From: Kalle Valo <kvalo@kernel.org>
To: Kang Yang <quic_kangyang@quicinc.com>
Cc: <ath11k@lists.infradead.org>, <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH v4 1/2] wifi: ath11k: move update channel list from update reg worker to reg notifier
Date: Tue, 17 Dec 2024 16:46:00 +0200 [thread overview]
Message-ID: <87frmmmkpj.fsf@kernel.org> (raw)
In-Reply-To: <20241213093909.629-2-quic_kangyang@quicinc.com> (Kang Yang's message of "Fri, 13 Dec 2024 17:39:08 +0800")
Kang Yang <quic_kangyang@quicinc.com> writes:
> From: Wen Gong <quic_wgong@quicinc.com>
>
> Currently when ath11k gets new channel list, it will mainly do two things
> in ath11k_regd_update():
> 1. update channel list to cfg80211 by reg_work.
> 2. update cfg80211's channel list to firmware by
> ath11k_reg_update_chan_list().
>
> Flow:
> ath11k_regd_update
> ->regulatory_set_wiphy_regd
> -> schedule_work(®_work)
> ->reg_work->reg_process_self_managed_hint
> ->handle_band_custom(update to cfg80211)
> -> ath11k_reg_update_chan_list(update to firmware)
>
> But ath11k_reg_update_chan_list() is immediately called after reg_work
> is queued. They are running in different threads. At this time,
> ath11k_reg_update_chan_list() may use a wrong channel list because
> handle_band_custom() may not be finished.
> This may result in out-of-bounds write errors:
> BUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list
> Call Trace:
> ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]
> kfree+0x109/0x3a0
> ath11k_regd_update+0x1cf/0x350 [ath11k]
> ath11k_regd_update_work+0x14/0x20 [ath11k]
> process_one_work+0xe35/0x14c0
>
> So should make sure ath11k_reg_update_chan_list() is called after
> handle_band_custom() is finished.
>
> reg_process_self_managed_hint() will call reg_call_notifier() after
> handle_band_custom(). This function will call ath11k_reg_notifier(), so
> move ath11k_reg_update_chan_list() to ath11k_reg_notifier(). Then
> ath11k can update correct channel list to firmware.
>
> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
>
> Fixes: f45cb6b29cd3 ("wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update()")
> Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
> Signed-off-by: Kang Yang <quic_kangyang@quicinc.com>
I think the commit message should be completely rewritten, the idea here
is not to list functions and their call orders.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2024-12-17 14:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-13 9:39 [PATCH v4 0/2] wifi: ath11k: fix data out of sync for channel list for reg update Kang Yang
2024-12-13 9:39 ` [PATCH v4 1/2] wifi: ath11k: move update channel list from update reg worker to reg notifier Kang Yang
2024-12-17 14:46 ` Kalle Valo [this message]
2024-12-13 9:39 ` [PATCH v4 2/2] wifi: ath11k: move update channel list to worker when wait flag is set Kang Yang
2024-12-17 14:53 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87frmmmkpj.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=ath11k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=quic_kangyang@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.