From patchwork Tue Sep 22 19:19:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 11792995 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BCEDB1668 for ; Tue, 22 Sep 2020 19:21:08 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5DADF2071A for ; Tue, 22 Sep 2020 19:21:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="nuR1n2mi"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=candelatech.com header.i=@candelatech.com header.b="c31h0iYN" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5DADF2071A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=candelatech.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=ath10k-bounces+patchwork-ath10k=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=MDzbhJ0pg3JkU7bk9dJQiyBT+tfY5E4LonOeXL+NR/Q=; b=nuR1n2miA445UeKHinn2Z+BmP W3ON7LkU547WgO7KV0inTg9tY2rzY5UxMLt5joGwg2EoHi0TMpU7jz0Ici8u60yaaP1uAcDfEhyFV augJIVd7UvAV/UjWd9E7u1h2UJLt3MAhjELBVfcsjuU3CLBQTe9Qor6A36sL0aMcwtKdj7ppCsPg0 rE+kvH2yqj4+5JSdqXnoenqf0OCIdaeSBy7ttLIdg+wJ0AN8qhsRBzXQMZF+xh7YfqDGXC4JO/uHp ewAQhZCpTaFC0WPwVLmnWBLKMKJZe+9QmX4jPNdDn/jnQtltUmdjUhgBsSNU0cz/W/vC5OPoaywn6 oKCWuFFig==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kKnpm-00010d-Gh; Tue, 22 Sep 2020 19:20:14 +0000 Received: from mail2.candelatech.com ([208.74.158.173] helo=mail3.candelatech.com) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kKnpj-0000za-0j for ath10k@lists.infradead.org; Tue, 22 Sep 2020 19:20:12 +0000 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 93BBA13C2B3; Tue, 22 Sep 2020 12:20:02 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 93BBA13C2B3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1600802402; bh=fSzdoaVTsmd57gOddD3KQXCFk3b01FR44Ty/fAWiRqA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c31h0iYNdVKd44VM557gP+DdpLLkHMA/lDGaR7SISCYU4Q6Dgb9/tk1FLbv0+HQMg ++V6C5ibTAyi6ajLKJxR6d16okJ0togtLG6lsepsE0AMhBHlNEA1G2UqEzJTP5D5Wf GD+PZaAyFF7iOGqmkPtHzbWDu7+a3y7qeSlWGXgE= From: greearb@candelatech.com To: linux-wireless@vger.kernel.org, ath10k@lists.infradead.org Subject: [PATCH 2/2] ath10k: Don't iterate over not-sdata-in-driver interfaces. Date: Tue, 22 Sep 2020 12:19:57 -0700 Message-Id: <20200922191957.25257-2-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200922191957.25257-1-greearb@candelatech.com> References: <20200922191957.25257-1-greearb@candelatech.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200922_152011_231439_98F2266A X-CRM114-Status: GOOD ( 13.93 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: ath10k@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear Sender: "ath10k" Errors-To: ath10k-bounces+patchwork-ath10k=patchwork.kernel.org@lists.infradead.org From: Ben Greear This fixes possible crash scenario where interfaces that were not set up in the driver yet might still be iterated over. When originally debugged on the ath10k-ct driver, the crash looked like this: kernel BUG at /home/greearb/git/linux-4.7.dev.y/drivers/net/wireless/ath/ath10k/wmi.c:1781! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: nf_conntrack_netlink nf_conntrack nfnetlink nf_defrag_ipv4 bridge carl9170 mac80211_hwsim ath10k_pci ath10k_core ath5k ath9k ath9k_common ath9k_hw ath mac80211 cfg80211 8021q garp mrp stp llc bnep bluetooth fuse macvlan pktgen rpcsec_gss_krb5 nfsv4 nfs fscache snd_hda_codec_hdmi coretemp hwmon intel_rapl x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_realtek snd_hda_codec_generic kvm iTCO_wdt irqbypass iTCO_vendor_support joydev snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device pcspkr snd_pcm snd_timer shpchp snd i2c_i801 lpc_ich soundcore tpm_tis tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 