Managing debugfs entries and https://syzkaller.appspot.com/bug?extid=d5dc2801166df6d34774

Dmitry Antipov <dmantipov@xxxxxxxxx> · Thu, 18 Jul 2024 20:03:43 +0300

The following quirk looks like a (briefly tested with CONFIG_KMEMLEAK)
fix for https://syzkaller.appspot.com/bug?extid=d5dc2801166df6d34774:

diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 1e9389c49a57..8224257e5d93 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -1284,7 +1284,9 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)

 void ieee80211_sta_debugfs_remove(struct sta_info *sta)
 {
-       debugfs_remove_recursive(sta->debugfs_dir);
+       if (!sta->debugfs_shared)
+               debugfs_remove_recursive(sta->debugfs_dir);
+       sta->debugfs_shared = false;
        sta->debugfs_dir = NULL;
 }

@@ -1319,6 +1321,7 @@ void ieee80211_link_sta_debugfs_add(struct link_sta_info *link_sta)
                        return;

                link_sta->debugfs_dir = link_sta->sta->debugfs_dir;
+               link_sta->sta->debugfs_shared = true;
        }

        DEBUGFS_ADD(ht_capa);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 9195d5a2de0a..d76ba36ca794 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -708,6 +708,7 @@ struct sta_info {

 #ifdef CONFIG_MAC80211_DEBUGFS
        struct dentry *debugfs_dir;
+       bool debugfs_shared;
 #endif

        struct codel_params cparams;

So what about managing debugfs entries wih krefs? E.g.:

diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 9195d5a2de0a..1f4561533530 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -466,6 +466,15 @@ struct ieee80211_fragment_cache {
 	unsigned int next;
 };

+#ifdef CONFIG_MAC80211_DEBUGFS
+
+struct sta_debugfs_entry {
+	struct dentry *debugfs_dir;
+	struct kref kref;
+};
+
+#endif /* CONFIG_MAC80211_DEBUGFS */
+
 /*
  * The bandwidth threshold below which the per-station CoDel parameters will be
  * scaled to be more lenient (to prevent starvation of slow stations). This
@@ -563,7 +572,7 @@ struct link_sta_info {
 	enum ieee80211_sta_rx_bandwidth cur_max_bandwidth;

 #ifdef CONFIG_MAC80211_DEBUGFS
-	struct dentry *debugfs_dir;
+	struct sta_debugfs_entry *debugfs_entry;
 #endif

 	struct ieee80211_link_sta *pub;
@@ -707,7 +716,7 @@ struct sta_info {
 	struct sta_ampdu_mlme ampdu_mlme;

 #ifdef CONFIG_MAC80211_DEBUGFS
-	struct dentry *debugfs_dir;
+	struct sta_debugfs_entry *debugfs_entry;
 #endif

 	struct codel_params cparams;

Dmitry







