* [PATCH ath-next] wifi: ath12k: fix error handling in creating hardware group
@ 2025-10-30 2:08 Baochen Qiang
2025-10-30 16:59 ` Vasanthakumar Thiagarajan
2025-10-30 21:57 ` Jeff Johnson
0 siblings, 2 replies; 3+ messages in thread
From: Baochen Qiang @ 2025-10-30 2:08 UTC (permalink / raw)
To: Jeff Johnson; +Cc: linux-wireless, ath12k, a-development, Baochen Qiang
In ath12k_core_init() when ath12k_core_hw_group_create() fails,
ath12k_core_hw_group_destroy() is called where for each device below
path would get executed
ath12k_core_soc_destroy()
ath12k_qmi_deinit_service()
qmi_handle_release()
This results in kernel crash in case one of the device fails at
qmi_handle_init() when creating hardware group:
ath12k_pci 0000:10:00.0: failed to initialize qmi handle
ath12k_pci 0000:10:00.0: failed to initialize qmi :-517
ath12k_pci 0000:10:00.0: failed to create soc core: -517
ath12k_pci 0000:10:00.0: unable to create hw group
BUG: unable to handle page fault for address: ffffffffffffffb7
RIP: 0010:qmi_handle_release
Call Trace:
<TASK>
ath12k_qmi_deinit_service
ath12k_core_hw_group_destroy
ath12k_core_init
ath12k_pci_probe
The detailed reason is, when qmi_handle_init() fails for a device
ab->qmi.handle is not correctly initialized. Then
ath12k_core_hw_group_create() returns failure, since error handing
is done for all device, eventually qmi_handle_release() is called for the
issue device and finally kernel crashes due to the uninitialized
ab->qmi.handle.
Fix this by moving error handling to ath12k_core_hw_group_create(), this
way the issue device can be skipped.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284.1-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Fixes: 6f245ea0ec6c ("wifi: ath12k: introduce device group abstraction")
Link: https://lore.kernel.org/ath12k/fabc97122016d1a66a53ddedd965d134@posteo.net
Reported-by: a-development <a-development@posteo.de>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220518
Tested-by: a-development <a-development@posteo.de>
Signed-off-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
---
drivers/net/wireless/ath/ath12k/core.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/core.c b/drivers/net/wireless/ath/ath12k/core.c
index 5d494c5cdc0da3189640751b8d191fa939ac3ff5..a2137b363c2fea4deef724b682c1e41788777c06 100644
--- a/drivers/net/wireless/ath/ath12k/core.c
+++ b/drivers/net/wireless/ath/ath12k/core.c
@@ -2106,14 +2106,27 @@ static int ath12k_core_hw_group_create(struct ath12k_hw_group *ag)
ret = ath12k_core_soc_create(ab);
if (ret) {
mutex_unlock(&ab->core_lock);
- ath12k_err(ab, "failed to create soc core: %d\n", ret);
- return ret;
+ ath12k_err(ab, "failed to create soc %d core: %d\n", i, ret);
+ goto destroy;
}
mutex_unlock(&ab->core_lock);
}
return 0;
+
+destroy:
+ for (i--; i >= 0; i--) {
+ ab = ag->ab[i];
+ if (!ab)
+ continue;
+
+ mutex_lock(&ab->core_lock);
+ ath12k_core_soc_destroy(ab);
+ mutex_unlock(&ab->core_lock);
+ }
+
+ return ret;
}
void ath12k_core_hw_group_set_mlo_capable(struct ath12k_hw_group *ag)
@@ -2188,7 +2201,7 @@ int ath12k_core_init(struct ath12k_base *ab)
if (ret) {
mutex_unlock(&ag->mutex);
ath12k_warn(ab, "unable to create hw group\n");
- goto err_destroy_hw_group;
+ goto err_unassign_hw_group;
}
}
@@ -2196,8 +2209,7 @@ int ath12k_core_init(struct ath12k_base *ab)
return 0;
-err_destroy_hw_group:
- ath12k_core_hw_group_destroy(ab->ag);
+err_unassign_hw_group:
ath12k_core_hw_group_unassign(ab);
err_unregister_notifier:
ath12k_core_panic_notifier_unregister(ab);
---
base-commit: 43d31f3f26f766f357e95513ba75c5126ce17d4b
change-id: 20250902-fix-hw-group-create-err-handling-58ff01c84d78
Best regards,
--
