From patchwork Tue Sep 22 19:19:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 11792999 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EEC39139A for ; Tue, 22 Sep 2020 19:25:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CDBD423787 for ; Tue, 22 Sep 2020 19:25:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=candelatech.com header.i=@candelatech.com header.b="O0ZX+rnr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726576AbgIVTZN (ORCPT ); Tue, 22 Sep 2020 15:25:13 -0400 Received: from mail2.candelatech.com ([208.74.158.173]:44952 "EHLO mail3.candelatech.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726566AbgIVTZN (ORCPT ); Tue, 22 Sep 2020 15:25:13 -0400 Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 79C9C13C2B0; Tue, 22 Sep 2020 12:20:00 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 79C9C13C2B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1600802400; bh=/hsZNWlMO8q90+AR3z0NSM2bW5UCcwsFE4SclNmOotk=; h=From:To:Cc:Subject:Date:From; b=O0ZX+rnrhSQhPhAaqQadI6/YcIYSC8plVgVYkT7uTPF8pLKg+qLBeRriFE0gv2+g9 DelK4zJw4qHI2nrjNOtERUDIM29YZs1WdJTrcYfVlc6fQrnrZ4M4YQST5vWY+g6xND 4PhYXVhiMJFo4/k2mt2JJ8ftTP26nUXyfYAa/goM= From: greearb@candelatech.com To: linux-wireless@vger.kernel.org, ath10k@lists.infradead.org Cc: Ben Greear Subject: [PATCH 1/2] mac80211: Support not iterating over not-sdata-in-driver ifaces Date: Tue, 22 Sep 2020 12:19:56 -0700 Message-Id: <20200922191957.25257-1-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Ben Greear Allow drivers to request that interface-iterator does NOT iterate over interfaces that are not sdata-in-driver. This will allow us to fix crashes in ath10k (and possibly other drivers). To summarize Johannes' explanation: Consider add interface wlan0 add interface wlan1 iterate active interfaces -> wlan0 wlan1 add interface wlan2 iterate active interfaces -> wlan0 wlan1 wlan2 If you apply this scenario to a restart, which ought to be functionally equivalent to the normal startup, just compressed in time, you're basically saying that today you get add interface wlan0 add interface wlan1 iterate active interfaces -> wlan0 wlan1 wlan2 << problem here add interface wlan2 iterate active interfaces -> wlan0 wlan1 wlan2 which yeah, totally seems wrong. But fixing that to be add interface wlan0 add interface wlan1 iterate active interfaces -> add interface wlan2 iterate active interfaces -> (or maybe -> wlan0 wlan1 wlan2 if the reconfig already completed) This is also at least somewhat wrong, but better to not iterate over something that exists in the driver than iterate over something that does not. Originally the first issue was causing crashes in testing with lots of station vdevs on an ath10k radio, combined with firmware crashing. I ran with a similar patch for years with no obvious bad results, including significant testing with ath9k and ath10k. Signed-off-by: Ben Greear --- include/net/mac80211.h | 4 ++++ net/mac80211/util.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 66e2bfd165e82..9c4bffcaed404 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -5344,11 +5344,15 @@ void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw); * @IEEE80211_IFACE_ITER_RESUME_ALL: During resume, iterate over all * interfaces, even if they haven't been re-added to the driver yet. * @IEEE80211_IFACE_ITER_ACTIVE: Iterate only active interfaces (netdev is up). + * @IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER: Skip any interfaces where SDATA + * is not in the driver. This may fix crashes during firmware recovery + * for instance. */ enum ieee80211_interface_iteration_flags { IEEE80211_IFACE_ITER_NORMAL = 0, IEEE80211_IFACE_ITER_RESUME_ALL = BIT(0), IEEE80211_IFACE_ITER_ACTIVE = BIT(1), + IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER = BIT(2), }; /** diff --git a/net/mac80211/util.c b/net/mac80211/util.c index c8504ffc71a11..f3bc05217f741 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -733,6 +733,9 @@ static void __iterate_interfaces(struct ieee80211_local *local, if (!(iter_flags & IEEE80211_IFACE_ITER_RESUME_ALL) && active_only && !(sdata->flags & IEEE80211_SDATA_IN_DRIVER)) continue; + if ((iter_flags & IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) && + !(sdata->flags & IEEE80211_SDATA_IN_DRIVER)) + continue; if (ieee80211_sdata_running(sdata) || !active_only) iterator(data, sdata->vif.addr, &sdata->vif); From patchwork Tue Sep 22 19:19:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 11793001 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2782316BC for ; Tue, 22 Sep 2020 19:25:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0567E2376F for ; Tue, 22 Sep 2020 19:25:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=candelatech.com header.i=@candelatech.com header.b="c31h0iYN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726583AbgIVTZO (ORCPT ); Tue, 22 Sep 2020 15:25:14 -0400 Received: from mail2.candelatech.com ([208.74.158.173]:44950 "EHLO mail3.candelatech.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726448AbgIVTZO (ORCPT ); Tue, 22 Sep 2020 15:25:14 -0400 X-Greylist: delayed 313 seconds by postgrey-1.27 at vger.kernel.org; Tue, 22 Sep 2020 15:25:13 EDT Received: from ben-dt4.candelatech.com (50-251-239-81-static.hfc.comcastbusiness.net [50.251.239.81]) by mail3.candelatech.com (Postfix) with ESMTP id 93BBA13C2B3; Tue, 22 Sep 2020 12:20:02 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 93BBA13C2B3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1600802402; bh=fSzdoaVTsmd57gOddD3KQXCFk3b01FR44Ty/fAWiRqA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c31h0iYNdVKd44VM557gP+DdpLLkHMA/lDGaR7SISCYU4Q6Dgb9/tk1FLbv0+HQMg ++V6C5ibTAyi6ajLKJxR6d16okJ0togtLG6lsepsE0AMhBHlNEA1G2UqEzJTP5D5Wf GD+PZaAyFF7iOGqmkPtHzbWDu7+a3y7qeSlWGXgE= From: greearb@candelatech.com To: linux-wireless@vger.kernel.org, ath10k@lists.infradead.org Cc: Ben Greear Subject: [PATCH 2/2] ath10k: Don't iterate over not-sdata-in-driver interfaces. Date: Tue, 22 Sep 2020 12:19:57 -0700 Message-Id: <20200922191957.25257-2-greearb@candelatech.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200922191957.25257-1-greearb@candelatech.com> References: <20200922191957.25257-1-greearb@candelatech.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Ben Greear This fixes possible crash scenario where interfaces that were not set up in the driver yet might still be iterated over. When originally debugged on the ath10k-ct driver, the crash looked like this: kernel BUG at /home/greearb/git/linux-4.7.dev.y/drivers/net/wireless/ath/ath10k/wmi.c:1781! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: nf_conntrack_netlink nf_conntrack nfnetlink nf_defrag_ipv4 bridge carl9170 mac80211_hwsim ath10k_pci ath10k_core ath5k ath9k ath9k_common ath9k_hw ath mac80211 cfg80211 8021q garp mrp stp llc bnep bluetooth fuse macvlan pktgen rpcsec_gss_krb5 nfsv4 nfs fscache snd_hda_codec_hdmi coretemp hwmon intel_rapl x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_realtek snd_hda_codec_generic kvm iTCO_wdt irqbypass iTCO_vendor_support joydev snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device pcspkr snd_pcm snd_timer shpchp snd i2c_i801 lpc_ich soundcore tpm_tis tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 serio_raw i2c_algo_bit drm_kms_helper ata_generic