Re: [PATCH] wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x)

Philip Müller <philm@xxxxxxxxxxx> · Tue, 12 Dec 2023 05:41:17 +0700

On 11.12.23 04:39, Léo Lam wrote:
Commit 4a7e92551618f3737b305f62451353ee05662f57 ("wifi: cfg80211: fix
CQM for non-range use" on 6.6.x) causes nl80211_set_cqm_rssi not to
release the wdev lock in some situations.

Of course, the ensuing deadlock causes userland network managers to
break pretty badly, and on typical systems this also causes lockups on
on suspend, poweroff and reboot. See [1], [2], [3] for example reports.

The upstream commit, 7e7efdda6adb385fbdfd6f819d76bc68c923c394
("wifi: cfg80211: fix CQM for non-range use"), does not trigger this
issue because the wdev lock does not exist there.

Fix the deadlock by releasing the lock before returning.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=218247
[2] https://bbs.archlinux.org/viewtopic.php?id=290976
[3] https://lore.kernel.org/all/87sf4belmm.fsf@xxxxxxxxxxxxx/

Fixes: 4a7e92551618 ("wifi: cfg80211: fix CQM for non-range use")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Léo Lam <leo@xxxxxxxxx>
---
  net/wireless/nl80211.c | 18 ++++++++++++------
  1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 6a82dd876f27..0b0dfecedc50 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -12906,17 +12906,23 @@ static int nl80211_set_cqm_rssi(struct genl_info *info,
  					lockdep_is_held(&wdev->mtx));
  
  	/* if already disabled just succeed */
-	if (!n_thresholds && !old)
-		return 0;
+	if (!n_thresholds && !old) {
+		err = 0;
+		goto unlock;
+	}
  
  	if (n_thresholds > 1) {
  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
  					     NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
-		    !rdev->ops->set_cqm_rssi_range_config)
-			return -EOPNOTSUPP;
+		    !rdev->ops->set_cqm_rssi_range_config) {
+			err = -EOPNOTSUPP;
+			goto unlock;
+		}
  	} else {
-		if (!rdev->ops->set_cqm_rssi_config)
-			return -EOPNOTSUPP;
+		if (!rdev->ops->set_cqm_rssi_config) {
+			err = -EOPNOTSUPP;
+			goto unlock;
+		}
  	}
  
  	if (n_thresholds) {

I have at least 7 users who have tested that fix on my end:

https://lore.kernel.org/stable/20231210213930.61378-1-leo@xxxxxxxxx/

So it can also be called tested now:

https://forum.manjaro.org/t/153045/77
https://forum.manjaro.org/t/153045/88
https://forum.manjaro.org/t/153045/90
https://forum.manjaro.org/t/153045/92
https://forum.manjaro.org/t/153045/93
https://forum.manjaro.org/t/153045/94

--
Best, Philip