Baochen Qiang <baochen.qiang@oss.qualcomm.com>
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH ath-next] wifi: ath12k: fix error handling in creating hardware group
2025-10-30 2:08 [PATCH ath-next] wifi: ath12k: fix error handling in creating hardware group Baochen Qiang
@ 2025-10-30 16:59 ` Vasanthakumar Thiagarajan
2025-10-30 21:57 ` Jeff Johnson
1 sibling, 0 replies; 3+ messages in thread
From: Vasanthakumar Thiagarajan @ 2025-10-30 16:59 UTC (permalink / raw)
To: Baochen Qiang, Jeff Johnson; +Cc: linux-wireless, ath12k, a-development
On 10/30/2025 7:38 AM, Baochen Qiang wrote:
> In ath12k_core_init() when ath12k_core_hw_group_create() fails,
> ath12k_core_hw_group_destroy() is called where for each device below
> path would get executed
>
> ath12k_core_soc_destroy()
> ath12k_qmi_deinit_service()
> qmi_handle_release()
>
> This results in kernel crash in case one of the device fails at
> qmi_handle_init() when creating hardware group:
>
> ath12k_pci 0000:10:00.0: failed to initialize qmi handle
> ath12k_pci 0000:10:00.0: failed to initialize qmi :-517
> ath12k_pci 0000:10:00.0: failed to create soc core: -517
> ath12k_pci 0000:10:00.0: unable to create hw group
> BUG: unable to handle page fault for address: ffffffffffffffb7
> RIP: 0010:qmi_handle_release
> Call Trace:
> <TASK>
> ath12k_qmi_deinit_service
> ath12k_core_hw_group_destroy
> ath12k_core_init
> ath12k_pci_probe
>
> The detailed reason is, when qmi_handle_init() fails for a device
> ab->qmi.handle is not correctly initialized. Then
> ath12k_core_hw_group_create() returns failure, since error handing
> is done for all device, eventually qmi_handle_release() is called for the
> issue device and finally kernel crashes due to the uninitialized
> ab->qmi.handle.
>
> Fix this by moving error handling to ath12k_core_hw_group_create(), this
> way the issue device can be skipped.
>
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284.1-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
>
> Fixes: 6f245ea0ec6c ("wifi: ath12k: introduce device group abstraction")
> Link: https://lore.kernel.org/ath12k/fabc97122016d1a66a53ddedd965d134@posteo.net
> Reported-by: a-development <a-development@posteo.de>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220518
> Tested-by: a-development <a-development@posteo.de>
> Signed-off-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH ath-next] wifi: ath12k: fix error handling in creating hardware group
2025-10-30 2:08 [PATCH ath-next] wifi: ath12k: fix error handling in creating hardware group Baochen Qiang
2025-10-30 16:59 ` Vasanthakumar Thiagarajan
@ 2025-10-30 21:57 ` Jeff Johnson
1 sibling, 0 replies; 3+ messages in thread
From: Jeff Johnson @ 2025-10-30 21:57 UTC (permalink / raw)
To: Jeff Johnson, Baochen Qiang; +Cc: linux-wireless, ath12k, a-development
On Thu, 30 Oct 2025 10:08:43 +0800, Baochen Qiang wrote:
> In ath12k_core_init() when ath12k_core_hw_group_create() fails,
> ath12k_core_hw_group_destroy() is called where for each device below
> path would get executed
>
> ath12k_core_soc_destroy()
> ath12k_qmi_deinit_service()
> qmi_handle_release()
>
> [...]
Applied, thanks!
[1/1] wifi: ath12k: fix error handling in creating hardware group
commit: 088a099690e4c0d291db505013317ab5dd58b4d5
Best regards,
--
Jeff Johnson <jeff.johnson@oss.qualcomm.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-10-30 21:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-30 2:08 [PATCH ath-next] wifi: ath12k: fix error handling in creating hardware group Baochen Qiang
2025-10-30 16:59 ` Vasanthakumar Thiagarajan
2025-10-30 21:57 ` Jeff Johnson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).