On 8/30/2024 5:02 AM, Jiawei Ye wrote: > In the `ath11k_debugfs_htt_ext_stats_handler` function, the `ar` pointer > obtained via RCU lock is accessed after the RCU read-side critical > section might be unlocked. According to RCU usage rules, this is illegal. > Reusing this pointer can lead to unpredictable behavior, including > accessing memory that has been updated or causing use-after-free issues. > The `ath12k_debugfs_htt_ext_stats_handler` function in the > `drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c` file provides a good > example to follow for addressing this issue. > > This possible bug was identified using a static analysis tool developed > by myself, specifically designed to detect RCU-related issues. > > To address this issue, the RCU read lock is now kept until all accesses > to the `ar` pointer are completed. A `goto exit` statement is introduced > to ensure that the RCU read unlock is called appropriately, regardless of > the function's exit path. This analysis is incorrect since ar is not an RCU-protected structure The rcu_read_lock() is required internally within ath11k_mac_get_ar_by_pdev_id() when retrieving the RCU-protected pdev pointer. So NAK this patch.
