Re: [PATCH] ath9k_htc: Add a missing spin_lock_init()

From: Rajat Asthana <rajatasthana4@gmail.com>
To: Kalle Valo <kvalo@codeaurora.org>
Cc: ath9k-devel@qca.qualcomm.com, davem@davemloft.net,
	kuba@kernel.org, linux-wireless@vger.kernel.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ath9k_htc: Add a missing spin_lock_init()
Date: Thu, 29 Jul 2021 00:32:38 +0530	[thread overview]
Message-ID: <738fa8cc-c9c4-66c1-e2ee-fe02caa7ef63@gmail.com> (raw)
In-Reply-To: <87y29qgbff.fsf@codeaurora.org>


On 28/07/21 12:41 pm, Kalle Valo wrote:
> Rajat Asthana <rajatasthana4@gmail.com> writes:
> 
>> Syzkaller reported a lockdep warning on non-initialized spinlock:
>>
>> INFO: trying to register non-static key.
>> The code is fine but needs lockdep annotation, or maybe
>> you didn't initialize this object before use?
>> turning off the locking correctness validator.
>> CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.13.0-rc4-syzkaller #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
>> Call Trace:
>>   __dump_stack lib/dump_stack.c:79 [inline]
>>   dump_stack+0x143/0x1db lib/dump_stack.c:120
>>   assign_lock_key kernel/locking/lockdep.c:937 [inline]
>>   register_lock_class+0x1077/0x1180 kernel/locking/lockdep.c:1249
>>   __lock_acquire+0x102/0x5230 kernel/locking/lockdep.c:4781
>>   lock_acquire kernel/locking/lockdep.c:5512 [inline]
>>   lock_acquire+0x19d/0x700 kernel/locking/lockdep.c:5477
>>   __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
>>   _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
>>   spin_lock_bh include/linux/spinlock.h:359 [inline]
>>   ath9k_wmi_event_tasklet+0x231/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:172
>>   tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:784
>>   __do_softirq+0x1b0/0x944 kernel/softirq.c:559
>>   run_ksoftirqd kernel/softirq.c:921 [inline]
>>   run_ksoftirqd+0x21/0x50 kernel/softirq.c:913
>>   smpboot_thread_fn+0x3ec/0x870 kernel/smpboot.c:165
>>   kthread+0x38c/0x460 kernel/kthread.c:313
>>   ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>>
>> We missed a spin_lock_init() in ath9k_wmi_event_tasklet() when the wmi
>> event is WMI_TXSTATUS_EVENTID. Placing this init here instead of
>> ath9k_init_wmi() is fine mainly because we need this spinlock when the
>> event is WMI_TXSTATUS_EVENTID and hence it should be initialized when it
>> is needed.
>>
>> Signed-off-by: Rajat Asthana <rajatasthana4@gmail.com>
>> ---
>>   drivers/net/wireless/ath/ath9k/wmi.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c
>> index fe29ad4b9023..446b7ca459df 100644
>> --- a/drivers/net/wireless/ath/ath9k/wmi.c
>> +++ b/drivers/net/wireless/ath/ath9k/wmi.c
>> @@ -169,6 +169,7 @@ void ath9k_wmi_event_tasklet(struct tasklet_struct *t)
>>   					     &wmi->drv_priv->fatal_work);
>>   			break;
>>   		case WMI_TXSTATUS_EVENTID:
>> +			spin_lock_init(&priv->tx.tx_lock);
>>   			spin_lock_bh(&priv->tx.tx_lock);
>>   			if (priv->tx.flags & ATH9K_HTC_OP_TX_DRAIN) {
>>   				spin_unlock_bh(&priv->tx.tx_lock);
> 
> This is not making sense to me. You need to elaborate in the commit log
> a lot more why this is "fine". For example, what happens when there are
> multiple WMI_TXSTATUS_EVENTID events?
> 
Thanks for the review!
Now that you mentioned the case when there are multiple 
WMI_TXSTATUS_EVENTID events, this doesn't make sense, as that will cause 
a race condition. This instead should be done in ath9k_init_wmi(). I 
will make this change in the v2 patch.

> Did you test this on a real device?
> 
No, I didn't test this on a real device. Syzkaller has a reproducer for 
this and I just relied on the fact that the reproducer did not reproduce 
the warning with this patch.