git: 9bd4391f4ce0 - stable/14 - LinuxKPI: 802.11: further locking workarounds fro crypto updates

From: Bjoern A. Zeeb <bz_at_FreeBSD.org>
Date: Fri, 18 Apr 2025 14:37:22 UTC 
The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=9bd4391f4ce023fba8f5c5296a359ffb605efec2

commit 9bd4391f4ce023fba8f5c5296a359ffb605efec2
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-04-11 23:01:55 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-04-18 14:36:02 +0000

    LinuxKPI: 802.11: further locking workarounds fro crypto updates
    
    There are cases when net80211 calls into crypto updates with the
    ic lock held (not (just) the nt lock).  We have to unlock that as
    well and track the unlock like we do for the nt to avoid panics
    when we later can sleep (on the wiphy [sx] lock).
    
    Sponsored by:   The FreeBSD Foundation
    Reported by:    rm
    Tested by:      rm
    PR:             285729
    Fixes:          b8dfc3ecf703
    Differential Revision: https://reviews.freebsd.org/D49791
    
    (cherry picked from commit a6165709e3c8ba4a0bee18aead6ca8ea2b033933)
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 51 ++++++++++++++++++----------
 sys/compat/linuxkpi/common/src/linux_80211.h |  1 +
 2 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index 5a4798f1ef1b..f9f16e0a6f8f 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -1427,7 +1427,7 @@ lkpi_iv_key_update_begin(struct ieee80211vap *vap)
 	struct lkpi_hw *lhw;
 	struct ieee80211_hw *hw;
 	struct lkpi_vif *lvif;
-	bool islocked;
+	bool icislocked, ntislocked;
 
 	ic = vap->iv_ic;
 	lhw = ic->ic_softc;
@@ -1435,28 +1435,35 @@ lkpi_iv_key_update_begin(struct ieee80211vap *vap)
 	lvif = VAP_TO_LVIF(vap);
 	nt = &ic->ic_sta;
 
-	islocked = IEEE80211_NODE_IS_LOCKED(nt);
+	icislocked = IEEE80211_IS_LOCKED(ic);
+	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
 
 #ifdef LINUXKPI_DEBUG_80211
 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
-		ic_printf(vap->iv_ic, "%s: tid %d vap %p nt %p %slocked "
-		    "lvif nt_unlocked %d\n", __func__, curthread->td_tid,
-		    vap, nt, islocked ? "" : "un", lvif->nt_unlocked);
+		ic_printf(ic, "%s: tid %d vap %p ic %p %slocked nt %p %slocked "
+		    "lvif ic_unlocked %d nt_unlocked %d\n", __func__,
+		    curthread->td_tid, vap,
+		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
+		    lvif->ic_unlocked, lvif->nt_unlocked);
 #endif
 
 	/* This is inconsistent net80211 locking to be fixed one day. */
-	if (islocked)
+	if (icislocked)
+		IEEE80211_UNLOCK(ic);
+	if (ntislocked)
 		IEEE80211_NODE_UNLOCK(nt);
 
 	wiphy_lock(hw->wiphy);
 
 	/*
-	 * nt_unlocked could be a bool given we are under the lock and there
+	 * ic/nt_unlocked could be a bool given we are under the lock and there
 	 * must only be a single thread.
 	 * In case anything in the future disturbs the order the refcnt will
 	 * help us catching problems a lot easier.
 	 */
-	if (islocked)
+	if (icislocked)
+		refcount_acquire(&lvif->ic_unlocked);
+	if (ntislocked)
 		refcount_acquire(&lvif->nt_unlocked);
 }
 
@@ -1468,7 +1475,7 @@ lkpi_iv_key_update_end(struct ieee80211vap *vap)
 	struct lkpi_hw *lhw;
 	struct ieee80211_hw *hw;
 	struct lkpi_vif *lvif;
-	bool islocked;
+	bool icislocked, ntislocked;
 
 	ic = vap->iv_ic;
 	lhw = ic->ic_softc;
@@ -1476,14 +1483,18 @@ lkpi_iv_key_update_end(struct ieee80211vap *vap)
 	lvif = VAP_TO_LVIF(vap);
 	nt = &ic->ic_sta;
 
-	islocked = IEEE80211_NODE_IS_LOCKED(nt);
-	MPASS(!islocked);
+	icislocked = IEEE80211_IS_LOCKED(ic);
+	MPASS(!icislocked);
+	ntislocked = IEEE80211_NODE_IS_LOCKED(nt);
+	MPASS(!ntislocked);
 
 #ifdef LINUXKPI_DEBUG_80211
 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
-		ic_printf(vap->iv_ic, "%s: tid %d vap %p nt %p %slocked "
-		    "lvif nt_unlocked %d\n", __func__, curthread->td_tid,
-		    vap, nt, islocked ? "" : "un", lvif->nt_unlocked);
+		ic_printf(ic, "%s: tid %d vap %p ic %p %slocked nt %p %slocked "
+		    "lvif ic_unlocked %d nt_unlocked %d\n", __func__,
+		    curthread->td_tid, vap,
+		    ic, icislocked ? "" : "un", nt, ntislocked ? "" : "un",
+		    lvif->ic_unlocked, lvif->nt_unlocked);
 #endif
 
 	/*
@@ -1491,11 +1502,17 @@ lkpi_iv_key_update_end(struct ieee80211vap *vap)
 	 * In case the refcnt gets out of sync locking in net80211 will
 	 * quickly barf as well (trying to unlock a lock not held).
 	 */
-	islocked = refcount_release_if_last(&lvif->nt_unlocked);
+	icislocked = refcount_release_if_last(&lvif->ic_unlocked);
+	ntislocked = refcount_release_if_last(&lvif->nt_unlocked);
 	wiphy_unlock(hw->wiphy);
 
-	/* This is inconsistent net80211 locking to be fixed one day. */
-	if (islocked)
+	/*
+	 * This is inconsistent net80211 locking to be fixed one day.
+	 * ic before nt to avoid a LOR.
+	 */
+	if (icislocked)
+		IEEE80211_LOCK(ic);
+	if (ntislocked)
 		IEEE80211_NODE_LOCK(nt);
 }
 #endif
diff --git a/sys/compat/linuxkpi/common/src/linux_80211.h b/sys/compat/linuxkpi/common/src/linux_80211.h
index da377280b1c0..ebf02994af47 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.h
+++ b/sys/compat/linuxkpi/common/src/linux_80211.h
@@ -187,6 +187,7 @@ struct lkpi_vif {
 
 	struct lkpi_sta		*lvif_bss;
 
+	int			ic_unlocked;			/* Count of ic unlocks pending (*mo_set_key) */
 	int			nt_unlocked;			/* Count of nt unlocks pending (*mo_set_key) */
 	bool			lvif_bss_synched;
 	bool			added_to_drv;			/* Driver knows; i.e. we called add_interface(). */