[PATCH v2 0/5] wifi: ath12k: Add support to enable debugfs_htt_stats

Ramya Gnanasekar quic_rgnanase at quicinc.com
Mon May 27 03:44:22 PDT 2024 


On 5/21/2024 1:10 PM, Kalle Valo wrote:
> Ramya Gnanasekar <quic_rgnanase at quicinc.com> writes:
> 
>> Bring in the basic infrastructure necessary for enabling htt_stats via debugfs.
>> Patch series bring support to request stats type to firmware, dump the stats
>> and request to reset the stats from firmware.
>>
>> Schema with one ath12k device:
>>
>> ath12k
>> `-- pci-0000:06:00.0
>>     |-- mac0
>>         `-- htt_stats
>>         |-- htt_stats_type
>>         |-- htt_stats_reset
>>
>> Dinesh Karthikeyan (3):
>>   wifi: ath12k: Add support to enable debugfs_htt_stats
>>   wifi: ath12k: Add htt_stats_dump file ops support
>>   wifi: ath12k: Add support to parse requested stats_type
>>
>> Lingbo Kong (1):
>>   wifi: ath12k: Fix Pdev id in HTT stats request for WCN7850
>>
>> Ramya Gnanasekar (1):
>>   wifi: ath12k: Dump additional Tx PDEV HTT stats
> 
> I did a quick test with WCN7850:
> 
> cd /sys/kernel/debug/ath12k/pci-0000:06:00.0/mac0
> echo 1 > htt_stats_type 
> cat htt_stats
> 
> And in the dmesg I see:
> 
> [  178.634501] ==================================================================
> [  178.634870] BUG: KASAN: slab-out-of-bounds in skip_spaces+0x105/0x110
> [  178.635156] Read of size 1 at addr ffff888109d4696a by task bash/1474
> [  178.635367] 
> [  178.635513] CPU: 1 PID: 1474 Comm: bash Not tainted 6.9.0-wt-ath+ #1523
> [  178.635747] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
> [  178.636078] Call Trace:
> [  178.636238]  <TASK>
> [  178.636393]  dump_stack_lvl+0x7d/0xe0
> [  178.636578]  print_address_description.constprop.0+0x33/0x3a0
> [  178.636786]  print_report+0xb5/0x260
> [  178.637004]  ? kasan_complete_mode_report_info+0x3c/0x1a0
> [  178.637211]  kasan_report+0xd8/0x110
> [  178.637353]  ? skip_spaces+0x105/0x110
> [  178.637392]  ? skip_spaces+0x105/0x110
> [  178.637433]  __asan_report_load1_noabort+0x14/0x20
> [  178.637488]  skip_spaces+0x105/0x110
> [  178.637526]  vsscanf+0x3e9/0x3100
> [  178.637573]  ? ip6_compressed_string+0xb80/0xb80
> [  178.637614]  ? debug_smp_processor_id+0x17/0x20
> [  178.637655]  ? __lock_release.isra.0+0x49c/0xae0
> [  178.637696]  ? reacquire_held_locks+0x4d0/0x4d0
> [  178.637736]  ? lock_sync+0x1a0/0x1a0
> [  178.637774]  sscanf+0xa6/0xd0
> [  178.637809]  ? vsscanf+0x3100/0x3100
> [  178.637846]  ? __might_fault+0x119/0x170
> [  178.637933]  ? __might_fault+0xc0/0x170
> [  178.637983]  ? __kasan_check_write+0x14/0x20
> [  178.638023]  ath12k_write_htt_stats_type+0x122/0x330 [ath12k]
> [  178.638092]  ? ath12k_open_htt_stats+0xbe0/0xbe0 [ath12k]
> [  178.638515]  full_proxy_write+0xf8/0x180
> [  178.638563]  vfs_write+0x220/0x1200
> [  178.638601]  ? do_user_addr_fault+0x3f5/0xbb0
> [  178.638640]  ? reacquire_held_locks+0x220/0x4d0
> [  178.638680]  ? kernel_write+0x680/0x680
> [  178.638720]  ? __kasan_check_read+0x11/0x20
> [  178.638757]  ? __fget_light+0x53/0x1e0
> [  178.638796]  ksys_write+0x10e/0x230
> [  178.638833]  ? __ia32_sys_read+0xa0/0xa0
> [  178.638917]  ? debug_smp_processor_id+0x17/0x20
> [  178.638959]  __x64_sys_write+0x6d/0xa0
> [  178.638997]  ? lockdep_hardirqs_on+0x7d/0x100
> [  178.639036]  x64_sys_call+0x9cf/0x9e0
> [  178.639073]  do_syscall_64+0x65/0x130
> [  178.639111]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
> [  178.639721] RIP: 0033:0x7f35ca96b297
> [  178.640363] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
> [  178.641642] RSP: 002b:00007fff7addfa38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
> [  178.642327] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f35ca96b297
> [  178.643013] RDX: 0000000000000002 RSI: 000055c737df4390 RDI: 0000000000000001
> [  178.643652] RBP: 000055c737df4390 R08: 000000000000000a R09: 0000000000000001
> [  178.644332] R10: 000055c703828017 R11: 0000000000000246 R12: 0000000000000002
> [  178.645010] R13: 00007f35caa4a6a0 R14: 00007f35caa464a0 R15: 00007f35caa458a0
> [  178.645643]  </TASK>
> [  178.646321] 
> [  178.646984] Allocated by task 1474 on cpu 1 at 178.634368s:
> [  178.647616]  kasan_save_stack+0x26/0x50
> [  178.648290]  kasan_save_track+0x18/0x60
> [  178.648955]  kasan_save_alloc_info+0x37/0x40
> [  178.649560]  __kasan_kmalloc+0x90/0xa0
> [  178.650197]  __kmalloc+0x1be/0x3f0
> [  178.650765]  ath12k_write_htt_stats_type+0xc1/0x330 [ath12k]
> [  178.651408]  full_proxy_write+0xf8/0x180
> [  178.652029]  vfs_write+0x220/0x1200
> [  178.652583]  ksys_write+0x10e/0x230
> [  178.653181]  __x64_sys_write+0x6d/0xa0
> [  178.653726]  x64_sys_call+0x9cf/0x9e0
> [  178.654319]  do_syscall_64+0x65/0x130
> [  178.654844]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
> [  178.655410] 
> [  178.655970] The buggy address belongs to the object at ffff888109d46968#012[  178.655970]  which belongs to the cache kmalloc-8 of size 8
> [  178.657054] The buggy address is located 0 bytes to the right of#012[  178.657054]  allocated 2-byte region [ffff888109d46968, ffff888109d4696a)
> [  178.658142] 
> [  178.658668] The buggy address belongs to the physical page:
> [  178.659256] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888109d46a08 pfn:0x109d46
> [  178.659824] flags: 0x200000000000a00(workingset|slab|node=0|zone=2)
> [  178.660438] page_type: 0xffffffff()
> [  178.661053] raw: 0200000000000a00 ffff88810004c3c0 ffffea0004275850 ffff8881000403d0
> [  178.661637] raw: ffff888109d46a08 0000000000190010 00000001ffffffff 0000000000000000
> [  178.662265] page dumped because: kasan: bad access detected
> [  178.662872] 
> [  178.663475] Memory state around the buggy address:
> [  178.664108]  ffff888109d46800: fc fc fc fc fc fa fc fc fc fc fc fc fc fc fc fc
> [  178.664710]  ffff888109d46880: fc fc fc fc fc fc fc fc fc fa fc fc fc fc fc fc
> [  178.665972] >ffff888109d46900: fc fc fc fc fc fc fc fc fc fc fc fc fc 02 fc fc
> [  178.666571]                                                           ^
> [  178.667223]  ffff888109d46980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  178.667836]  ffff888109d46a00: fc fa fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  178.668488] ==================================================================
> [  178.669233] Disabling lock debugging due to kernel taint
> 

Thanks Kalle. I was not facing this in QCN9274. May be I will check my
.config to confirm whether KASAN config is enabled.

More information about the ath12k mailing list