Re: [PATCH] wifi: mac80211: fix static key race condition in aql_enable_write()

Next message: kernel test robot: "Re: [PATCH 5/9] amd-pstate: Add support for CPPC_REQ2 and FLOOR_PERF"
Previous message: Jason Gunthorpe: "Re: [PATCH v1 2/2] iommu/arm-smmu-v3: Recover ATC invalidate timeouts"
In reply to: Josh Poimboeuf: "[PATCH] wifi: mac80211: fix static key race condition in aql_enable_write()"
Next in thread: Josh Poimboeuf: "Re: [PATCH] wifi: mac80211: fix static key race condition in aql_enable_write()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johannes Berg

Date: Fri Mar 06 2026 - 15:23:21 EST

On Fri, 2026-03-06 at 12:01 -0800, Josh Poimboeuf wrote:
> If multiple tasks are writing to the 'aql_enable' debugfs file, it may
> incorrectly call static_branch_dec() for an already disabled static key,
> resulting in the following warning:
>
> val == 0
> WARNING: kernel/jump_label.c:311 at __static_key_slow_dec_cpuslocked.part.0+0x107/0x120 kernel/jump_label.c:311, CPU#0: syz.1.3155/20288
> ...
> Call Trace:
> <TASK>
> __static_key_slow_dec_cpuslocked kernel/jump_label.c:297 [inline]
> __static_key_slow_dec kernel/jump_label.c:321 [inline]
> static_key_slow_dec+0x7c/0xc0 kernel/jump_label.c:336
> aql_enable_write+0x2b2/0x310 net/mac80211/debugfs.c:343
> short_proxy_write+0x133/0x1a0 fs/debugfs/file.c:383
> vfs_write+0x2aa/0x1070 fs/read_write.c:684
> ksys_pwrite64 fs/read_write.c:793 [inline]
> __do_sys_pwrite64 fs/read_write.c:801 [inline]
> __se_sys_pwrite64 fs/read_write.c:798 [inline]
> __x64_sys_pwrite64+0x1eb/0x250 fs/read_write.c:798
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> Fix it by using the atomic static_branch_{enable,disable}() interfaces.

Heh, I just applied the same change:

https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b94ae8e0d5fe1bdbbfdc3854ff6ce98f6876a828

johannes