[PATCH net-next v3 02/13] wifi: cfg80211: use __rtnl_unlock in nl80211_pre_doit

[PATCH net-next v3 00/13] net: sleepable ndo_set_rx_mode · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
[PATCH net-next v3 01/13] net: add address list snapshot and reconciliation infrastructure · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
Re: [PATCH net-next v3 01/13] net: add address list snapshot and reconciliation infrastructure · Jakub Kicinski <kuba@kernel.org> · 2026-03-23
Re: [PATCH net-next v3 01/13] net: add address list snapshot and reconciliation infrastructure · Stanislav Fomichev <hidden> · 2026-03-24
[PATCH net-next v3 02/13] wifi: cfg80211: use __rtnl_unlock in nl80211_pre_doit · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
[PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
RE: [Intel-wired-lan] [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Loktionov, Aleksandr <hidden> · 2026-03-20
Re: [Intel-wired-lan] [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Stanislav Fomichev <hidden> · 2026-03-20
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Jakub Kicinski <kuba@kernel.org> · 2026-03-23
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Stanislav Fomichev <hidden> · 2026-03-24
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Jakub Kicinski <kuba@kernel.org> · 2026-03-24
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Stanislav Fomichev <hidden> · 2026-03-24
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Jakub Kicinski <kuba@kernel.org> · 2026-03-25
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Stanislav Fomichev <hidden> · 2026-03-25
Re: [PATCH net-next v3 03/13] net: introduce ndo_set_rx_mode_async and dev_rx_mode_work · Stanislav Fomichev <hidden> · 2026-03-25
[PATCH net-next v3 04/13] net: move promiscuity handling into dev_rx_mode_work · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
RE: [PATCH net-next v3 04/13] net: move promiscuity handling into dev_rx_mode_work · Loktionov, Aleksandr <hidden> · 2026-03-20
Re: [PATCH net-next v3 04/13] net: move promiscuity handling into dev_rx_mode_work · Stanislav Fomichev <hidden> · 2026-03-20
[PATCH net-next v3 05/13] fbnic: convert to ndo_set_rx_mode_async · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
[PATCH net-next v3 06/13] mlx5: convert to ndo_set_rx_mode_async · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
Re: [PATCH net-next v3 06/13] mlx5: convert to ndo_set_rx_mode_async · Cosmin Ratiu <hidden> · 2026-03-20
Re: [PATCH net-next v3 06/13] mlx5: convert to ndo_set_rx_mode_async · Stanislav Fomichev <hidden> · 2026-03-20
[PATCH net-next v3 07/13] bnxt: convert to ndo_set_rx_mode_async · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
Re: [PATCH net-next v3 07/13] bnxt: convert to ndo_set_rx_mode_async · Michael Chan <michael.chan@broadcom.com> · 2026-03-24
[PATCH net-next v3 08/13] bnxt: use snapshot in bnxt_cfg_rx_mode · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
RE: [PATCH net-next v3 08/13] bnxt: use snapshot in bnxt_cfg_rx_mode · Loktionov, Aleksandr <hidden> · 2026-03-20
Re: [PATCH net-next v3 08/13] bnxt: use snapshot in bnxt_cfg_rx_mode · Michael Chan <michael.chan@broadcom.com> · 2026-03-24
Re: [PATCH net-next v3 08/13] bnxt: use snapshot in bnxt_cfg_rx_mode · Stanislav Fomichev <hidden> · 2026-03-24
[PATCH net-next v3 09/13] iavf: convert to ndo_set_rx_mode_async · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
RE: [PATCH net-next v3 09/13] iavf: convert to ndo_set_rx_mode_async · Loktionov, Aleksandr <hidden> · 2026-03-20
[PATCH net-next v3 10/13] netdevsim: convert to ndo_set_rx_mode_async · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
[PATCH net-next v3 11/13] dummy: convert to ndo_set_rx_mode_async · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
RE: [PATCH net-next v3 11/13] dummy: convert to ndo_set_rx_mode_async · Loktionov, Aleksandr <hidden> · 2026-03-20
[PATCH net-next v3 12/13] net: warn ops-locked drivers still using ndo_set_rx_mode · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20
RE: [PATCH net-next v3 12/13] net: warn ops-locked drivers still using ndo_set_rx_mode · Loktionov, Aleksandr <hidden> · 2026-03-20
[PATCH net-next v3 13/13] selftests: net: add team_bridge_macvlan rx_mode test · Stanislav Fomichev <sdf@fomichev.me> · 2026-03-20

STALE89d

Revisions (5)

2026-03-13 v1 [diff vs current]
2026-03-18 v2 [diff vs current]
2026-03-20 v3 current
2026-04-01 v4 [diff vs current]
2026-04-02 v5 [diff vs current]

From: Stanislav Fomichev <sdf@fomichev.me>
Date: 2026-03-20 01:25:06
Also in: intel-wired-lan, linux-doc, linux-kselftest, linux-rdma, linux-wireless, lkml
Subsystem: 802.11 (including cfg80211/nl80211), networking [general], the rest · Maintainers: Johannes Berg, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds

nl80211_pre_doit acquires rtnl_lock and then wiphy_lock, releasing
rtnl while keeping wiphy_lock held until post_doit. With the
introduction of rx_mode_wq and its flush in netdev_run_todo, calling
rtnl_unlock here creates a circular lock dependency:

  Chain exists of:
    (wq_completion)rx_mode_wq --> rtnl_mutex --> &rdev->wiphy.mtx

   Possible unsafe locking scenario:

         CPU0                    CPU1
         ----                    ----
    lock(&rdev->wiphy.mtx);
                                 lock(rtnl_mutex);
                                 lock(&rdev->wiphy.mtx);
    lock((wq_completion)rx_mode_wq);

Switch to __rtnl_unlock to skip netdev_run_todo in nl80211_pre_doit.
This seems safe because we run before the op.

Link: http://lore.kernel.org/netdev/69b5ad67.a00a0220.3b25d1.001a.GAE@google.com (local)
Signed-off-by: Stanislav Fomichev <sdf@fomichev.me>
---
 net/core/rtnetlink.c   | 1 +
 net/wireless/core.c    | 1 +
 net/wireless/nl80211.c | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index dad4b1054955..b1bfb4a4aedd 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c

@@ -150,6 +150,7 @@ void __rtnl_unlock(void)
 		head = next;
 	}
 }
+EXPORT_SYMBOL_NS_GPL(__rtnl_unlock, "NETDEV_INTERNAL");
 
 void rtnl_unlock(void)
 {

diff --git a/net/wireless/core.c b/net/wireless/core.c
index 23afc250bc10..a78a9b613c94 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c

@@ -41,6 +41,7 @@ MODULE_AUTHOR("Johannes Berg");
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("wireless configuration support");
 MODULE_ALIAS_GENL_FAMILY(NL80211_GENL_NAME);
+MODULE_IMPORT_NS("NETDEV_INTERNAL");
 
 /* RCU-protected (and RTNL for writers) */
 LIST_HEAD(cfg80211_rdev_list);

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e15cd26f3a79..f8ed8730cf1c 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c

@@ -18203,7 +18203,7 @@ static int nl80211_pre_doit(const struct genl_split_ops *ops,
 		__release(&rdev->wiphy.mtx);
 	}
 	if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
-		rtnl_unlock();
+		__rtnl_unlock();
 
 	return 0;
 out_unlock:

-- 
2.53.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help