From: Johan Hovold <johan+linaro@kernel.org>
To: Kalle Valo <kvalo@kernel.org>
Cc: Jeff Johnson <quic_jjohnson@quicinc.com>,
ath11k@lists.infradead.org, linux-wireless@vger.kernel.org,
linux-kernel@vger.kernel.org,
Johan Hovold <johan+linaro@kernel.org>,
stable@vger.kernel.org
Subject: [PATCH v2 1/2] wifi: ath11k: fix temperature event locking
Date: Thu, 19 Oct 2023 17:31:14 +0200 [thread overview]
Message-ID: <20231019153115.26401-2-johan+linaro@kernel.org> (raw)
In-Reply-To: <20231019153115.26401-1-johan+linaro@kernel.org>
The ath11k active pdevs are protected by RCU but the temperature event
handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a
read-side critical section as reported by RCU lockdep:
=============================
WARNING: suspicious RCU usage
6.6.0-rc6 #7 Not tainted
-----------------------------
drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
no locks held by swapper/0/0.
...
Call trace:
...
lockdep_rcu_suspicious+0x16c/0x22c
ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k]
ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k]
ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k]
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Fixes: a41d10348b01 ("ath11k: add thermal sensor device support")
Cc: stable@vger.kernel.org # 5.7
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
drivers/net/wireless/ath/ath11k/wmi.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index 23ad6825e5be..da1582b8dc30 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -8383,14 +8383,17 @@ ath11k_wmi_pdev_temperature_event(struct ath11k_base *ab,
ath11k_dbg(ab, ATH11K_DBG_WMI, "event pdev temperature ev temp %d pdev_id %d\n",
ev->temp, ev->pdev_id);
+ rcu_read_lock();
+
ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id);
if (!ar) {
ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev->pdev_id);
- kfree(tb);
- return;
+ goto exit;
}
ath11k_thermal_event_temperature(ar, ev->temp);
+exit:
+ rcu_read_unlock();
kfree(tb);
}
--
2.41.0
WARNING: multiple messages have this Message-ID (diff)
From: Johan Hovold <johan+linaro@kernel.org>
To: Kalle Valo <kvalo@kernel.org>
Cc: Jeff Johnson <quic_jjohnson@quicinc.com>,
ath11k@lists.infradead.org, linux-wireless@vger.kernel.org,
linux-kernel@vger.kernel.org,
Johan Hovold <johan+linaro@kernel.org>,
stable@vger.kernel.org
Subject: [PATCH v2 1/2] wifi: ath11k: fix temperature event locking
Date: Thu, 19 Oct 2023 17:31:14 +0200 [thread overview]
Message-ID: <20231019153115.26401-2-johan+linaro@kernel.org> (raw)
In-Reply-To: <20231019153115.26401-1-johan+linaro@kernel.org>
The ath11k active pdevs are protected by RCU but the temperature event
handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a
read-side critical section as reported by RCU lockdep:
=============================
WARNING: suspicious RCU usage
6.6.0-rc6 #7 Not tainted
-----------------------------
drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
no locks held by swapper/0/0.
...
Call trace:
...
lockdep_rcu_suspicious+0x16c/0x22c
ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k]
ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k]
ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k]
Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.
Fixes: a41d10348b01 ("ath11k: add thermal sensor device support")
Cc: stable@vger.kernel.org # 5.7
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
drivers/net/wireless/ath/ath11k/wmi.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index 23ad6825e5be..da1582b8dc30 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -8383,14 +8383,17 @@ ath11k_wmi_pdev_temperature_event(struct ath11k_base *ab,
ath11k_dbg(ab, ATH11K_DBG_WMI, "event pdev temperature ev temp %d pdev_id %d\n",
ev->temp, ev->pdev_id);
+ rcu_read_lock();
+
ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id);
if (!ar) {
ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev->pdev_id);
- kfree(tb);
- return;
+ goto exit;
}
ath11k_thermal_event_temperature(ar, ev->temp);
+exit:
+ rcu_read_unlock();
kfree(tb);
}
--
2.41.0
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
next prev parent reply other threads:[~2023-10-19 15:33 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-19 15:31 [PATCH v2 0/2] wifi: ath11k: fix event locking Johan Hovold
2023-10-19 15:31 ` Johan Hovold
2023-10-19 15:31 ` Johan Hovold [this message]
2023-10-19 15:31 ` [PATCH v2 1/2] wifi: ath11k: fix temperature " Johan Hovold
2023-10-19 17:14 ` Jeff Johnson
2023-10-19 17:14 ` Jeff Johnson
2023-10-24 13:59 ` Kalle Valo
2023-10-24 13:59 ` Kalle Valo
2023-10-24 14:29 ` Johan Hovold
2023-10-24 14:29 ` Johan Hovold
2023-10-25 9:51 ` Kalle Valo
2023-10-25 9:51 ` Kalle Valo
2023-10-25 12:26 ` Johan Hovold
2023-10-25 12:26 ` Johan Hovold
2023-10-25 9:59 ` Kalle Valo
2023-10-25 9:59 ` Kalle Valo
2023-10-19 15:31 ` [PATCH v2 2/2] wifi: ath11k: fix dfs radar " Johan Hovold
2023-10-19 15:31 ` Johan Hovold
2023-10-24 14:07 ` [PATCH v2 0/2] wifi: ath11k: fix " Kalle Valo
2023-10-24 14:07 ` Kalle Valo
2023-10-24 15:17 ` Johan Hovold
2023-10-24 15:17 ` Johan Hovold
2024-01-13 10:26 ` ath11k: checking RCU usage Kalle Valo
2024-01-22 13:10 ` Johan Hovold
2024-01-22 14:04 ` Johan Hovold
2024-01-22 14:39 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231019153115.26401-2-johan+linaro@kernel.org \
--to=johan+linaro@kernel.org \
--cc=ath11k@lists.infradead.org \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=quic_jjohnson@quicinc.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.