1. Patchew
  2. linux
  3. View series

[PATCH] wifi: mac80211: Fix suspicious RCU usage in ieee80211_mesh_csa_beacon()

Zqiang posted 1 patch 1 week, 2 days ago 
net/mac80211/mesh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] wifi: mac80211: Fix suspicious RCU usage in ieee80211_mesh_csa_beacon()
Posted by Zqiang 1 week, 2 days ago 
The ieee80211_mesh_csa_beacon() is protected by wiphy->mtx lock,
this commit therefore use sdata_dereference() instead of
rcu_dereference() to get ifmsh->csa, to fix following warnings:

net/mac80211/mesh.c:1571 suspicious rcu_dereference_check() usage!
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 lockdep_rcu_suspicious+0x140/0x1d0 kernel/locking/lockdep.c:6876
 ieee80211_mesh_csa_beacon+0x280/0x2c0 net/mac80211/mesh.c:1571
 ieee80211_set_csa_beacon+0x3cc/0x9a0 net/mac80211/cfg.c:4288
 __ieee80211_channel_switch net/mac80211/cfg.c:4406 [inline]
 ieee80211_channel_switch+0x8ef/0xcb0 net/mac80211/cfg.c:4442
 rdev_channel_switch+0x108/0x290 net/wireless/rdev-ops.h:1116
 nl80211_channel_switch+0xac9/0xd70 net/wireless/nl80211.c:11475
 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x21c/0x270 net/socket.c:742
 ____sys_sendmsg+0x505/0x830 net/socket.c:2630
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684
 __sys_sendmsg net/socket.c:2716 [inline]
 __do_sys_sendmsg net/socket.c:2721 [inline]
 __se_sys_sendmsg net/socket.c:2719 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>

Reported-by: syzbot+b59873f5699e941717ca@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b59873f5699e941717ca
Signed-off-by: Zqiang <qiang.zhang@linux.dev>
---
 net/mac80211/mesh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index f37068a533f4..97eb19416e23 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1568,7 +1568,7 @@ int ieee80211_mesh_csa_beacon(struct ieee80211_sub_if_data *sdata,
 
 	ret = ieee80211_mesh_rebuild_beacon(sdata);
 	if (ret) {
-		tmp_csa_settings = rcu_dereference(ifmsh->csa);
+		tmp_csa_settings = sdata_dereference(ifmsh->csa, sdata);
 		RCU_INIT_POINTER(ifmsh->csa, NULL);
 		kfree_rcu(tmp_csa_settings, rcu_head);
 		return ret;
-- 
2.48.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.