From: Kalle Valo <kvalo@kernel.org>
To: Jeff Johnson <quic_jjohnson@quicinc.com>
Cc: <ath12k@lists.infradead.org>, <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH 3/8] wifi: ath12k: Refactor sta state machine
Date: Tue, 29 Oct 2024 17:29:33 +0200 [thread overview]
Message-ID: <87a5engc6a.fsf@kernel.org> (raw)
In-Reply-To: <a4b92b80-ec57-4db3-acd7-9c6c7644d7c9@quicinc.com> (Jeff Johnson's message of "Wed, 23 Oct 2024 08:38:09 -0700")
Jeff Johnson <quic_jjohnson@quicinc.com> writes:
> On 10/23/2024 6:29 AM, Kalle Valo wrote:
>
>> +static void ath12k_mac_station_post_remove(struct ath12k *ar,
>> + struct ath12k_link_vif *arvif,
>> + struct ath12k_link_sta *arsta)
>> +{
>> + struct ieee80211_vif *vif = ath12k_ahvif_to_vif(arvif->ahvif);
>> + struct ieee80211_sta *sta = ath12k_ahsta_to_sta(arsta->ahsta);
>> + struct ath12k_sta *ahsta = arsta->ahsta;
>> + struct ath12k_peer *peer;
>> +
>> + lockdep_assert_wiphy(ath12k_ar_to_hw(ar)->wiphy);
>> +
>> + ath12k_mac_dec_num_stations(arvif, arsta);
>> +
>> + spin_lock_bh(&ar->ab->base_lock);
>> +
>> + peer = ath12k_peer_find(ar->ab, arvif->vdev_id, sta->addr);
>> + if (peer && peer->sta == sta) {
>> + ath12k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n",
>> + vif->addr, arvif->vdev_id);
>> + peer->sta = NULL;
>> + list_del(&peer->list);
>> + kfree(peer);
>> + ar->num_peers--;
>> + }
>> +
>> + spin_unlock_bh(&ar->ab->base_lock);
>> +
>> + kfree(arsta->rx_stats);
>> + arsta->rx_stats = NULL;
>> +
>> + if (arsta->link_id < IEEE80211_MLD_MAX_NUM_LINKS) {
>> + rcu_assign_pointer(ahsta->link[arsta->link_id], NULL);
>> + synchronize_rcu();
>
> I've mentioned this in the past in some internal discussion and seems now is a
> good time to bring this to light.
>
> It concerns me that this happens so late in the process. In theory another
> thread could already have a valid arsta pointer and could be trying to
> dereference that pointer while the code above is destroying underlying data
> (i.e. arsta->rx_stats).
>
> Should we set this to NULL and synchronize RCU at the beginning of the process
> so that we know all access to the struct has finished before we start
> destroying the data?
>
> Or can this not actually happen in practice due to other synchronization
> mechansims? And if so, should we document that somewhere?
I think you are correct, AFAICS the kfree(arsta->rx_stats) should be
after synchronize_rcu(). But this race was already in the code before
this patch so we need to fix in a separate patch. I have added this to
my todo list.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2024-10-29 17:35 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-23 13:29 [PATCH 0/8] wifi: ath12k: MLO support part 2 Kalle Valo
2024-10-23 13:29 ` [PATCH 1/8] wifi: ath12k: ath12k_mac_vdev_create(): use goto for error handling Kalle Valo
2024-10-23 15:01 ` Jeff Johnson
2024-10-24 17:21 ` Kalle Valo
2024-10-23 13:29 ` [PATCH 2/8] wifi: ath12k: MLO vdev bringup changes Kalle Valo
2024-10-23 15:19 ` Jeff Johnson
2024-10-24 18:10 ` Kalle Valo
2024-10-23 13:29 ` [PATCH 3/8] wifi: ath12k: Refactor sta state machine Kalle Valo
2024-10-23 15:38 ` Jeff Johnson
2024-10-29 15:29 ` Kalle Valo [this message]
2024-10-29 15:35 ` Jeff Johnson
2024-10-29 15:38 ` Kalle Valo
2024-10-30 4:05 ` Aditya Kumar Singh
2024-10-30 18:28 ` Kalle Valo
2024-10-30 18:39 ` Jeff Johnson
2024-10-24 2:58 ` Baochen Qiang
2024-10-26 9:08 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 4/8] wifi: ath12k: introduce ath12k_hw_warn() Kalle Valo
2024-10-23 15:38 ` Jeff Johnson
2024-10-29 15:41 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 5/8] wifi: ath12k: Add helpers for multi link peer creation and deletion Kalle Valo
2024-10-23 15:43 ` Jeff Johnson
2024-10-26 9:09 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 6/8] wifi: ath12k: add multi-link flag in peer create command Kalle Valo
2024-10-23 15:54 ` Jeff Johnson
2024-10-29 15:54 ` Kalle Valo
2024-10-29 16:01 ` Jeff Johnson
2024-10-29 16:04 ` Jeff Johnson
2024-11-01 14:06 ` Kalle Valo
2024-11-01 15:37 ` Jeff Johnson
2024-10-23 13:30 ` [PATCH 7/8] wifi: ath12k: add helper to find multi-link station Kalle Valo
2024-10-23 16:01 ` Jeff Johnson
2024-10-29 16:02 ` Kalle Valo
2024-11-01 14:33 ` Kalle Valo
2024-10-23 13:30 ` [PATCH 8/8] wifi: ath12k: Add MLO peer assoc command support Kalle Valo
2024-10-23 16:10 ` Jeff Johnson
2024-10-29 16:05 ` Kalle Valo
2024-10-29 16:10 ` Jeff Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5engc6a.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=ath12k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=quic_jjohnson@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox