Commit 5eec8647 authored by Emmanuel Grumbach's avatar Emmanuel Grumbach Committed by Zhang Kunbo
Browse files

wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead 

stable inclusion
from stable-v6.6.53
commit 4d0a900ec470d392476c428875dbf053f8a0ae5e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAVU90
CVE: CVE-2024-47672

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4d0a900ec470d392476c428875dbf053f8a0ae5e



--------------------------------

[ Upstream commit 3a84454f5204718ca5b4ad2c1f0bf2031e2403d1 ]

There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was
recently converted from just a message), that can be hit if we
wait for TX queues to become empty after firmware died. Clearly,
we can't expect anything from the firmware after it's declared dead.

Don't call iwl_trans_wait_tx_queues_empty() in this case. While it could
be a good idea to stop the flow earlier, the flush functions do some
maintenance work that is not related to the firmware, so keep that part
of the code running even when the firmware is not running.

Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: default avatarMiri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20240825191257.a7cbd794cee9.I44a739fbd4ffcc46b83844dd1c7b2eb0c7b270f6@changeid


[edit commit message]
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarZhang Kunbo <zhangkunbo@huawei.com>
parent b5213571

drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c

+8 −1
Original line number Diff line number Diff line
@@ -5569,6 +5569,10 @@ static void iwl_mvm_flush_no_vif(struct iwl_mvm *mvm, u32 queues, bool drop) 
	int i;



	if (!iwl_mvm_has_new_tx_api(mvm)) {

		/* we can't ask the firmware anything if it is dead */

		if (test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED,

			     &mvm->status))

			return;

		if (drop) {

			mutex_lock(&mvm->mutex);

			iwl_mvm_flush_tx_path(mvm,
@@ -5653,8 +5657,11 @@ void iwl_mvm_mac_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 


	/* this can take a while, and we may need/want other operations

	 * to succeed while doing this, so do it without the mutex held

	 * If the firmware is dead, this can't work...

	 */

	if (!drop && !iwl_mvm_has_new_tx_api(mvm))

	if (!drop && !iwl_mvm_has_new_tx_api(mvm) &&

	    !test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED,

		      &mvm->status))

		iwl_trans_wait_tx_queues_empty(mvm->trans, msk);

}