From nobody Sun Jun 14 23:15:27 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gdpy82NdMz6hf4G for ; Sun, 14 Jun 2026 23:15:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gdpy7622Vz3kP1 for ; Sun, 14 Jun 2026 23:15:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781478927; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/2GG/NiaU/r7L/mDVjgwM0l0bEXNM/Rl7r1LoVMHPt4=; b=Zh6Q6M6dQQeLakrXJ6wb8BSaiKwAg4hTAHSk0Cu3OutK3vq6mnOmOBIuVOaTfiOEMaiHIw nb2Zj+cDc64WoyxND2IAgTvNmY3phwZsczkWmzv1ZoKJGnbE4+V0drv1xMquEK8IVScHFn uVPNiZWOaw9qbMPaAS3VgnTyKZJW75Dr3FmiiHbFCQJR0/fPshpflbYKVBOmal53u1D2ON zM2MicWb9Mgs0F59sGdtWHOflC2Wa6OOtGX+xkFWlI/svjR7m1Q1UtqFvqGYfCm1psT3dm BHTT7NkR/snYaY4+l80xN9y27TiMvTLVpbvtoxe8fUIecub+6CiuXrzzA4fLOw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781478927; a=rsa-sha256; cv=none; b=fDnM4W8OZTYKXICWSDcR+Ov/XQBuiIjXMY9DVSZqZEYe+U08lXTrzbnMLNaTSdwpIAwJQv qQ+LaISqo5Qdx+Oe/BO5ltkOsUjRsxK9Gq3wpfNNGi4oKBKC3l9DX/uSTB7frpyWHhkYgo xbmkXOWQVBGXSbYQnRqpRmFHOByHQ1PJmXn/HiQD4xEf24EmnMRJxz9htQtCHeolPkummL Plh52nrO/SFR8szzn56osXMgMUtGve+BLiLaek3pWsrpxbkuuw76tGM1qBQQCZ8x1rC9zY Do8FE0dAkoDU8cbj6Kxev0mALVQGmOsRL29EuNawPiZJSvJy+i17LuqQyY7a0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781478927; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/2GG/NiaU/r7L/mDVjgwM0l0bEXNM/Rl7r1LoVMHPt4=; b=xYCF4ojP0HIRbdqW2GepIz269+lQgwRbQAijPKU/lMl6so9vcOiI44D70ks4SzGhcKhcwK Np912ehJNgYgR8fCqkaySNyqOBQb8DFip90gSF+qCOp+cV1/vuMWYfiswHp7S2bpJ4s3X4 UvmjVHnWykseYH02/o5dMhPUaq7xNLlulWrISetLR4RIcZRVJR7ssXr7rWYrjHmMOSY/3Z PwRewTWNpYlp1IlkuVk1d/ghPHFfxrwcktyKcOI2MoUTp7dnZubapj2Y3Lh6JK3OTB5BKh e1++e0mYUCKalSpHHP7GnctYIyMnLxuIIYvU/MlCD8KrritFJCGCX9HS/iy1oQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gdpy75fC5zTTp for ; Sun, 14 Jun 2026 23:15:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 46a13 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 14 Jun 2026 23:15:27 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Bjoern A. Zeeb Subject: git: 1c601bf516eb - main - LinuxKPI: 802.11: lock down mac80211 downcalls List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1c601bf516ebefb1670f5612316c501f2ae2654a Auto-Submitted: auto-generated Date: Sun, 14 Jun 2026 23:15:27 +0000 Message-Id: <6a2f360f.46a13.11d28a8@gitrepo.freebsd.org> The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=1c601bf516ebefb1670f5612316c501f2ae2654a commit 1c601bf516ebefb1670f5612316c501f2ae2654a Author: Bjoern A. Zeeb AuthorDate: 2026-06-05 10:22:38 +0000 Commit: Bjoern A. Zeeb CommitDate: 2026-06-14 22:56:20 +0000 LinuxKPI: 802.11: lock down mac80211 downcalls Add lock assertions and "might_sleep" annotations to various mac80211 operation downcalls into the driver. Make sure the code to these is all covered by locks--pushing more wiphy lock into the code--or lock assertions as well. Split up parts of the MC code up into an unlocked and locked version to avoid recurive locking. Sponsored by: The FreeBSD Foundation MFC after: 3 days --- sys/compat/linuxkpi/common/src/linux_80211.c | 58 ++++++++++++++++++---- .../linuxkpi/common/src/linux_80211_macops.c | 19 +++++++ 2 files changed, 67 insertions(+), 10 deletions(-) diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c index 23b5009c0384..e2f5037240a2 100644 --- a/sys/compat/linuxkpi/common/src/linux_80211.c +++ b/sys/compat/linuxkpi/common/src/linux_80211.c @@ -511,6 +511,8 @@ lkpi_sync_chanctx_cw_from_rx_bw(struct ieee80211_hw *hw, enum ieee80211_sta_rx_bandwidth old_bw; uint32_t changed; + lockdep_assert_wiphy(hw->wiphy); + chanctx_conf = rcu_dereference_protected(vif->bss_conf.chanctx_conf, lockdep_is_held(&hw->wiphy->mtx)); if (chanctx_conf == NULL) @@ -749,6 +751,9 @@ lkpi_sta_sync_from_ni(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct ieee80211_sta *sta, struct ieee80211_node *ni, bool updchnctx) { + if (updchnctx) + lockdep_assert_wiphy(hw->wiphy); + /* * Ensure rx_nss is at least 1 as otherwise drivers run into * unexpected problems. @@ -1950,7 +1955,7 @@ lkpi_ic_update_mcast_copy(void *arg, struct sockaddr_dl *sdl, u_int cnt) } static void -lkpi_update_mcast_filter(struct ieee80211com *ic) +lkpi_update_mcast_filter_locked(struct ieee80211com *ic) { struct lkpi_hw *lhw; struct ieee80211_hw *hw; @@ -1959,6 +1964,9 @@ lkpi_update_mcast_filter(struct ieee80211com *ic) bool scanning; lhw = ic->ic_softc; + hw = LHW_TO_HW(lhw); + + lockdep_assert_wiphy(hw->wiphy); LKPI_80211_LHW_SCAN_LOCK(lhw); scanning = (lhw->scan_flags & LKPI_LHW_SCAN_RUNNING) != 0; @@ -1973,7 +1981,6 @@ lkpi_update_mcast_filter(struct ieee80211com *ic) if (lhw->mc_all_multi || lhw->ops->prepare_multicast == NULL) flags |= FIF_ALLMULTI; - hw = LHW_TO_HW(lhw); mc = lkpi_80211_mo_prepare_multicast(hw, &lhw->mc_list); changed_flags = (lhw->mc_flags ^ flags) & FIF_FLAGS_MASK; @@ -1989,6 +1996,20 @@ lkpi_update_mcast_filter(struct ieee80211com *ic) LKPI_80211_LHW_MC_UNLOCK(lhw); } +static void +lkpi_update_mcast_filter(struct ieee80211com *ic) +{ + struct lkpi_hw *lhw; + struct ieee80211_hw *hw; + + lhw = ic->ic_softc; + hw = LHW_TO_HW(lhw); + + wiphy_lock(hw->wiphy); + lkpi_update_mcast_filter_locked(ic); + wiphy_unlock(hw->wiphy); +} + static enum ieee80211_bss_changed lkpi_update_dtim_tsf(struct ieee80211_vif *vif, struct ieee80211_node *ni, struct ieee80211vap *vap, const char *_f, int _l) @@ -2118,6 +2139,8 @@ lkpi_hw_conf_idle(struct ieee80211_hw *hw, bool new) int error; bool old; + lockdep_assert_wiphy(hw->wiphy); + old = hw->conf.flags & IEEE80211_CONF_IDLE; if (old == new) return; @@ -2135,8 +2158,12 @@ static enum ieee80211_bss_changed lkpi_disassoc(struct ieee80211_sta *sta, struct ieee80211_vif *vif, struct lkpi_hw *lhw) { - enum ieee80211_bss_changed changed; + struct ieee80211_hw *hw; struct lkpi_vif *lvif; + enum ieee80211_bss_changed changed; + + hw = LHW_TO_HW(lhw); + lockdep_assert_wiphy(hw->wiphy); changed = 0; sta->aid = 0; @@ -2147,7 +2174,7 @@ lkpi_disassoc(struct ieee80211_sta *sta, struct ieee80211_vif *vif, changed |= BSS_CHANGED_ASSOC; IMPROVE(); - lkpi_update_mcast_filter(lhw->ic); + lkpi_update_mcast_filter_locked(lhw->ic); /* * Executing the bss_info_changed(BSS_CHANGED_ASSOC) with @@ -2397,6 +2424,8 @@ lkpi_set_chanctx_conf(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct lkpi_chanctx *lchanctx; int error; + lockdep_assert_wiphy(hw->wiphy); + if (vif->bss_conf.chanctx_conf == chanctx_conf) { if (!changed_set) { IMPROVE("OBSOLETE?"); @@ -3075,7 +3104,7 @@ lkpi_sta_assoc_to_run(struct ieee80211vap *vap, enum ieee80211_state nstate, int lkpi_bss_info_change(hw, vif, bss_changed); /* Prepare_multicast && configure_filter. */ - lkpi_update_mcast_filter(vap->iv_ic); + lkpi_update_mcast_filter_locked(vap->iv_ic); out: wiphy_unlock(hw->wiphy); @@ -4198,12 +4227,13 @@ lkpi_ic_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], ic_printf(ic, "%s: conf_tx ac %u failed %d\n", __func__, ac, error); } - wiphy_unlock(hw->wiphy); bss_changed = BSS_CHANGED_QOS; lkpi_bss_info_change(hw, vif, bss_changed); /* Force MC init. */ - lkpi_update_mcast_filter(ic); + lkpi_update_mcast_filter_locked(ic); + + wiphy_unlock(hw->wiphy); ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); @@ -4713,8 +4743,11 @@ lkpi_ic_scan_start(struct ieee80211com *ic) lvif = VAP_TO_LVIF(vap); vif = LVIF_TO_VIF(lvif); - if (vap->iv_state == IEEE80211_S_SCAN) + if (vap->iv_state == IEEE80211_S_SCAN) { + wiphy_lock(hw->wiphy); lkpi_hw_conf_idle(hw, false); + wiphy_unlock(hw->wiphy); + } LKPI_80211_LHW_SCAN_LOCK(lhw); lhw->scan_flags |= LKPI_LHW_SCAN_RUNNING; @@ -4967,7 +5000,8 @@ lkpi_ic_scan_start(struct ieee80211com *ic) return; } - lkpi_update_mcast_filter(ic); + wiphy_lock(hw->wiphy); + lkpi_update_mcast_filter_locked(ic); TRACE_SCAN(ic, "Starting HW_SCAN: scan_flags %b, " "ie_len %d, n_ssids %d, n_chan %d, common_ie_len %d [%d, %d]", lhw->scan_flags, LKPI_LHW_SCAN_BITS, hw_req->req.ie_len, @@ -4977,6 +5011,7 @@ lkpi_ic_scan_start(struct ieee80211com *ic) hw_req->ies.len[NL80211_BAND_5GHZ]); error = lkpi_80211_mo_hw_scan(hw, vif, hw_req); + wiphy_unlock(hw->wiphy); if (error != 0) { bool scan_done; int e; @@ -5122,8 +5157,11 @@ lkpi_ic_scan_end(struct ieee80211com *ic) /* Send PS to stop buffering if n80211 does not for us? */ - if (vap->iv_state == IEEE80211_S_SCAN) + if (vap->iv_state == IEEE80211_S_SCAN) { + wiphy_lock(hw->wiphy); lkpi_hw_conf_idle(hw, true); + wiphy_unlock(hw->wiphy); + } } /* diff --git a/sys/compat/linuxkpi/common/src/linux_80211_macops.c b/sys/compat/linuxkpi/common/src/linux_80211_macops.c index b2e88719e103..b07a2075491b 100644 --- a/sys/compat/linuxkpi/common/src/linux_80211_macops.c +++ b/sys/compat/linuxkpi/common/src/linux_80211_macops.c @@ -218,6 +218,8 @@ lkpi_80211_mo_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif, struct lkpi_hw *lhw; int error; + lockdep_assert_wiphy(hw->wiphy); + /* * MUST NOT return EPERM as that is a "magic number 1" based on rtw88 * driver indicating hw_scan is not supported despite the ops call @@ -244,6 +246,8 @@ lkpi_80211_mo_cancel_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif) { struct lkpi_hw *lhw; + lockdep_assert_wiphy(hw->wiphy); + lhw = HW_TO_LHW(hw); if (lhw->ops->cancel_hw_scan == NULL) return; @@ -291,6 +295,8 @@ lkpi_80211_mo_prepare_multicast(struct ieee80211_hw *hw, struct lkpi_hw *lhw; u64 ptr; + /* This seems fine without the wiphy lock. */ + lhw = HW_TO_LHW(hw); if (lhw->ops->prepare_multicast == NULL) return (0); @@ -306,6 +312,8 @@ lkpi_80211_mo_configure_filter(struct ieee80211_hw *hw, unsigned int changed_fla { struct lkpi_hw *lhw; + lockdep_assert_wiphy(hw->wiphy); + lhw = HW_TO_LHW(hw); if (lhw->ops->configure_filter == NULL) return; @@ -429,6 +437,8 @@ lkpi_80211_mo_config(struct ieee80211_hw *hw, uint32_t changed) struct lkpi_hw *lhw; int error; + lockdep_assert_wiphy(hw->wiphy); + lhw = HW_TO_LHW(hw); if (lhw->ops->config == NULL) { error = EOPNOTSUPP; @@ -497,6 +507,9 @@ lkpi_80211_mo_add_chanctx(struct ieee80211_hw *hw, struct lkpi_chanctx *lchanctx; int error; + might_sleep(); + lockdep_assert_wiphy(hw->wiphy); + lhw = HW_TO_LHW(hw); if (lhw->ops->add_chanctx == NULL) { error = EOPNOTSUPP; @@ -520,6 +533,9 @@ lkpi_80211_mo_change_chanctx(struct ieee80211_hw *hw, { struct lkpi_hw *lhw; + might_sleep(); + lockdep_assert_wiphy(hw->wiphy); + lhw = HW_TO_LHW(hw); if (lhw->ops->change_chanctx == NULL) return; @@ -535,6 +551,9 @@ lkpi_80211_mo_remove_chanctx(struct ieee80211_hw *hw, struct lkpi_hw *lhw; struct lkpi_chanctx *lchanctx; + might_sleep(); + lockdep_assert_wiphy(hw->wiphy); + lhw = HW_TO_LHW(hw); if (lhw->ops->remove_chanctx == NULL) return;