From: Johan Hovold <johan+linaro@kernel.org> To: Kalle Valo <kvalo@kernel.org> Cc: Jeff Johnson <quic_jjohnson@quicinc.com>, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Johan Hovold <johan+linaro@kernel.org>, stable@vger.kernel.org Subject: [PATCH v2 1/2] wifi: ath11k: fix temperature event locking Date: Thu, 19 Oct 2023 17:31:14 +0200 [thread overview] Message-ID: <20231019153115.26401-2-johan+linaro@kernel.org> (raw) In-Reply-To: <20231019153115.26401-1-johan+linaro@kernel.org> The ath11k active pdevs are protected by RCU but the temperature event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section as reported by RCU lockdep: ============================= WARNING: suspicious RCU usage 6.6.0-rc6 #7 Not tainted ----------------------------- drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by swapper/0/0. ... Call trace: ... lockdep_rcu_suspicious+0x16c/0x22c ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Fixes: a41d10348b01 ("ath11k: add thermal sensor device support") Cc: stable@vger.kernel.org # 5.7 Signed-off-by: Johan Hovold <johan+linaro@kernel.org> --- drivers/net/wireless/ath/ath11k/wmi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c index 23ad6825e5be..da1582b8dc30 100644 --- a/drivers/net/wireless/ath/ath11k/wmi.c +++ b/drivers/net/wireless/ath/ath11k/wmi.c @@ -8383,14 +8383,17 @@ ath11k_wmi_pdev_temperature_event(struct ath11k_base *ab, ath11k_dbg(ab, ATH11K_DBG_WMI, "event pdev temperature ev temp %d pdev_id %d\n", ev->temp, ev->pdev_id); + rcu_read_lock(); + ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id); if (!ar) { ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev->pdev_id); - kfree(tb); - return; + goto exit; } ath11k_thermal_event_temperature(ar, ev->temp); +exit: + rcu_read_unlock(); kfree(tb); } -- 2.41.0
WARNING: multiple messages have this Message-ID (diff)
From: Johan Hovold <johan+linaro@kernel.org> To: Kalle Valo <kvalo@kernel.org> Cc: Jeff Johnson <quic_jjohnson@quicinc.com>, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Johan Hovold <johan+linaro@kernel.org>, stable@vger.kernel.org Subject: [PATCH v2 1/2] wifi: ath11k: fix temperature event locking Date: Thu, 19 Oct 2023 17:31:14 +0200 [thread overview] Message-ID: <20231019153115.26401-2-johan+linaro@kernel.org> (raw) In-Reply-To: <20231019153115.26401-1-johan+linaro@kernel.org> The ath11k active pdevs are protected by RCU but the temperature event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section as reported by RCU lockdep: ============================= WARNING: suspicious RCU usage 6.6.0-rc6 #7 Not tainted ----------------------------- drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by swapper/0/0. ... Call trace: ... lockdep_rcu_suspicious+0x16c/0x22c ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Fixes: a41d10348b01 ("ath11k: add thermal sensor device support") Cc: stable@vger.kernel.org # 5.7 Signed-off-by: Johan Hovold <johan+linaro@kernel.org> --- drivers/net/wireless/ath/ath11k/wmi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c index 23ad6825e5be..da1582b8dc30 100644 --- a/drivers/net/wireless/ath/ath11k/wmi.c +++ b/drivers/net/wireless/ath/ath11k/wmi.c @@ -8383,14 +8383,17 @@ ath11k_wmi_pdev_temperature_event(struct ath11k_base *ab, ath11k_dbg(ab, ATH11K_DBG_WMI, "event pdev temperature ev temp %d pdev_id %d\n", ev->temp, ev->pdev_id); + rcu_read_lock(); + ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id); if (!ar) { ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev->pdev_id); - kfree(tb); - return; + goto exit; } ath11k_thermal_event_temperature(ar, ev->temp); +exit: + rcu_read_unlock(); kfree(tb); } -- 2.41.0 -- ath11k mailing list ath11k@lists.infradead.org http://lists.infradead.org/mailman/listinfo/ath11k
next prev parent reply other threads:[~2023-10-19 15:33 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-10-19 15:31 [PATCH v2 0/2] wifi: ath11k: fix event locking Johan Hovold 2023-10-19 15:31 ` Johan Hovold 2023-10-19 15:31 ` Johan Hovold [this message] 2023-10-19 15:31 ` [PATCH v2 1/2] wifi: ath11k: fix temperature " Johan Hovold 2023-10-19 17:14 ` Jeff Johnson 2023-10-19 17:14 ` Jeff Johnson 2023-10-24 13:59 ` Kalle Valo 2023-10-24 13:59 ` Kalle Valo 2023-10-24 14:29 ` Johan Hovold 2023-10-24 14:29 ` Johan Hovold 2023-10-25 9:51 ` Kalle Valo 2023-10-25 9:51 ` Kalle Valo 2023-10-25 12:26 ` Johan Hovold 2023-10-25 12:26 ` Johan Hovold 2023-10-25 9:59 ` Kalle Valo 2023-10-25 9:59 ` Kalle Valo 2023-10-19 15:31 ` [PATCH v2 2/2] wifi: ath11k: fix dfs radar " Johan Hovold 2023-10-19 15:31 ` Johan Hovold 2023-10-24 14:07 ` [PATCH v2 0/2] wifi: ath11k: fix " Kalle Valo 2023-10-24 14:07 ` Kalle Valo 2023-10-24 15:17 ` Johan Hovold 2023-10-24 15:17 ` Johan Hovold 2024-01-13 10:26 ` ath11k: checking RCU usage Kalle Valo 2024-01-22 13:10 ` Johan Hovold 2024-01-22 14:04 ` Johan Hovold 2024-01-22 14:39 ` Kalle Valo
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20231019153115.26401-2-johan+linaro@kernel.org \ --to=johan+linaro@kernel.org \ --cc=ath11k@lists.infradead.org \ --cc=kvalo@kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-wireless@vger.kernel.org \ --cc=quic_jjohnson@quicinc.com \ --cc=stable@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.