From: Kalle Valo <kvalo@kernel.org>
To: Jeff Johnson <quic_jjohnson@quicinc.com>
Cc: <ath12k@lists.infradead.org>, <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH 3/8] wifi: ath12k: Refactor sta state machine
Date: Tue, 29 Oct 2024 17:29:33 +0200 [thread overview]
Message-ID: <87a5engc6a.fsf@kernel.org> (raw)
In-Reply-To: <a4b92b80-ec57-4db3-acd7-9c6c7644d7c9@quicinc.com> (Jeff Johnson's message of "Wed, 23 Oct 2024 08:38:09 -0700")
Jeff Johnson <quic_jjohnson@quicinc.com> writes:
> On 10/23/2024 6:29 AM, Kalle Valo wrote:
>
>> +static void ath12k_mac_station_post_remove(struct ath12k *ar,
>> + struct ath12k_link_vif *arvif,
>> + struct ath12k_link_sta *arsta)
>> +{
>> + struct ieee80211_vif *vif = ath12k_ahvif_to_vif(arvif->ahvif);
>> + struct ieee80211_sta *sta = ath12k_ahsta_to_sta(arsta->ahsta);
>> + struct ath12k_sta *ahsta = arsta->ahsta;
>> + struct ath12k_peer *peer;
>> +
>> + lockdep_assert_wiphy(ath12k_ar_to_hw(ar)->wiphy);
>> +
>> + ath12k_mac_dec_num_stations(arvif, arsta);
>> +
>> + spin_lock_bh(&ar->ab->base_lock);
>> +
>> + peer = ath12k_peer_find(ar->ab, arvif->vdev_id, sta->addr);
>> + if (peer && peer->sta == sta) {
>> + ath12k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n",
>> + vif->addr, arvif->vdev_id);
>> + peer->sta = NULL;
>> + list_del(&peer->list);
>> + kfree(peer);
>> + ar->num_peers--;
>> + }
>> +
>> + spin_unlock_bh(&ar->ab->base_lock);
>> +
>> + kfree(arsta->rx_stats);
>> + arsta->rx_stats = NULL;
>> +
>> + if (arsta->link_id < IEEE80211_MLD_MAX_NUM_LINKS) {
>> + rcu_assign_pointer(ahsta->link[arsta->link_id], NULL);
>> + synchronize_rcu();
>
> I've mentioned this in the past in some internal discussion and seems now is a
> good time to bring this to light.
>
> It concerns me that this happens so late in the process. In theory another
> thread could already have a valid arsta pointer and could be trying to
> dereference that pointer while the code above is destroying underlying data
> (i.e. arsta->rx_stats).
>
> Should we set this to NULL and synchronize RCU at the beginning of the process
> so that we know all access to the struct has finished before we start
> destroying the data?
>
> Or can this not actually happen in practice due to other synchronization
> mechansims? And if so, should we document that somewhere?
I think you are correct, AFAICS the kfree(arsta->rx_stats) should be
after synchronize_rcu(). But this race was already in the code before
this patch so we need to fix in a separate patch. I have added this to
my todo list.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2024-10-29 17:35 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-23 13:29 [PATCH 0/8] wifi: ath12k: MLO support part 2 Kalle Valo
2024-10-23 13:29 ` [PATCH 1/8] wifi: ath12k: ath12k_mac_vdev_create(): use goto for error handling Kalle Valo
2024-10-23 15:01 ` Jeff Johnson
2024-10-24 17:21 ` Kalle Valo
2024-10-23 13:29 ` [PATCH 2/8] wifi: ath12k: MLO vdev bringup changes Kalle Valo
2024-10-23 15:19 ` Jeff Johnson
2024-10-24 18:10 ` Kalle Valo
2024-10-23 13:29 ` [PATCH 3/8] wifi: ath12k: Refactor sta state machine Kalle Valo
2024-10-23 15:38 ` Jeff Johnson
2024-10-29 15:29 ` Kalle Valo [this message]
2024-10-29 15:35 ` Jeff Johnson
2024-10-29 15:38 ` Kalle Valo
2024-10-30 4:05 ` Aditya Kumar Singh
2024-10-30 18:28 ` Kalle Valo
2024-10-30 18:39 ` Jeff Johnson
2024-10-24 2:58 ` Baochen Qiang
2024-10-26 9:08 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 4/8] wifi: ath12k: introduce ath12k_hw_warn() Kalle Valo
2024-10-23 15:38 ` Jeff Johnson
2024-10-29 15:41 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 5/8] wifi: ath12k: Add helpers for multi link peer creation and deletion Kalle Valo
2024-10-23 15:43 ` Jeff Johnson
2024-10-26 9:09 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 6/8] wifi: ath12k: add multi-link flag in peer create command Kalle Valo
2024-10-23 15:54 ` Jeff Johnson
2024-10-29 15:54 ` Kalle Valo
2024-10-29 16:01 ` Jeff Johnson
2024-10-29 16:04 ` Jeff Johnson
2024-11-01 14:06 ` Kalle Valo
2024-11-01 15:37 ` Jeff Johnson
2024-10-24 1:22 ` Ping-Ke Shih
2024-10-23 13:30 ` [PATCH 7/8] wifi: ath12k: add helper to find multi-link station Kalle Valo
2024-10-23 16:01 ` Jeff Johnson
2024-10-29 16:02 ` Kalle Valo
2024-11-01 14:33 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 8/8] wifi: ath12k: Add MLO peer assoc command support Kalle Valo
2024-10-23 16:10 ` Jeff Johnson
2024-10-29 16:05 ` Kalle Valo
2024-10-29 16:10 ` Jeff Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5engc6a.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=ath12k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=quic_jjohnson@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.