serio_raw i2c_algo_bit drm_kms_helper ata_generic e1000e pata_acpi drm ptp pps_core i2c_core fjes video ipv6 [last unloaded: nf_conntrack] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.7.10+ #15 Hardware name: To be filled by O.E.M. To be filled by O.E.M./ChiefRiver, BIOS 4.6.5 06/07/2013 task: ffff8801d4f20000 ti: ffff8801d4f28000 task.ti: ffff8801d4f28000 RIP: 0010:[] [] ath10k_wmi_tx_beacons_iter+0x28b/0x290 [ath10k_core] RSP: 0018:ffff8801d6447a98 EFLAGS: 00010293 RAX: 0000000000000018 RBX: ffff8801ce97e1d8 RCX: 0000000000000000 RDX: 0000000000000018 RSI: 0000000000000003 RDI: ffffed003ac88f49 RBP: ffff8801d6447af0 R08: 0000000000000003 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: ffff8801ce97e320 R14: ffff8801ce97e378 R15: ffff8801ce97ca40 FS: 0000000000000000(0000) GS:ffff8801d6440000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007eff191ef1ab CR3: 000000000260a000 CR4: 00000000001406e0 Stack: 1ffff1003ac88f59 0000000041b58ab3 ffffffffa0f4d52a ffff8801d4f20000 0000000000000246 0000000000000002 ffff8801ce97e1d8 ffff8801bd5d39b8 0000000000000002 0000000000000001 ffff8801ce97ca40 ffff8801d6447b48 Call Trace: [] __iterate_interfaces+0xfc/0x1d0 [mac80211] [] ? ath10k_wmi_cmd_send_nowait+0x260/0x260 [ath10k_core] [] ? ath10k_wmi_cmd_send_nowait+0x260/0x260 [ath10k_core] [] ieee80211_iterate_active_interfaces_atomic+0x67/0x100 [mac80211] [] ? ieee80211_handle_reconfig_failure+0x140/0x140 [mac80211] [] ? ath10k_tpc_config_disp_tables+0x620/0x620 [ath10k_core] [] ath10k_wmi_op_ep_tx_credits+0x2b/0x50 [ath10k_core] [] ath10k_htc_rx_completion_handler+0x422/0x5c0 [ath10k_core] [] ath10k_pci_process_rx_cb+0x37e/0x430 [ath10k_pci] [] ? ath10k_htc_build_tx_ctrl_skb+0xc0/0xc0 [ath10k_core] [] ? ath10k_pci_rx_post_pipe+0x550/0x550 [ath10k_pci] [] ? debug_lockdep_rcu_enabled+0x35/0x40 [] ? mark_held_locks+0x23/0xc0 [] ? __local_bh_enable_ip+0x6a/0xd0 [] ? trace_hardirqs_on_caller+0x18b/0x290 [] ? trace_hardirqs_on+0xd/0x10 [] ? __local_bh_enable_ip+0x6a/0xd0 [] ? _raw_spin_unlock_bh+0x30/0x40 [] ? ath10k_ce_per_engine_service+0xee/0x100 [ath10k_pci] [] ath10k_pci_htt_htc_rx_cb+0x29/0x30 [ath10k_pci] [] ath10k_ce_per_engine_service+0xa6/0x100 [ath10k_pci] [] ath10k_ce_per_engine_service_any+0xd6/0xf0 [ath10k_pci] [] ? ath10k_pci_enable_legacy_irq+0xe0/0xe0 [ath10k_pci] [] ath10k_pci_tasklet+0x5f/0xb0 [ath10k_pci] [] tasklet_action+0x245/0x2b0 [] __do_softirq+0x181/0x595 [] irq_exit+0xbc/0xc0 [] do_IRQ+0x7c/0x150 [] common_interrupt+0x8c/0x8c [] ? trace_hardirqs_on_caller+0x18b/0x290 [] ? cpuidle_enter_state+0x1ae/0x4b0 [] ? cpuidle_enter_state+0x1a7/0x4b0 [] cpuidle_enter+0x12/0x20 [] call_cpuidle+0x4e/0x90 [] cpu_startup_entry+0x3f7/0x540 [] ? default_idle_call+0x50/0x50 [] ? clockevents_config_and_register+0x5f/0x70 [] ? setup_APIC_timer+0xfa/0x110 [] start_secondary+0x253/0x2b0 [] ? set_cpu_sibling_map+0x920/0x920 Code: 4d 49 e0 8b b3 48 01 00 00 48 c7 c7 a0 ee f3 a0 e8 d9 c2 3f e0 49 81 fd 3f 1f 00 00 76 0f 49 81 fc 3f 1f 00 00 0f 87 c0 fd ff ff <0f> 0b 0f 0b 90 55 48 89 e5 41 57 41 56 48 8d 85 58 ff ff ff 41 RIP [] ath10k_wmi_tx_beacons_iter+0x28b/0x290 [ath10k_core] RSP ---[ end trace 6588464714e5163a ]--- Similar logic was tested for years in ath10k-ct driver and various firmware. Also tested with stock kernel plus this patch, with firmware 10.2.4-1.0-00037 This test case was to bring up 5 vap on a radio and fake a firmware crash. Make sure ap interfaces continue to function properly. Signed-off-by: Ben Greear --- drivers/net/wireless/ath/ath10k/core.h | 4 ++++ drivers/net/wireless/ath/ath10k/mac.c | 16 +++++++--------- drivers/net/wireless/ath/ath10k/p2p.