From 4620f21864aef062c930a9d66946d452ce9647df Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 30 Dec 2023 11:42:52 +0000 Subject: [PATCH] 6.1-stable patches added patches: wifi-cfg80211-fix-cqm-for-non-range-use.patch wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch --- queue-6.1/series | 2 + ...i-cfg80211-fix-cqm-for-non-range-use.patch | 151 ++++++++++++++++++ ...adlock-in-nl80211_set_cqm_rssi-6.6.x.patch | 80 ++++++++++ 3 files changed, 233 insertions(+) create mode 100644 queue-6.1/wifi-cfg80211-fix-cqm-for-non-range-use.patch create mode 100644 queue-6.1/wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch diff --git a/queue-6.1/series b/queue-6.1/series index 3c1199da309..abde7c46858 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -108,3 +108,5 @@ kvm-arm64-vgic-force-vcpu-vgic-teardown-on-vcpu-destroy.patch x86-alternatives-sync-core-before-enabling-interrupts.patch mm-damon-core-make-damon_start-waits-until-kdamond_fn-starts.patch fuse-share-lookup-state-between-submount-and-its-parent.patch +wifi-cfg80211-fix-cqm-for-non-range-use.patch +wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch diff --git a/queue-6.1/wifi-cfg80211-fix-cqm-for-non-range-use.patch b/queue-6.1/wifi-cfg80211-fix-cqm-for-non-range-use.patch new file mode 100644 index 00000000000..43e0682fc80 --- /dev/null +++ b/queue-6.1/wifi-cfg80211-fix-cqm-for-non-range-use.patch @@ -0,0 +1,151 @@ +From leo@leolam.fr Sat Dec 16 05:48:17 2023 +From: "Léo Lam" +Date: Sat, 16 Dec 2023 05:47:15 +0000 +Subject: wifi: cfg80211: fix CQM for non-range use +To: stable@vger.kernel.org +Cc: "Johannes Berg" , "Greg Kroah-Hartman" , "Léo Lam" +Message-ID: <20231216054715.7729-2-leo@leolam.fr> + +From: Johannes Berg + +commit 7e7efdda6adb385fbdfd6f819d76bc68c923c394 upstream. + +[note: this is commit 4a7e92551618f3737b305f62451353ee05662f57 reapplied; +that commit had been reverted in 6.6.6 because it caused regressions, see +https://lore.kernel.org/stable/2023121450-habitual-transpose-68a1@gregkh/ +for details] + +My prior race fix here broke CQM when ranges aren't used, as +the reporting worker now requires the cqm_config to be set in +the wdev, but isn't set when there's no range configured. + +Rather than continuing to special-case the range version, set +the cqm_config always and configure accordingly, also tracking +if range was used or not to be able to clear the configuration +appropriately with the same API, which was actually not right +if both were implemented by a driver for some reason, as is +the case with mac80211 (though there the implementations are +equivalent so it doesn't matter.) + +Also, the original multiple-RSSI commit lost checking for the +callback, so might have potentially crashed if a driver had +neither implementation, and userspace tried to use it despite +not being advertised as supported. + +Cc: stable@vger.kernel.org +Fixes: 4a4b8169501b ("cfg80211: Accept multiple RSSI thresholds for CQM") +Fixes: 37c20b2effe9 ("wifi: cfg80211: fix cqm_config access race") +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Léo Lam +Signed-off-by: Greg Kroah-Hartman +--- + net/wireless/core.h | 1 + net/wireless/nl80211.c | 50 ++++++++++++++++++++++++++++++------------------- + 2 files changed, 32 insertions(+), 19 deletions(-) + +--- a/net/wireless/core.h ++++ b/net/wireless/core.h +@@ -297,6 +297,7 @@ struct cfg80211_cqm_config { + u32 rssi_hyst; + s32 last_rssi_event_value; + enum nl80211_cqm_rssi_threshold_event last_rssi_event_type; ++ bool use_range_api; + int n_rssi_thresholds; + s32 rssi_thresholds[]; + }; +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -12574,10 +12574,6 @@ static int cfg80211_cqm_rssi_update(stru + int i, n, low_index; + int err; + +- /* RSSI reporting disabled? */ +- if (!cqm_config) +- return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0); +- + /* + * Obtain current RSSI value if possible, if not and no RSSI threshold + * event has been received yet, we should receive an event after a +@@ -12652,18 +12648,6 @@ static int nl80211_set_cqm_rssi(struct g + wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) + return -EOPNOTSUPP; + +- if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) { +- if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */ +- return rdev_set_cqm_rssi_config(rdev, dev, 0, 0); +- +- return rdev_set_cqm_rssi_config(rdev, dev, +- thresholds[0], hysteresis); +- } +- +- if (!wiphy_ext_feature_isset(&rdev->wiphy, +- NL80211_EXT_FEATURE_CQM_RSSI_LIST)) +- return -EOPNOTSUPP; +- + if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */ + n_thresholds = 0; + +@@ -12671,6 +12655,20 @@ static int nl80211_set_cqm_rssi(struct g + old = rcu_dereference_protected(wdev->cqm_config, + lockdep_is_held(&wdev->mtx)); + ++ /* if already disabled just succeed */ ++ if (!n_thresholds && !old) ++ return 0; ++ ++ if (n_thresholds > 1) { ++ if (!wiphy_ext_feature_isset(&rdev->wiphy, ++ NL80211_EXT_FEATURE_CQM_RSSI_LIST) || ++ !rdev->ops->set_cqm_rssi_range_config) ++ return -EOPNOTSUPP; ++ } else { ++ if (!rdev->ops->set_cqm_rssi_config) ++ return -EOPNOTSUPP; ++ } ++ + if (n_thresholds) { + cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds, + n_thresholds), +@@ -12685,13 +12683,26 @@ static int nl80211_set_cqm_rssi(struct g + memcpy(cqm_config->rssi_thresholds, thresholds, + flex_array_size(cqm_config, rssi_thresholds, + n_thresholds)); ++ cqm_config->use_range_api = n_thresholds > 1 || ++ !rdev->ops->set_cqm_rssi_config; + + rcu_assign_pointer(wdev->cqm_config, cqm_config); ++ ++ if (cqm_config->use_range_api) ++ err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config); ++ else ++ err = rdev_set_cqm_rssi_config(rdev, dev, ++ thresholds[0], ++ hysteresis); + } else { + RCU_INIT_POINTER(wdev->cqm_config, NULL); ++ /* if enabled as range also disable via range */ ++ if (old->use_range_api) ++ err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0); ++ else ++ err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0); + } + +- err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config); + if (err) { + rcu_assign_pointer(wdev->cqm_config, old); + kfree_rcu(cqm_config, rcu_head); +@@ -18758,10 +18769,11 @@ void cfg80211_cqm_rssi_notify_work(struc + wdev_lock(wdev); + cqm_config = rcu_dereference_protected(wdev->cqm_config, + lockdep_is_held(&wdev->mtx)); +- if (!wdev->cqm_config) ++ if (!cqm_config) + goto unlock; + +- cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config); ++ if (cqm_config->use_range_api) ++ cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config); + + rssi_level = cqm_config->last_rssi_event_value; + rssi_event = cqm_config->last_rssi_event_type; diff --git a/queue-6.1/wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch b/queue-6.1/wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch new file mode 100644 index 00000000000..c75b10f65df --- /dev/null +++ b/queue-6.1/wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch @@ -0,0 +1,80 @@ +From stable+bounces-6868-greg=kroah.com@vger.kernel.org Sat Dec 16 05:57:02 2023 +From: "Léo Lam" +Date: Sat, 16 Dec 2023 05:47:17 +0000 +Subject: wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) +To: stable@vger.kernel.org +Cc: "Léo Lam" , "Philip Müller" , "Johannes Berg" +Message-ID: <20231216054715.7729-4-leo@leolam.fr> + +From: "Léo Lam" + +Commit 008afb9f3d57 ("wifi: cfg80211: fix CQM for non-range use" +backported to 6.6.x) causes nl80211_set_cqm_rssi not to release the +wdev lock in some of the error paths. + +Of course, the ensuing deadlock causes userland network managers to +break pretty badly, and on typical systems this also causes lockups on +on suspend, poweroff and reboot. See [1], [2], [3] for example reports. + +The upstream commit 7e7efdda6adb ("wifi: cfg80211: fix CQM for non-range +use"), committed in November 2023, is completely fine because there was +another commit in August 2023 that removed the wdev lock: +see commit 076fc8775daf ("wifi: cfg80211: remove wdev mutex"). + +The reason things broke in 6.6.5 is that commit 4338058f6009 was applied +without also applying 076fc8775daf. + +Commit 076fc8775daf ("wifi: cfg80211: remove wdev mutex") is a rather +large commit; adjusting the error handling (which is what this commit does) +yields a much simpler patch and was tested to work properly. + +Fix the deadlock by releasing the lock before returning. + +[1] https://bugzilla.kernel.org/show_bug.cgi?id=218247 +[2] https://bbs.archlinux.org/viewtopic.php?id=290976 +[3] https://lore.kernel.org/all/87sf4belmm.fsf@turtle.gmx.de/ + +Link: https://lore.kernel.org/stable/e374bb16-5b13-44cc-b11a-2f4eefb1ecf5@manjaro.org/ +Fixes: 008afb9f3d57 ("wifi: cfg80211: fix CQM for non-range use") +Tested-by: Léo Lam +Tested-by: Philip Müller +Cc: stable@vger.kernel.org +Cc: Johannes Berg +Signed-off-by: Léo Lam +Signed-off-by: Greg Kroah-Hartman +--- + net/wireless/nl80211.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -12656,17 +12656,23 @@ static int nl80211_set_cqm_rssi(struct g + lockdep_is_held(&wdev->mtx)); + + /* if already disabled just succeed */ +- if (!n_thresholds && !old) +- return 0; ++ if (!n_thresholds && !old) { ++ err = 0; ++ goto unlock; ++ } + + if (n_thresholds > 1) { + if (!wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_CQM_RSSI_LIST) || +- !rdev->ops->set_cqm_rssi_range_config) +- return -EOPNOTSUPP; ++ !rdev->ops->set_cqm_rssi_range_config) { ++ err = -EOPNOTSUPP; ++ goto unlock; ++ } + } else { +- if (!rdev->ops->set_cqm_rssi_config) +- return -EOPNOTSUPP; ++ if (!rdev->ops->set_cqm_rssi_config) { ++ err = -EOPNOTSUPP; ++ goto unlock; ++ } + } + + if (n_thresholds) { -- 2.47.3