e1000e pata_acpi drm ptp pps_core i2c_core fjes video ipv6 [last unloaded: nf_conntrack] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.7.10+ #15 Hardware name: To be filled by O.E.M. To be filled by O.E.M./ChiefRiver, BIOS 4.6.5 06/07/2013 task: ffff8801d4f20000 ti: ffff8801d4f28000 task.ti: ffff8801d4f28000 RIP: 0010:[] [] ath10k_wmi_tx_beacons_iter+0x28b/0x290 [ath10k_core] RSP: 0018:ffff8801d6447a98 EFLAGS: 00010293 RAX: 0000000000000018 RBX: ffff8801ce97e1d8 RCX: 0000000000000000 RDX: 0000000000000018 RSI: 0000000000000003 RDI: ffffed003ac88f49 RBP: ffff8801d6447af0 R08: 0000000000000003 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: ffff8801ce97e320 R14: ffff8801ce97e378 R15: ffff8801ce97ca40 FS: 0000000000000000(0000) GS:ffff8801d6440000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007eff191ef1ab CR3: 000000000260a000 CR4: 00000000001406e0 Stack: 1ffff1003ac88f59 0000000041b58ab3 ffffffffa0f4d52a ffff8801d4f20000 0000000000000246 0000000000000002 ffff8801ce97e1d8 ffff8801bd5d39b8 0000000000000002 0000000000000001 ffff8801ce97ca40 ffff8801d6447b48 Call Trace: [] __iterate_interfaces+0xfc/0x1d0 [mac80211] [] ? ath10k_wmi_cmd_send_nowait+0x260/0x260 [ath10k_core] [] ? ath10k_wmi_cmd_send_nowait+0x260/0x260 [ath10k_core] [] ieee80211_iterate_active_interfaces_atomic+0x67/0x100 [mac80211] [] ? ieee80211_handle_reconfig_failure+0x140/0x140 [mac80211] [] ? ath10k_tpc_config_disp_tables+0x620/0x620 [ath10k_core] [] ath10k_wmi_op_ep_tx_credits+0x2b/0x50 [ath10k_core] [] ath10k_htc_rx_completion_handler+0x422/0x5c0 [ath10k_core] [] ath10k_pci_process_rx_cb+0x37e/0x430 [ath10k_pci] [] ? ath10k_htc_build_tx_ctrl_skb+0xc0/0xc0 [ath10k_core] [] ? ath10k_pci_rx_post_pipe+0x550/0x550 [ath10k_pci] [] ? debug_lockdep_rcu_enabled+0x35/0x40 [] ? mark_held_locks+0x23/0xc0 [] ? __local_bh_enable_ip+0x6a/0xd0 [] ? trace_hardirqs_on_caller+0x18b/0x290 [] ? trace_hardirqs_on+0xd/0x10 [] ? __local_bh_enable_ip+0x6a/0xd0 [] ? _raw_spin_unlock_bh+0x30/0x40 [] ? ath10k_ce_per_engine_service+0xee/0x100 [ath10k_pci] [] ath10k_pci_htt_htc_rx_cb+0x29/0x30 [ath10k_pci] [] ath10k_ce_per_engine_service+0xa6/0x100 [ath10k_pci] [] ath10k_ce_per_engine_service_any+0xd6/0xf0 [ath10k_pci] [] ? ath10k_pci_enable_legacy_irq+0xe0/0xe0 [ath10k_pci] [] ath10k_pci_tasklet+0x5f/0xb0 [ath10k_pci] [] tasklet_action+0x245/0x2b0 [] __do_softirq+0x181/0x595 [] irq_exit+0xbc/0xc0 [] do_IRQ+0x7c/0x150 [] common_interrupt+0x8c/0x8c [] ? trace_hardirqs_on_caller+0x18b/0x290 [] ? cpuidle_enter_state+0x1ae/0x4b0 [] ? cpuidle_enter_state+0x1a7/0x4b0 [] cpuidle_enter+0x12/0x20 [] call_cpuidle+0x4e/0x90 [] cpu_startup_entry+0x3f7/0x540 [] ? default_idle_call+0x50/0x50 [] ? clockevents_config_and_register+0x5f/0x70 [] ? setup_APIC_timer+0xfa/0x110 [] start_secondary+0x253/0x2b0 [] ? set_cpu_sibling_map+0x920/0x920 Code: 4d 49 e0 8b b3 48 01 00 00 48 c7 c7 a0 ee f3 a0 e8 d9 c2 3f e0 49 81 fd 3f 1f 00 00 76 0f 49 81 fc 3f 1f 00 00 0f 87 c0 fd ff ff <0f> 0b 0f 0b 90 55 48 89 e5 41 57 41 56 48 8d 85 58 ff ff ff 41 RIP [] ath10k_wmi_tx_beacons_iter+0x28b/0x290 [ath10k_core] RSP ---[ end trace 6588464714e5163a ]--- Similar logic was tested for years in ath10k-ct driver and various firmware. Also tested with stock kernel plus this patch, with firmware 10.2.4-1.0-00037 This test case was to bring up 5 vap on a radio and fake a firmware crash. Make sure ap interfaces continue to function properly. Signed-off-by: Ben Greear --- drivers/net/wireless/ath/ath10k/core.h | 4 ++++ drivers/net/wireless/ath/ath10k/mac.c | 16 +++++++--------- drivers/net/wireless/ath/ath10k/p2p.