CVE-2024-47724

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: use work queue to process beacon tx event

Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch static checker warning:

drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11kwmip2pgobcn_ie() warn: sleeping in atomic context

The reason is that ath11kbcntxstatusevent() will directly call might sleep function ath11kwmicmd_send() during RCU read-side critical sections. The call trace is like:

ath11kbcntxstatusevent() -> rcureadlock() -> ath11kmacbcntxevent() -> ath11kmacsetupbcntmpl() …… -> ath11kwmibcntmpl() -> ath11kwmicmdsend() -> rcureadunlock()

Commit 886433a98425 ("ath11k: add support for BSS color change") added the ath11kmacbcntxevent(), commit 01e782c89108 ("ath11k: fix warning of RCU usage for ath11kmacgetarvifbyvdevid()") added the RCU lock to avoid warning but also introduced this BUG.

Use work queue to avoid directly calling ath11kmacbcntxevent() during RCU critical sections. No need to worry about the deletion of vif because cancelworksync() will drop the work if it doesn't start or block vif deletion until the running work is done.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPLV1V2SILICONZLITE-3.6510.30