lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <017c5178594e2df6ca02f2d7ffa9109755315c56.camel@sipsolutions.net>
Date:   Mon, 24 Apr 2023 19:27:08 +0200
From:   Johannes Berg <johannes@...solutions.net>
To:     Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Alexander Wetzel <alexander@...zel-home.de>
Subject: Re: [PATCH RFC v1 1/1] net: mac80211: fortify the spinlock against
 deadlock in interrupt

On Sun, 2023-04-23 at 10:24 +0200, Mirsad Goran Todorovac wrote:
> In the function ieee80211_tx_dequeue() there is a locking sequence:
> 
> begin:
> 	spin_lock(&local->queue_stop_reason_lock);
> 	q_stopped = local->queue_stop_reasons[q];
> 	spin_unlock(&local->queue_stop_reason_lock);
> 
> However small the chance (increased by ftracetest), an asynchronous
> interrupt can occur in between of spin_lock() and spin_unlock(),
> and the interrupt routine will attempt to lock the same
> &local->queue_stop_reason_lock again.
> 
> This is the only remaining spin_lock() on local->queue_stop_reason_lock
> that did not disable interrupts and could have possibly caused the deadlock
> on the same CPU (core).
> 
> This will cause a costly reset of the CPU and wifi device or an
> altogether hang in the single CPU and single core scenario.
> 
> This is the probable reproduce of the deadlock:
> 
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:  Possible unsafe locking scenario:
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:        CPU0
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:        ----
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:   lock(&local->queue_stop_reason_lock);
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:   <Interrupt>
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:     lock(&local->queue_stop_reason_lock);
> Apr 10 00:58:33 marvin-IdeaPad-3-15ITL6 kernel:
>                                                  *** DEADLOCK ***
> 
> Fixes: 4444bc2116ae

That fixes tag is wrong, should be

Fixes: 4444bc2116ae ("wifi: mac80211: Proper mark iTXQs for resumption")

Otherwise seems fine to me, submit it properly?

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