[PATCH ath-next] wifi: ath12k: fix node corruption in ar->arvifs list
Vasanthakumar Thiagarajan
vasanthakumar.thiagarajan at oss.qualcomm.com
Wed Apr 16 21:50:58 PDT 2025
On 4/16/2025 7:47 AM, Maharaja Kennadyrajan wrote:
> In current WLAN recovery code flow, ath12k_core_halt() only reinitializes
> the "arvifs" list head. This will cause the list node immediately following
> the list head to become an invalid list node. Because the prev of that node
> still points to the list head "arvifs", but the next of the list head
> "arvifs" no longer points to that list node.
>
> When a WLAN recovery occurs during the execution of a vif removal, and it
> happens before the spin_lock_bh(&ar->data_lock) in
> ath12k_mac_vdev_delete(), list_del() will detect the previously mentioned
> situation, thereby triggering a kernel panic.
>
> The fix is to remove and reinitialize all vif list nodes from the list head
> "arvifs" during WLAN halt. The reinitialization is to make the list nodes
> valid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute
> normally.
>
> Call trace:
> __list_del_entry_valid_or_report+0xd4/0x100 (P)
> ath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]
> ath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]
> cfg80211_wiphy_work+0xfc/0x100
> process_one_work+0x164/0x2d0
> worker_thread+0x254/0x380
> kthread+0xfc/0x100
> ret_from_fork+0x10/0x20
>
> The change is mostly copied from the ath11k patch:
> https://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/
>
> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
>
> Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
> Signed-off-by: Maharaja Kennadyrajan <maharaja.kennadyrajan at oss.qualcomm.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan at oss.qualcomm.com>
More information about the ath12k
mailing list