[bug report] wifi: ath11k: add P2P IE in beacon template

Dan Carpenter dan.carpenter at linaro.org
Wed May 29 07:32:52 PDT 2024 

Hello Kang Yang,

Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")
from Feb 28, 2024 (linux-next), leads to the following Smatch static
checker warning:

	drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie()
	warn: sleeping in atomic context

drivers/net/wireless/ath/ath11k/wmi.c
    1712 int ath11k_wmi_p2p_go_bcn_ie(struct ath11k *ar, u32 vdev_id,
    1713                              const u8 *p2p_ie)
    1714 {
    1715         struct ath11k_pdev_wmi *wmi = ar->wmi;
    1716         struct wmi_p2p_go_set_beacon_ie_cmd *cmd;
    1717         size_t p2p_ie_len, aligned_len;
    1718         struct wmi_tlv *tlv;
    1719         struct sk_buff *skb;
    1720         int ret, len;
    1721 
    1722         p2p_ie_len = p2p_ie[1] + 2;
    1723         aligned_len = roundup(p2p_ie_len, 4);
    1724 
    1725         len = sizeof(*cmd) + TLV_HDR_SIZE + aligned_len;
    1726 
    1727         skb = ath11k_wmi_alloc_skb(wmi->wmi_ab, len);
    1728         if (!skb)
    1729                 return -ENOMEM;
    1730 
    1731         cmd = (struct wmi_p2p_go_set_beacon_ie_cmd *)skb->data;
    1732         cmd->tlv_header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_P2P_GO_SET_BEACON_IE) |
    1733                           FIELD_PREP(WMI_TLV_LEN, sizeof(*cmd) - TLV_HDR_SIZE);
    1734         cmd->vdev_id = vdev_id;
    1735         cmd->ie_buf_len = p2p_ie_len;
    1736 
    1737         tlv = (struct wmi_tlv *)cmd->tlv;
    1738         tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
    1739                       FIELD_PREP(WMI_TLV_LEN, aligned_len);
    1740         memcpy(tlv->value, p2p_ie, p2p_ie_len);
    1741 
--> 1742         ret = ath11k_wmi_cmd_send(wmi, skb, WMI_P2P_GO_SET_BEACON_IE);
                       ^^^^^^^^^^^^^^^^^^^
This is a might_sleep() function.

    1743         if (ret) {
    1744                 ath11k_warn(ar->ab, "failed to send WMI_P2P_GO_SET_BEACON_IE\n");
    1745                 dev_kfree_skb(skb);
    1746         }
    1747 
    1748         return ret;
    1749 }

The problematic call tree is:

ath11k_bcn_tx_status_event() <- disables preempt
-> ath11k_mac_bcn_tx_event()
   -> ath11k_mac_setup_bcn_tmpl()
      -> ath11k_mac_setup_bcn_tmpl_ema()
      -> ath11k_mac_setup_bcn_tmpl_mbssid()
         -> ath11k_mac_set_vif_params()
            -> ath11k_mac_setup_bcn_p2p_ie()
               -> ath11k_wmi_p2p_go_bcn_ie()

The ath11k_bcn_tx_status_event() function takes rcu_read_lock() which
disables preemption.  I don't know the code well enough to say if this
is a real bug...  If it's a false positive, just ignore it.  These are
one time emails.

See my blog for more details.
https://staticthinking.wordpress.com/2024/05/24/sleeping-in-atomic-warnings/

regards,
dan carpenter

More information about the ath11k mailing list