Re: [PATCH] ath9k_htc: Add a missing spin_lock_init()

[Kalle Valo <kvalo@codeaurora.org>]

Rajat Asthana <rajatasthana4@gmail.com> writes:

> Syzkaller reported a lockdep warning on non-initialized spinlock:
>
> INFO: trying to register non-static key.
> The code is fine but needs lockdep annotation, or maybe
> you didn't initialize this object before use?
> turning off the locking correctness validator.
> CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.13.0-rc4-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:79 [inline]
>  dump_stack+0x143/0x1db lib/dump_stack.c:120
>  assign_lock_key kernel/locking/lockdep.c:937 [inline]
>  register_lock_class+0x1077/0x1180 kernel/locking/lockdep.c:1249
>  __lock_acquire+0x102/0x5230 kernel/locking/lockdep.c:4781
>  lock_acquire kernel/locking/lockdep.c:5512 [inline]
>  lock_acquire+0x19d/0x700 kernel/locking/lockdep.c:5477
>  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
>  _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
>  spin_lock_bh include/linux/spinlock.h:359 [inline]
>  ath9k_wmi_event_tasklet+0x231/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:172
>  tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:784
>  __do_softirq+0x1b0/0x944 kernel/softirq.c:559
>  run_ksoftirqd kernel/softirq.c:921 [inline]
>  run_ksoftirqd+0x21/0x50 kernel/softirq.c:913
>  smpboot_thread_fn+0x3ec/0x870 kernel/smpboot.c:165
>  kthread+0x38c/0x460 kernel/kthread.c:313
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
>
> We missed a spin_lock_init() in ath9k_wmi_event_tasklet() when the wmi
> event is WMI_TXSTATUS_EVENTID. Placing this init here instead of
> ath9k_init_wmi() is fine mainly because we need this spinlock when the
> event is WMI_TXSTATUS_EVENTID and hence it should be initialized when it
> is needed.
>
> Signed-off-by: Rajat Asthana <rajatasthana4@gmail.com>
> ---
>  drivers/net/wireless/ath/ath9k/wmi.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c
> index fe29ad4b9023..446b7ca459df 100644
> --- a/drivers/net/wireless/ath/ath9k/wmi.c
> +++ b/drivers/net/wireless/ath/ath9k/wmi.c
> @@ -169,6 +169,7 @@ void ath9k_wmi_event_tasklet(struct tasklet_struct *t)
>  					     &wmi->drv_priv->fatal_work);
>  			break;
>  		case WMI_TXSTATUS_EVENTID:
> +			spin_lock_init(&priv->tx.tx_lock);
>  			spin_lock_bh(&priv->tx.tx_lock);
>  			if (priv->tx.flags & ATH9K_HTC_OP_TX_DRAIN) {
>  				spin_unlock_bh(&priv->tx.tx_lock);

This is not making sense to me. You need to elaborate in the commit log
a lot more why this is "fine". For example, what happens when there are
multiple WMI_TXSTATUS_EVENTID events?

Did you test this on a real device?

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches