2023-09-20 08:46:07

by Wen Gong

[permalink] [raw]
Subject: [PATCH v6 03/13] wifi: ath11k: fix a possible dead lock caused by ab->base_lock

From: Baochen Qiang <[email protected]>

spin_lock/spin_unlock are used in ath11k_reg_chan_list_event to
acquire/release ab->base_lock, for now this is safe because that
function is only called in soft IRQ context.

But ath11k_reg_chan_list_event() will be called from process
context in an upcoming patch, and this can result in a deadlock if
ab->base_lock is acquired in process context and then soft IRQ occurs
on the same CPU and tries to acquire that lock.

Fix it by using spin_lock_bh and spin_unlock_bh instead.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23

Fixes: 69a0fcf8a9f2 ("ath11k: Avoid reg rules update during firmware recovery")
Signed-off-by: Baochen Qiang <[email protected]>
Signed-off-by: Wen Gong <[email protected]>
---
drivers/net/wireless/ath/ath11k/wmi.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index 1fb445106872..c427299b7202 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -7138,13 +7138,13 @@ int ath11k_reg_handle_chan_list(struct ath11k_base *ab,
/* Avoid default reg rule updates sent during FW recovery if
* it is already available
*/
- spin_lock(&ab->base_lock);
+ spin_lock_bh(&ab->base_lock);
if (test_bit(ATH11K_FLAG_RECOVERY, &ab->dev_flags) &&
ab->default_regd[pdev_idx]) {
- spin_unlock(&ab->base_lock);
+ spin_unlock_bh(&ab->base_lock);
goto retfail;
}
- spin_unlock(&ab->base_lock);
+ spin_unlock_bh(&ab->base_lock);

if (pdev_idx >= ab->num_radios) {
/* Process the event for phy0 only if single_pdev_only
@@ -7194,7 +7194,7 @@ int ath11k_reg_handle_chan_list(struct ath11k_base *ab,
ab->reg_info_store[pdev_idx] = *reg_info;
}

- spin_lock(&ab->base_lock);
+ spin_lock_bh(&ab->base_lock);
if (ab->default_regd[pdev_idx]) {
/* The initial rules from FW after WMI Init is to build
* the default regd. From then on, any rules updated for
@@ -7214,7 +7214,7 @@ int ath11k_reg_handle_chan_list(struct ath11k_base *ab,
ab->default_regd[pdev_idx] = regd;
}
ab->dfs_region = reg_info->dfs_region;
- spin_unlock(&ab->base_lock);
+ spin_unlock_bh(&ab->base_lock);

return 0;

--
2.40.1


2023-09-21 21:41:39

by Jeff Johnson

[permalink] [raw]
Subject: Re: [PATCH v6 03/13] wifi: ath11k: fix a possible dead lock caused by ab->base_lock

On 9/20/2023 1:23 AM, Wen Gong wrote:
> From: Baochen Qiang <[email protected]>
>
> spin_lock/spin_unlock are used in ath11k_reg_chan_list_event to
> acquire/release ab->base_lock, for now this is safe because that

Kalle, can you s/, for/. For/ when you pull into pending?

> function is only called in soft IRQ context.
>
> But ath11k_reg_chan_list_event() will be called from process
> context in an upcoming patch, and this can result in a deadlock if
> ab->base_lock is acquired in process context and then soft IRQ occurs
> on the same CPU and tries to acquire that lock.
>
> Fix it by using spin_lock_bh and spin_unlock_bh instead.
>
> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
>
> Fixes: 69a0fcf8a9f2 ("ath11k: Avoid reg rules update during firmware recovery")
> Signed-off-by: Baochen Qiang <[email protected]>
> Signed-off-by: Wen Gong <[email protected]>
Acked-by: Jeff Johnson <[email protected]>

2023-09-25 10:51:09

by Kalle Valo

[permalink] [raw]
Subject: Re: [PATCH v6 03/13] wifi: ath11k: fix a possible dead lock caused by ab->base_lock

Jeff Johnson <[email protected]> writes:

> On 9/20/2023 1:23 AM, Wen Gong wrote:
>> From: Baochen Qiang <[email protected]>
>> spin_lock/spin_unlock are used in ath11k_reg_chan_list_event to
>> acquire/release ab->base_lock, for now this is safe because that
>
> Kalle, can you s/, for/. For/ when you pull into pending?

Yes, will do. BTW to save time for simple edits like this I don't always
reply to you, I just do the edit the silently. In case you wonder if why
I don't reply.

