diff options
| author |   Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> | 2017-09-21 18:00:36 -0600 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2017-09-23 19:59:53 -0700 |
| commit | 5c346525d3591cb032eca86d0f904cc01f1069ff (patch) | |
| tree | b9108873db0c946e87f0bd38440a20b3260a1c18 /drivers/net/ethernet/qualcomm/rmnet | |
| parent | cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (diff) | |
| download | linux-dev-5c346525d3591cb032eca86d0f904cc01f1069ff.tar.xz linux-dev-5c346525d3591cb032eca86d0f904cc01f1069ff.zip | |
net: qualcomm: rmnet: Fix rcu splat in rmnet_is_real_dev_registered
Xiaolong reported a suspicious rcu_dereference_check in the device
unregister notifier callback. Since we do not dereference the
rx_handler_data, it's ok to just check for the value of the pointer.
Note that this section is already protected by rtnl_lock.
[ 101.364846] WARNING: suspicious RCU usage
[ 101.365654] 4.13.0-rc6-01701-gceed73a #1 Not tainted
[ 101.370873] -----------------------------
[ 101.372472] drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c:57 suspicious rcu_dereference_check() usage!
[ 101.374427]
[ 101.374427] other info that might help us debug this:
[ 101.374427]
[ 101.387491]
[ 101.387491] rcu_scheduler_active = 2, debug_locks = 1
[ 101.389368] 1 lock held by trinity-main/2809:
[ 101.390736] #0: (rtnl_mutex){+.+.+.}, at: [<8146085b>] rtnl_lock+0xf/0x11
[ 101.395482]
[ 101.395482] stack backtrace:
[ 101.396948] CPU: 0 PID: 2809 Comm: trinity-main Not tainted 4.13.0-rc6-01701-gceed73a #1
[ 101.398857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 101.401079] Call Trace:
[ 101.401656] dump_stack+0xa1/0xeb
[ 101.402871] lockdep_rcu_suspicious+0xc7/0xd0
[ 101.403665] rmnet_is_real_dev_registered+0x40/0x4e
[ 101.405199] rmnet_config_notify_cb+0x2c/0x142
[ 101.406344] ? wireless_nlevent_flush+0x47/0x71
[ 101.407385] notifier_call_chain+0x2d/0x47
[ 101.408645] raw_notifier_call_chain+0xc/0xe
[ 101.409882] call_netdevice_notifiers_info+0x41/0x49
[ 101.411402] call_netdevice_notifiers+0xc/0xe
[ 101.412713] rollback_registered_many+0x268/0x36e
[ 101.413702] rollback_registered+0x39/0x56
[ 101.414965] unregister_netdevice_queue+0x79/0x88
[ 101.415908] unregister_netdev+0x16/0x1d
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Reported-by: kernel test robot <xiaolong.ye@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/qualcomm/rmnet')
| -rw-r--r-- | drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c index 98f22551eb45..1e33aea59f50 100644 --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c @@ -51,10 +51,7 @@ struct rmnet_walk_data { static int rmnet_is_real_dev_registered(const struct net_device *real_dev) { - rx_handler_func_t *rx_handler; - - rx_handler = rcu_dereference(real_dev->rx_handler); - return (rx_handler == rmnet_rx_handler); + return rcu_access_pointer(real_dev->rx_handler) == rmnet_rx_handler; } /* Needs rtnl lock */ |