git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Dmitry Antipov <dmantipov@yandex.ru>
	Fri, 6 Sep 2024 12:31:51 +0000 (15:31 +0300)
committer	Johannes Berg <johannes.berg@intel.com>
	Mon, 9 Sep 2024 09:45:06 +0000 (11:45 +0200)
commit	9d301de12da6e1bb069a9835c38359b8e8135121
tree	30ccad67944fb99dc55840126ec7f088cceaf5c0	tree
parent	15ea13b1b1fbf6364d4cd568e65e4c8479632999	commit \| diff

wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

Since '__dev_queue_xmit()' should be called with interrupts enabled,
the following backtrace:

ieee80211_do_stop()
...
spin_lock_irqsave(&local->queue_stop_reason_lock, flags)
...
ieee80211_free_txskb()
  ieee80211_report_used_skb()
   ieee80211_report_ack_skb()
    cfg80211_mgmt_tx_status_ext()
     nl80211_frame_tx_status()
      genlmsg_multicast_netns()
       genlmsg_multicast_netns_filtered()
        nlmsg_multicast_filtered()
netlink_broadcast_filtered()
  do_one_broadcast()
   netlink_broadcast_deliver()
    __netlink_sendskb()
     netlink_deliver_tap()
      __netlink_deliver_tap_skb()
       dev_queue_xmit()
        __dev_queue_xmit() ; with IRQS disabled
...
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags)

issues the warning (as reported by syzbot reproducer):

WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120

Fix this by implementing a two-phase skb reclamation in
'ieee80211_do_stop()', where actual work is performed
outside of a section with interrupts disabled.

Fixes: 5061b0c2b906 ("mac80211: cooperate more with network namespaces")
Reported-by: syzbot+1a3986bbd3169c307819@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1a3986bbd3169c307819
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Link: https://patch.msgid.link/20240906123151.351647-1-dmantipov@yandex.ru
Signed-off-by: Johannes Berg <johannes.berg@intel.com>