--
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

2023-10-02 16:10:52

by Kalle Valo

[permalink] [raw]
Subject: Re: [PATCH v6 03/13] wifi: ath11k: fix a possible dead lock caused by ab->base_lock

Wen Gong <[email protected]> wrote:

> spin_lock/spin_unlock are used in ath11k_reg_chan_list_event to
> acquire/release ab->base_lock, for now this is safe because that
> function is only called in soft IRQ context.
>
> But ath11k_reg_chan_list_event() will be called from process
> context in an upcoming patch, and this can result in a deadlock if
> ab->base_lock is acquired in process context and then soft IRQ occurs
> on the same CPU and tries to acquire that lock.
>
> Fix it by using spin_lock_bh and spin_unlock_bh instead.
>
> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
>
> Fixes: 69a0fcf8a9f2 ("ath11k: Avoid reg rules update during firmware recovery")
> Signed-off-by: Baochen Qiang <[email protected]>
> Signed-off-by: Wen Gong <[email protected]>
> Acked-by: Jeff Johnson <[email protected]>
> Signed-off-by: Kalle Valo <[email protected]>

This patch seems to leak memory:

unreferenced object 0xffff8881110f5840 (size 64):
comm "softirq", pid 0, jiffies 4295335213 (age 79.445s)
hex dump (first 32 bytes):
32 14 82 14 50 00 17 00 00 02 00 00 82 14 d2 14 2...P...........
50 00 17 00 08 02 00 00 72 15 62 16 a0 00 1e 00 P.......r.b.....
backtrace:
[<ffffffffa1f891ca>] __kmem_cache_alloc_node+0x1ca/0x2d0
[<ffffffffa1e57950>] __kmalloc+0x50/0x1a0
[<ffffffffc076640e>] create_ext_reg_rules_from_wmi+0x2e/0x430 [ath11k]
[<ffffffffc07705c4>] ath11k_pull_reg_chan_list_ext_update_ev+0x1d24/0x4f30 [ath11k]
[<ffffffffc07a4a44>] ath11k_reg_chan_list_event.isra.0+0x64/0xd0 [ath11k]
[<ffffffffc07a562f>] ath11k_wmi_tlv_op_rx+0xb7f/0x27e0 [ath11k]
[<ffffffffc07f3a54>] ath11k_htc_rx_completion_handler+0x3b4/0x6f0 [ath11k]
[<ffffffffc0838b3a>] ath11k_ce_recv_process_cb+0x5da/0x920 [ath11k]
[<ffffffffc0839b68>] ath11k_ce_per_engine_service+0xe8/0x130 [ath11k]
[<ffffffffc084ba75>] ath11k_pcic_ce_tasklet+0x65/0x120 [ath11k]
[<ffffffffa196df5c>] tasklet_action_common.isra.0+0x24c/0x3d0
[<ffffffffa196e12f>] tasklet_action+0x4f/0x70
[<ffffffffa448b355>] __do_softirq+0x1c5/0x867
unreferenced object 0xffff8881110f5f40 (size 64):
comm "softirq", pid 0, jiffies 4295335238 (age 79.439s)
hex dump (first 32 bytes):
32 14 82 14 50 00 17 00 00 02 00 00 82 14 d2 14 2...P...........
50 00 17 00 08 02 00 00 72 15 62 16 a0 00 1e 00 P.......r.b.....
backtrace:
[<ffffffffa1f891ca>] __kmem_cache_alloc_node+0x1ca/0x2d0
[<ffffffffa1e57950>] __kmalloc+0x50/0x1a0
[<ffffffffc076640e>] create_ext_reg_rules_from_wmi+0x2e/0x430 [ath11k]
[<ffffffffc07705c4>] ath11k_pull_reg_chan_list_ext_update_ev+0x1d24/0x4f30 [ath11k]
[<ffffffffc07a4a44>] ath11k_reg_chan_list_event.isra.0+0x64/0xd0 [ath11k]
[<ffffffffc07a562f>] ath11k_wmi_tlv_op_rx+0xb7f/0x27e0 [ath11k]
[<ffffffffc07f3a54>] ath11k_htc_rx_completion_handler+0x3b4/0x6f0 [ath11k]
[<ffffffffc0838b3a>] ath11k_ce_recv_process_cb+0x5da/0x920 [ath11k]
[<ffffffffc0839b68>] ath11k_ce_per_engine_service+0xe8/0x130 [ath11k]
[<ffffffffc084ba75>] ath11k_pcic_ce_tasklet+0x65/0x120 [ath11k]
[<ffffffffa196df5c>] tasklet_action_common.isra.0+0x24c/0x3d0
[<ffffffffa196e12f>] tasklet_action+0x4f/0x70
[<ffffffffa448b355>] __do_softirq+0x1c5/0x867

--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches