| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YUJGxZW1a+vlG335@sellars>
Date: Wed, 15 Sep 2021 21:18:03 +0200
From: Linus Lüssing <linus.luessing@...3.blue>
To: Felix Fietkau <nbd@....name>
Cc: Kalle Valo <kvalo@...eaurora.org>,
Sujith Manoharan <c_manoha@....qualcomm.com>,
ath9k-devel@....qualcomm.com, linux-wireless@...r.kernel.org,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
"John W . Linville" <linville@...driver.com>,
Felix Fietkau <nbd@...nwrt.org>,
Simon Wunderlich <sw@...onwunderlich.de>,
Sven Eckelmann <sven@...fation.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
Linus Lüssing <ll@...onwunderlich.de>
Subject: Re: [PATCH 3/3] ath9k: Fix potential hw interrupt resume during reset
On Wed, Sep 15, 2021 at 11:48:55AM +0200, Felix Fietkau wrote:
>
> On 2021-09-14 21:25, Linus Lüssing wrote:
> > From: Linus Lüssing <ll@...onwunderlich.de>
> >
> > There is a small risk of the ath9k hw interrupts being reenabled in the
> > following way:
> >
> > 1) ath_reset_internal()
> > ...
> > -> disable_irq()
> > ...
> > <- returns
> >
> > 2) ath9k_tasklet()
> > ...
> > -> ath9k_hw_resume_interrupts()
> > ...
> >
> > 1) ath_reset_internal() continued:
> > -> tasklet_disable(&sc->intr_tq); (= ath9k_tasklet() off)
> >
> > By first disabling the ath9k interrupt there is a small window
> > afterwards which allows ath9k hw interrupts being reenabled through
> > the ath9k_tasklet() before we disable this tasklet in
> > ath_reset_internal(). Leading to having the ath9k hw interrupts enabled
> > during the reset, which we should avoid.
> I don't see a way in which interrupts can be re-enabled through the
> tasklet. disable_irq disables the entire PCI IRQ (not through ath9k hw
> registers), and they will only be re-enabled by the corresponding
> enable_irq call.
Ah, okay, then I think I misunderstood the previous fixes to the
ath9k interrupt shutdown during reset here. I had only tested the
following diff and assumed that it were not okay to have the ath9k
hw interrupt registers enabled within the spinlock'd section:
```
@@ -299,11 +299,23 @@ static int ath_reset_internal(struct ath_softc *sc, struct ath9k_channel *hchan)
__ath_cancel_work(sc);
disable_irq(sc->irq);
+ for (r = 0; r < 200; r++) {
+ msleep(5);
+
+ if (REG_READ(ah, AR_INTR_SYNC_CAUSE) ||
+ REG_READ(ah, AR_INTR_ASYNC_CAUSE)) {
+ break;
+ }
+ }
tasklet_disable(&sc->intr_tq);
tasklet_disable(&sc->bcon_tasklet);
spin_lock_bh(&sc->sc_pcu_lock);
+ if (REG_READ(ah, AR_INTR_SYNC_CAUSE) ||
+ REG_READ(ah, AR_INTR_ASYNC_CAUSE))
+ ATH_DBG_WARN(1, "%s: interrupts are enabled", __func__);
+
if (!sc->cur_chan->offchannel) {
fastcc = false;
caldata = &sc->cur_chan->caldata;
```
And yes, the general ath9k interrupt should still be disabled. Didn't
test for that but seems like it.
(And now I noticed that actually
ath_reset_internal()
-> ath_prepare_reset()
-> ath9k_hw_disable_interrupts()
-> ath9k_hw_kill_interrupts()
disables the ath9k hw interrupt registers before the
ath_reset_internal()->ath9k_hw_reset() call anyway.)
What would you prefer, should this patch just be dropped or should
I resend it without the "Fixes:" line as a cosmetic change? (e.g. to
have the order in reverse to reenablement at the end of
ath_reset_internal(), to avoid confusion in the future?)
Regards, Linus
Powered by blists - more mailing lists