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/core.h b/drivers/net/wireless/ath/ath10k/core.h index 5c18f6c204628..1d89aae6a21cb 100644 --- a/drivers/net/wireless/ath/ath10k/core.h +++ b/drivers/net/wireless/ath/ath10k/core.h @@ -82,6 +82,10 @@ /* Default Airtime weight multipler (Tuned for multiclient performance) */ #define ATH10K_AIRTIME_WEIGHT_MULTIPLIER 4 + +#define ITER_NORMAL_FLAGS (IEEE80211_IFACE_ITER_NORMAL | IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) +#define ITER_RESUME_FLAGS (IEEE80211_IFACE_ITER_RESUME_ALL | IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) + struct ath10k; static inline const char *ath10k_bus_str(enum ath10k_bus bus) diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c index 3c0c33a9f30cb..f4391f71efb8b 100644 --- a/drivers/net/wireless/ath/ath10k/mac.c +++ b/drivers/net/wireless/ath/ath10k/mac.c @@ -2066,7 +2066,7 @@ static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac, void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb) { ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_handle_beacon_iter, skb); } @@ -2099,7 +2099,7 @@ static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac, void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id) { ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_handle_beacon_miss_iter, &vdev_id); } @@ -3367,7 +3367,7 @@ void ath10k_mac_tx_unlock(struct ath10k *ar, int reason) return; ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_RESUME_ALL, + ITER_RESUME_FLAGS, ath10k_mac_tx_unlock_iter, ar); @@ -3456,7 +3456,7 @@ void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id, spin_lock_bh(&ar->htt.tx_lock); ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_RESUME_ALL, + ITER_RESUME_FLAGS, ath10k_mac_handle_tx_pause_iter, &arg); spin_unlock_bh(&ar->htt.tx_lock); @@ -8119,7 +8119,7 @@ ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw, if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) { ieee80211_iterate_active_interfaces_atomic( hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_change_chanctx_cnt_iter, &arg); if (arg.n_vifs == 0) @@ -8132,7 +8132,7 @@ ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw, ieee80211_iterate_active_interfaces_atomic( hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_change_chanctx_fill_iter, &arg); ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs); @@ -8928,14 +8928,12 @@ static void ath10k_get_arvif_iter(void *data, u8 *mac, struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id) { struct ath10k_vif_iter arvif_iter; - u32 flags; memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter)); arvif_iter.vdev_id = vdev_id; - flags = IEEE80211_IFACE_ITER_RESUME_ALL; ieee80211_iterate_active_interfaces_atomic(ar->hw, - flags, + ITER_RESUME_FLAGS, ath10k_get_arvif_iter, &arvif_iter); if (!arvif_iter.arvif) { diff --git a/drivers/net/wireless/ath/ath10k/p2p.c b/drivers/net/wireless/ath/ath10k/p2p.c index 29c737b2f4327..6252ffd275239 100644 --- a/drivers/net/wireless/ath/ath10k/p2p.c +++ b/drivers/net/wireless/ath/ath10k/p2p.c @@ -139,7 +139,7 @@ void ath10k_p2p_noa_update_by_vdev_id(struct ath10k *ar, u32 vdev_id, }; ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_p2p_noa_update_vdev_iter, &arg); } diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c index a81a1ab2de19e..5c5f7fd542b64 100644 --- a/drivers/net/wireless/ath/ath10k/wmi.c +++ b/drivers/net/wireless/ath/ath10k/wmi.c @@ -1893,7 +1893,7 @@ static void ath10k_wmi_tx_beacons_iter(void *data, u8 *mac, static void ath10k_wmi_tx_beacons_nowait(struct ath10k *ar) { ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_wmi_tx_beacons_iter, NULL); }