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/core.h b/drivers/net/wireless/ath/ath10k/core.h index 5c18f6c204628..1d89aae6a21cb 100644 --- a/drivers/net/wireless/ath/ath10k/core.h +++ b/drivers/net/wireless/ath/ath10k/core.h @@ -82,6 +82,10 @@ /* Default Airtime weight multipler (Tuned for multiclient performance) */ #define ATH10K_AIRTIME_WEIGHT_MULTIPLIER 4 + +#define ITER_NORMAL_FLAGS (IEEE80211_IFACE_ITER_NORMAL | IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) +#define ITER_RESUME_FLAGS (IEEE80211_IFACE_ITER_RESUME_ALL | IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) + struct ath10k; static inline const char *ath10k_bus_str(enum ath10k_bus bus) diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c index 3c0c33a9f30cb..f4391f71efb8b 100644 --- a/drivers/net/wireless/ath/ath10k/mac.c +++ b/drivers/net/wireless/ath/ath10k/mac.c @@ -2066,7 +2066,7 @@ static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac, void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb) { ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_handle_beacon_iter, skb); } @@ -2099,7 +2099,7 @@ static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac, void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id) { ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_handle_beacon_miss_iter, &vdev_id); } @@ -3367,7 +3367,7 @@ void ath10k_mac_tx_unlock(struct ath10k *ar, int reason) return; ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_RESUME_ALL, + ITER_RESUME_FLAGS, ath10k_mac_tx_unlock_iter, ar); @@ -3456,7 +3456,7 @@ void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id, spin_lock_bh(&ar->htt.tx_lock); ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_RESUME_ALL, + ITER_RESUME_FLAGS, ath10k_mac_handle_tx_pause_iter, &arg); spin_unlock_bh(&ar->htt.tx_lock); @@ -8119,7 +8119,7 @@ ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw, if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) { ieee80211_iterate_active_interfaces_atomic( hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_change_chanctx_cnt_iter, &arg); if (arg.n_vifs == 0) @@ -8132,7 +8132,7 @@ ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw, ieee80211_iterate_active_interfaces_atomic( hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_mac_change_chanctx_fill_iter, &arg); ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs); @@ -8928,14 +8928,12 @@ static void ath10k_get_arvif_iter(void *data, u8 *mac, struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id) { struct ath10k_vif_iter arvif_iter; - u32 flags; memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter)); arvif_iter.vdev_id = vdev_id; - flags = IEEE80211_IFACE_ITER_RESUME_ALL; ieee80211_iterate_active_interfaces_atomic(ar->hw, - flags, + ITER_RESUME_FLAGS, ath10k_get_arvif_iter, &arvif_iter); if (!arvif_iter.arvif) { diff --git a/drivers/net/wireless/ath/ath10k/p2p.c b/drivers/net/wireless/ath/ath10k/p2p.c index 29c737b2f4327..6252ffd275239 100644 --- a/drivers/net/wireless/ath/ath10k/p2p.c +++ b/drivers/net/wireless/ath/ath10k/p2p.c @@ -139,7 +139,7 @@ void ath10k_p2p_noa_update_by_vdev_id(struct ath10k *ar, u32 vdev_id, }; ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_p2p_noa_update_vdev_iter, &arg); } diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c index a81a1ab2de19e..5c5f7fd542b64 100644 --- a/drivers/net/wireless/ath/ath10k/wmi.c +++ b/drivers/net/wireless/ath/ath10k/wmi.c @@ -1893,7 +1893,7 @@ static void ath10k_wmi_tx_beacons_iter(void *data, u8 *mac, static void ath10k_wmi_tx_beacons_nowait(struct ath10k *ar) { ieee80211_iterate_active_interfaces_atomic(ar->hw, - IEEE80211_IFACE_ITER_NORMAL, + ITER_NORMAL_FLAGS, ath10k_wmi_tx_beacons_iter, NULL); }