[PATCH 10/17] staging: wfx: fix the warning "inconsistent notification"

From: Jerome Pouiller
Date: Mon Apr 27 2020 - 09:41:36 EST

From: JÃrÃme Pouiller <jerome.pouiller@xxxxxxxxxx>

In some circumstances, Tx traffic is sent without associated station but
the station exists when the Tx status is received. Beside that, the
driver keep a counter associated to each station. So, in this case, the
counter is not incremented, but is decremented. In this case a warning
"inconsistent notification" appears:

------------[ cut here ]------------
WARNING: CPU: 3 PID: 82 at /home/jerome/wfx/data_tx.c:469 wfx_skb_dtor+0x1a4/0x1d4 [wfx]
inconsistent notification
Modules linked in: [...]
CPU: 3 PID: 82 Comm: kworker/3:1H Tainted: G C O 4.19.57-v7l+ #1244
Hardware name: BCM2835
Workqueue: events_highpri bh_work [wfx]
[<c0212c8c>] (unwind_backtrace) from [<c020d49c>] (show_stack+0x20/0x24)
[<c020d49c>] (show_stack) from [<c0976220>] (dump_stack+0xd4/0x118)
[<c0976220>] (dump_stack) from [<c0222270>] (__warn+0x104/0x11c)
[<c0222270>] (__warn) from [<c02222e0>] (warn_slowpath_fmt+0x58/0x74)
[<c02222e0>] (warn_slowpath_fmt) from [<bf497b48>] (wfx_skb_dtor+0x1a4/0x1d4 [wfx])
[<bf497b48>] (wfx_skb_dtor [wfx]) from [<bf4988b4>] (wfx_tx_confirm_cb+0x198/0x2f0 [wfx])
[<bf4988b4>] (wfx_tx_confirm_cb [wfx]) from [<bf49d054>] (hif_tx_confirm+0x50/0x70 [wfx])
[<bf49d054>] (hif_tx_confirm [wfx]) from [<bf49d42c>] (wfx_handle_rx+0x128/0x22c [wfx])
[<bf49d42c>] (wfx_handle_rx [wfx]) from [<bf4953cc>] (bh_work+0x3cc/0x964 [wfx])
[<bf4953cc>] (bh_work [wfx]) from [<c023dab8>] (process_one_work+0x170/0x458)
[<c023dab8>] (process_one_work) from [<c023ddfc>] (worker_thread+0x5c/0x5a4)
[<c023ddfc>] (worker_thread) from [<c02440e8>] (kthread+0x138/0x168)
[<c02440e8>] (kthread) from [<c02010ac>] (ret_from_fork+0x14/0x28)
Exception stack(0xee199fb0 to 0xee199ff8)
9fa0: 00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
---[ end trace 64b9e754e12ef7de ]---

This patch fix this race between the station creation and the Tx data.

Fixes: 7d2d2bfdeb82 ("staging: wfx: relocate "buffered" information to sta_priv")
Signed-off-by: JÃrÃme Pouiller <jerome.pouiller@xxxxxxxxxx>
---
drivers/staging/wfx/data_tx.c | 18 +++++++++++++-----
drivers/staging/wfx/data_tx.h | 1 +
2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/wfx/data_tx.c b/drivers/staging/wfx/data_tx.c
index 9c1a91207dd8..f8812079d801 100644
--- a/drivers/staging/wfx/data_tx.c
+++ b/drivers/staging/wfx/data_tx.c
@@ -224,6 +224,7 @@ static void wfx_tx_manage_pm(struct wfx_vif *wvif, struct ieee80211_hdr *hdr,
int tid = ieee80211_get_tid(hdr);

if (sta) {
+ tx_priv->has_sta = true;
sta_priv = (struct wfx_sta_priv *)&sta->drv_priv;
spin_lock_bh(&sta_priv->lock);
sta_priv->buffered[tid]++;
@@ -469,7 +470,8 @@ static void wfx_notify_buffered_tx(struct wfx_vif *wvif, struct sk_buff *skb)
rcu_read_unlock();
}

-static void wfx_skb_dtor(struct wfx_dev *wdev, struct sk_buff *skb)
+static void wfx_skb_dtor(struct wfx_dev *wdev,
+ struct sk_buff *skb, bool has_sta)
{
struct hif_msg *hif = (struct hif_msg *)skb->data;
struct hif_req_tx *req = (struct hif_req_tx *)hif->body;
@@ -480,7 +482,8 @@ static void wfx_skb_dtor(struct wfx_dev *wdev, struct sk_buff *skb)

WARN_ON(!wvif);
skb_pull(skb, offset);
- wfx_notify_buffered_tx(wvif, skb);
+ if (has_sta)
+ wfx_notify_buffered_tx(wvif, skb);
wfx_tx_policy_put(wvif, req->tx_flags.retry_policy_index);
ieee80211_tx_status_irqsafe(wdev->hw, skb);
}
@@ -493,6 +496,7 @@ void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg)
struct ieee80211_tx_rate *rate;
struct ieee80211_tx_info *tx_info;
const struct wfx_tx_priv *tx_priv;
+ bool has_sta;

skb = wfx_pending_get(wvif->wdev, arg->packet_id);
if (!skb) {
@@ -503,6 +507,7 @@ void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg)
}
tx_info = IEEE80211_SKB_CB(skb);
tx_priv = wfx_skb_tx_priv(skb);
+ has_sta = tx_priv->has_sta;
_trace_tx_stats(arg, skb,
wfx_pending_get_pkt_us_delay(wvif->wdev, skb));

@@ -561,12 +566,13 @@ void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg)
}
tx_info->flags |= IEEE80211_TX_STAT_TX_FILTERED;
}
- wfx_skb_dtor(wvif->wdev, skb);
+ wfx_skb_dtor(wvif->wdev, skb, has_sta);
}

void wfx_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
u32 queues, bool drop)
{
+ const struct wfx_tx_priv *tx_priv;
struct wfx_dev *wdev = hw->priv;
struct sk_buff_head dropped;
struct wfx_queue *queue;
@@ -593,7 +599,9 @@ void wfx_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
wfx_tx_flush(wdev);
if (wdev->chip_frozen)
wfx_pending_drop(wdev, &dropped);
- while ((skb = skb_dequeue(&dropped)) != NULL)
- wfx_skb_dtor(wdev, skb);
+ while ((skb = skb_dequeue(&dropped)) != NULL) {
+ tx_priv = wfx_skb_tx_priv(skb);
+ wfx_skb_dtor(wdev, skb, tx_priv->has_sta);
+ }
}

diff --git a/drivers/staging/wfx/data_tx.h b/drivers/staging/wfx/data_tx.h
index a308af3d68ad..54fff24508fb 100644
--- a/drivers/staging/wfx/data_tx.h
+++ b/drivers/staging/wfx/data_tx.h
@@ -36,6 +36,7 @@ struct tx_policy_cache {
struct wfx_tx_priv {
ktime_t xmit_timestamp;
struct ieee80211_key_conf *hw_key;
+ bool has_sta;
} __packed;

void wfx_tx_policy_init(struct wfx_vif *wvif);
--
2.26.1