| Message ID | 20231019153115.26401-2-johan+linaro@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 1a5352a81b4720ba43d9c899974e3bddf7ce0ce8 |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | wifi: ath11k: fix event locking | expand |
On 10/19/2023 8:31 AM, Johan Hovold wrote: > The ath11k active pdevs are protected by RCU but the temperature event > handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a > read-side critical section as reported by RCU lockdep: > > ============================= > WARNING: suspicious RCU usage > 6.6.0-rc6 #7 Not tainted > ----------------------------- > drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! > > other info that might help us debug this: > > rcu_scheduler_active = 2, debug_locks = 1 > no locks held by swapper/0/0. > ... > Call trace: > ... > lockdep_rcu_suspicious+0x16c/0x22c > ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] > ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] > ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] > > Mark the code in question as an RCU read-side critical section to avoid > any potential use-after-free issues. > > Fixes: a41d10348b01 ("ath11k: add thermal sensor device support") > Cc: stable@vger.kernel.org # 5.7 > Signed-off-by: Johan Hovold <johan+linaro@kernel.org> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Johan Hovold <johan+linaro@kernel.org> writes: > The ath11k active pdevs are protected by RCU but the temperature event > handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a > read-side critical section as reported by RCU lockdep: > > ============================= > WARNING: suspicious RCU usage > 6.6.0-rc6 #7 Not tainted > ----------------------------- > drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! > > other info that might help us debug this: > > rcu_scheduler_active = 2, debug_locks = 1 > no locks held by swapper/0/0. > ... > Call trace: > ... > lockdep_rcu_suspicious+0x16c/0x22c > ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] > ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] > ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] > > Mark the code in question as an RCU read-side critical section to avoid > any potential use-after-free issues. > > Fixes: a41d10348b01 ("ath11k: add thermal sensor device support") > Cc: stable@vger.kernel.org # 5.7 > Signed-off-by: Johan Hovold <johan+linaro@kernel.org> On what hardware and firmware version did you test this? As there's so many different combos we use Tested-on tag to provide that information in the commit message: https://wireless.wiki.kernel.org/en/users/drivers/ath11k/submittingpatches#tested-on_tag I can add that if you let me know what you used.
On Tue, Oct 24, 2023 at 04:59:35PM +0300, Kalle Valo wrote: > Johan Hovold <johan+linaro@kernel.org> writes: > > > The ath11k active pdevs are protected by RCU but the temperature event > > handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a > > read-side critical section as reported by RCU lockdep: > On what hardware and firmware version did you test this? As there's so > many different combos we use Tested-on tag to provide that information > in the commit message: > > https://wireless.wiki.kernel.org/en/users/drivers/ath11k/submittingpatches#tested-on_tag > > I can add that if you let me know what you used. I hit this on the Lenovo Thinkpad X13s and I guess the tag should be: Tested-on: QCNFA765 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 Note that I've only been able to test the ath11k fixes (not the corresponding ath12k) and I only tested this particular patch fully (e.g. since I didn't trigger any radar events). Johan
Johan Hovold <johan@kernel.org> writes: > On Tue, Oct 24, 2023 at 04:59:35PM +0300, Kalle Valo wrote: >> Johan Hovold <johan+linaro@kernel.org> writes: >> >> > The ath11k active pdevs are protected by RCU but the temperature event >> > handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a >> > read-side critical section as reported by RCU lockdep: > >> On what hardware and firmware version did you test this? As there's so >> many different combos we use Tested-on tag to provide that information >> in the commit message: >> >> https://wireless.wiki.kernel.org/en/users/drivers/ath11k/submittingpatches#tested-on_tag >> >> I can add that if you let me know what you used. > > I hit this on the Lenovo Thinkpad X13s and I guess the tag should be: > > Tested-on: QCNFA765 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 From ath11k point of view QCNFA765 is WCN6855 so I used this one: Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 > Note that I've only been able to test the ath11k fixes (not the > corresponding ath12k) and I only tested this particular patch fully Thanks, I added Tested-on to this patch 1 and for the rest I added "compile tested only".
Johan Hovold <johan+linaro@kernel.org> wrote: > The ath11k active pdevs are protected by RCU but the temperature event > handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a > read-side critical section as reported by RCU lockdep: > > ============================= > WARNING: suspicious RCU usage > 6.6.0-rc6 #7 Not tainted > ----------------------------- > drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! > > other info that might help us debug this: > > rcu_scheduler_active = 2, debug_locks = 1 > no locks held by swapper/0/0. > ... > Call trace: > ... > lockdep_rcu_suspicious+0x16c/0x22c > ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] > ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] > ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] > > Mark the code in question as an RCU read-side critical section to avoid > any potential use-after-free issues. > > Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 > > Fixes: a41d10348b01 ("ath11k: add thermal sensor device support") > Cc: stable@vger.kernel.org # 5.7 > Signed-off-by: Johan Hovold <johan+linaro@kernel.org> > Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> > Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> 2 patches applied to ath-next branch of ath.git, thanks. 1a5352a81b47 wifi: ath11k: fix temperature event locking 3b6c14833165 wifi: ath11k: fix dfs radar event locking
On Wed, Oct 25, 2023 at 12:51:10PM +0300, Kalle Valo wrote: > Johan Hovold <johan@kernel.org> writes: > > I hit this on the Lenovo Thinkpad X13s and I guess the tag should be: > > > > Tested-on: QCNFA765 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 > > From ath11k point of view QCNFA765 is WCN6855 so I used this one: > > Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 > > > Note that I've only been able to test the ath11k fixes (not the > > corresponding ath12k) and I only tested this particular patch fully > > Thanks, I added Tested-on to this patch 1 and for the rest I added > "compile tested only". Thanks for fixing that, I'll try to remember the Tested-on tag next time. Johan
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c index 23ad6825e5be..da1582b8dc30 100644 --- a/drivers/net/wireless/ath/ath11k/wmi.c +++ b/drivers/net/wireless/ath/ath11k/wmi.c @@ -8383,14 +8383,17 @@ ath11k_wmi_pdev_temperature_event(struct ath11k_base *ab, ath11k_dbg(ab, ATH11K_DBG_WMI, "event pdev temperature ev temp %d pdev_id %d\n", ev->temp, ev->pdev_id); + rcu_read_lock(); + ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id); if (!ar) { ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev->pdev_id); - kfree(tb); - return; + goto exit; } ath11k_thermal_event_temperature(ar, ev->temp); +exit: + rcu_read_unlock(); kfree(tb); }
The ath11k active pdevs are protected by RCU but the temperature event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section as reported by RCU lockdep: ============================= WARNING: suspicious RCU usage 6.6.0-rc6 #7 Not tainted ----------------------------- drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by swapper/0/0. ... Call trace: ... lockdep_rcu_suspicious+0x16c/0x22c ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Fixes: a41d10348b01 ("ath11k: add thermal sensor device support") Cc: stable@vger.kernel.org # 5.7 Signed-off-by: Johan Hovold <johan+linaro@kernel.org> --- drivers/net/wireless/ath/ath11k/wmi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)