);
[ 1766.998556]                                lock((work_completion)(&(&ieee->softmac_scan_wq)->work));
[ 1766.998558]                                lock(&ieee->scan_mutex);
[ 1766.998560]   lock((work_completion)(&(&ieee->softmac_scan_wq)->work));
[ 1766.998562]
                *** DEADLOCK ***

[ 1766.998563] 4 locks held by wpa_supplicant/1184:
[ 1766.998565]  #0: ffffffff8a14f610 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x17/0x20
[ 1766.998570]  #1: ffff91e40446b078 (&priv->wx_mutex){+.+.}-{4:4}, at: _rtl92e_wx_set_essid+0x38/0xa0 [r8192e_pci]
[ 1766.998580]  #2: ffff91e4044690b0 (&ieee->wx_mutex){+.+.}-{4:4}, at: rtllib_wx_set_essid+0x36/0x150 [rtllib]
[ 1766.998590]  #3: ffff91e404469150 (&ieee->scan_mutex){+.+.}-{4:4}, at: rtllib_softmac_stop_scan+0x20/0x80 [rtllib]
[ 1766.998601]
               stack backtrace:
[ 1766.998602] CPU: 3 PID: 1184 Comm: wpa_supplicant Tainted: G         C OE      6.3.0+ #8
[ 1766.998605] Hardware name: FUJITSU ESPRIMO P710/D3161-A1, BIOS V4.6.5.3 R1.16.0 for D3161-A1x 10/29/2012
[ 1766.998607] Call Trace:
[ 1766.998608]  <TASK>
[ 1766.998610]  dump_stack_lvl+0x5c/0xa0
[ 1766.998614]  dump_stack+0x10/0x20
[ 1766.998617]  print_circular_bug.isra.0+0x2e5/0x420
[ 1766.998620]  check_noncircular+0x103/0x120
[ 1766.998622]  ? register_lock_class+0x4c/0x450
[ 1766.998624]  ? check_path.constprop.0+0x28/0x50
[ 1766.998628]  ? check_noncircular+0x80/0x120
[ 1766.998631]  __lock_acquire+0x1494/0x1fc0
[ 1766.998633]  ? __this_cpu_preempt_check+0x13/0x20
[ 1766.998638]  lock_acquire+0xdc/0x2c0
[ 1766.998640]  ? __flush_work+0x4d/0x490
[ 1766.998643]  ? find_held_lock+0x38/0x90
[ 1766.998646]  ? lock_timer_base+0x72/0xa0
[ 1766.998648]  ? __this_cpu_preempt_check+0x13/0x20
[ 1766.998651]  __flush_work+0x6d/0x490
[ 1766.998653]  ? __flush_work+0x4d/0x490
[ 1766.998655]  ? __this_cpu_preempt_check+0x13/0x20
[ 1766.998658]  ? lock_release+0x14f/0x380
[ 1766.998662]  ? __cancel_work_timer+0x10d/0x1c0
[ 1766.998664]  ? __this_cpu_preempt_check+0x13/0x20
[ 1766.998667]  __cancel_work_timer+0x137/0x1c0
[ 1766.998671]  cancel_delayed_work_sync+0x13/0x20
[ 1766.998674]  rtllib_softmac_stop_scan+0x60/0x80 [rtllib]
[ 1766.998682]  rtllib_stop_protocol.part.0+0x113/0x130 [rtllib]
[ 1766.998690]  rtllib_stop_protocol+0x1c/0x30 [rtllib]
[ 1766.998698]  rtllib_wx_set_essid+0x12a/0x150 [rtllib]
[ 1766.998707]  _rtl92e_wx_set_essid+0x4e/0xa0 [r8192e_pci]
[ 1766.998715]  ioctl_standard_iw_point+0x2de/0x3b0
[ 1766.998718]  ? __pfx__rtl92e_wx_set_essid+0x10/0x10 [r8192e_pci]
[ 1766.998726]  ioctl_standard_call+0xaa/0xe0
[ 1766.998729]  ? netdev_name_node_lookup+0x65/0x90
[ 1766.998732]  ? __pfx_ioctl_private_call+0x10/0x10
[ 1766.998734]  ? __pfx_ioctl_standard_call+0x10/0x10
[ 1766.998737]  wireless_process_ioctl+0x194/0x1e0
[ 1766.998740]  wext_handle_ioctl+0x9e/0x100
[ 1766.998744]  sock_ioctl+0x200/0x340
[ 1766.998748]  ? syscall_enter_from_user_mode+0x21/0x60
[ 1766.998751]  __x64_sys_ioctl+0x95/0xd0
[ 1766.998753]  do_syscall_64+0x3b/0x90
[ 1766.998757]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1766.998760] RIP: 0033:0x7f4ed5f223ab
[ 1766.998763] Code: 0f 1e fa 48 8b 05 e5 7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b5 7a 0d 00 f7 d8 64 89 01 48
[ 1766.998765] RSP: 002b:00007ffe820546c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1766.998768] RAX: ffffffffffffffda RBX: 0000000000000020 RCX: 00007f4ed5f223ab
[ 1766.998769] RDX: 00007ffe820546d0 RSI: 0000000000008b1a RDI: 0000000000000009
[ 1766.998771] RBP: 000055d229516ff0 R08: 0000000000000000 R09: 00007f4ed5ffa240
[ 1766.998772] R10: 0000000000004000 R11: 0000000000000246 R12: 00007ffe82054780
[ 1766.998774] R13: 00007ffe820546d0 R14: 0000000000000000 R15: 00007ffe820547e0
[ 1766.998778]  </TASK>
---
 drivers/staging/rtl8192e/rtllib_softmac.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
index 18885cda60f6..cb2dd18fa14b 100644
--- a/drivers/staging/rtl8192e/rtllib_softmac.c
+++ b/drivers/staging/rtl8192e/rtllib_softmac.c
@@ -682,11 +682,11 @@ static void rtllib_softmac_stop_scan(struct rtllib_device *ieee)
 	if (ieee->scanning_continue == 1) {
 		ieee->scanning_continue = 0;
 		ieee->actscanning = false;
-
+		mutex_unlock(&ieee->scan_mutex);
 		cancel_delayed_work_sync(&ieee->softmac_scan_wq);
+	} else {
+		mutex_unlock(&ieee->scan_mutex);
 	}
-
-	mutex_unlock(&ieee->scan_mutex);
 }
 
 void rtllib_stop_scan(struct rtllib_device *ieee)
-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