Wen Gong <quic_wgong@xxxxxxxxxxx> wrote:
> spin_lock/spin_unlock are used in ath11k_reg_chan_list_event to
> acquire/release ab->base_lock, for now this is safe because that
> function is only called in soft IRQ context.
>
> But ath11k_reg_chan_list_event() will be called from process
> context in an upcoming patch, and this can result in a deadlock if
> ab->base_lock is acquired in process context and then soft IRQ occurs
> on the same CPU and tries to acquire that lock.
>
> Fix it by using spin_lock_bh and spin_unlock_bh instead.
>
> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
>
> Fixes: 69a0fcf8a9f2 ("ath11k: Avoid reg rules update during firmware recovery")
> Signed-off-by: Baochen Qiang <quic_bqiang@xxxxxxxxxxx>
> Signed-off-by: Wen Gong <quic_wgong@xxxxxxxxxxx>
> Acked-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>
> Signed-off-by: Kalle Valo <quic_kvalo@xxxxxxxxxxx>
This patch seems to leak memory:
unreferenced object 0xffff8881110f5840 (size 64):
comm "softirq", pid 0, jiffies 4295335213 (age 79.445s)
hex dump (first 32 bytes):
32 14 82 14 50 00 17 00 00 02 00 00 82 14 d2 14 2...P...........
50 00 17 00 08 02 00 00 72 15 62 16 a0 00 1e 00 P.......r.b.....
backtrace:
[<ffffffffa1f891ca>] __kmem_cache_alloc_node+0x1ca/0x2d0
[<ffffffffa1e57950>] __kmalloc+0x50/0x1a0
[<ffffffffc076640e>] create_ext_reg_rules_from_wmi+0x2e/0x430 [ath11k]
[<ffffffffc07705c4>] ath11k_pull_reg_chan_list_ext_update_ev+0x1d24/0x4f30 [ath11k]
[<ffffffffc07a4a44>] ath11k_reg_chan_list_event.isra.0+0x64/0xd0 [ath11k]
[<ffffffffc07a562f>] ath11k_wmi_tlv_op_rx+0xb7f/0x27e0 [ath11k]
[<ffffffffc07f3a54>] ath11k_htc_rx_completion_handler+0x3b4/0x6f0 [ath11k]
[<ffffffffc0838b3a>] ath11k_ce_recv_process_cb+0x5da/0x920 [ath11k]
[<ffffffffc0839b68>] ath11k_ce_per_engine_service+0xe8/0x130 [ath11k]
[<ffffffffc084ba75>] ath11k_pcic_ce_tasklet+0x65/0x120 [ath11k]
[<ffffffffa196df5c>] tasklet_action_common.isra.0+0x24c/0x3d0
[<ffffffffa196e12f>] tasklet_action+0x4f/0x70
[<ffffffffa448b355>] __do_softirq+0x1c5/0x867
unreferenced object 0xffff8881110f5f40 (size 64):
comm "softirq", pid 0, jiffies 4295335238 (age 79.439s)
hex dump (first 32 bytes):
32 14 82 14 50 00 17 00 00 02 00 00 82 14 d2 14 2...P...........
50 00 17 00 08 02 00 00 72 15 62 16 a0 00 1e 00 P.......r.b.....
backtrace:
[<ffffffffa1f891ca>] __kmem_cache_alloc_node+0x1ca/0x2d0
[<ffffffffa1e57950>] __kmalloc+0x50/0x1a0
[<ffffffffc076640e>] create_ext_reg_rules_from_wmi+0x2e/0x430 [ath11k]
[<ffffffffc07705c4>] ath11k_pull_reg_chan_list_ext_update_ev+0x1d24/0x4f30 [ath11k]
[<ffffffffc07a4a44>] ath11k_reg_chan_list_event.isra.0+0x64/0xd0 [ath11k]
[<ffffffffc07a562f>] ath11k_wmi_tlv_op_rx+0xb7f/0x27e0 [ath11k]
[<ffffffffc07f3a54>] ath11k_htc_rx_completion_handler+0x3b4/0x6f0 [ath11k]
[<ffffffffc0838b3a>] ath11k_ce_recv_process_cb+0x5da/0x920 [ath11k]
[<ffffffffc0839b68>] ath11k_ce_per_engine_service+0xe8/0x130 [ath11k]
[<ffffffffc084ba75>] ath11k_pcic_ce_tasklet+0x65/0x120 [ath11k]
[<ffffffffa196df5c>] tasklet_action_common.isra.0+0x24c/0x3d0
[<ffffffffa196e12f>] tasklet_action+0x4f/0x70
[<ffffffffa448b355>] __do_softirq+0x1c5/0x867
--
https://patchwork.kernel.org/project/linux-wireless/patch/20230920082349.29111-4-quic_wgong@xxxxxxxxxxx/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
