CVE-2024-56607

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix atomic calls in ath12kmacopsetbitrate_mask()

When I try to manually set bitrates:

iw wlan0 set bitrates legacy-2.4 1

I get sleeping from invalid context error, see below. Fix that by switching to use recently introduced ieee80211iteratestations_mtx().

Do note that WCN6855 firmware is still crashing, I'm not sure if that firmware even supports bitrate WMI commands and should we consider disabling ath12kmacopsetbitrate_mask() for WCN6855? But that's for another patch.

BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420 inatomic(): 0, irqsdisabled(): 0, nonblock: 0, pid: 2236, name: iw preemptcount: 0, expected: 0 RCU nest depth: 1, expected: 0 3 locks held by iw/2236: #0: ffffffffabc6f1d8 (cblock){++++}-{3:3}, at: genlrcv+0x14/0x40 #1: ffff888138410810 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211predoit+0x54d/0x800 [cfg80211] #2: ffffffffab2cfaa0 (rcureadlock){....}-{1:2}, at: ieee80211iteratestationsatomic+0x2f/0x200 [mac80211] CPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772 Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 Call Trace: <TASK> dumpstacklvl+0xa4/0xe0 dumpstack+0x10/0x20 mightresched+0x363/0x5a0 ? _allocskb+0x165/0x340 _mightsleep+0xad/0x160 ath12kwmicmdsend+0xb1/0x3d0 [ath12k] ? ath12kwmiinitwcn7850+0xa40/0xa40 [ath12k] ? _netdevallocskb+0x45/0x7b0 ? _asanmemset+0x39/0x40 ? ath12kwmiallocskb+0xf0/0x150 [ath12k] ? reacquireheldlocks+0x4d0/0x4d0 ath12kwmisetpeerparam+0x340/0x5b0 [ath12k] ath12kmacdisablepeerfixedrate+0xa3/0x110 [ath12k] ? ath12kmacvdevstop+0x4f0/0x4f0 [ath12k] ieee80211iteratestationsatomic+0xd4/0x200 [mac80211] ath12kmacopsetbitratemask+0x5d2/0x1080 [ath12k] ? ath12kmacvifchan+0x320/0x320 [ath12k] drvsetbitratemask+0x267/0x470 [mac80211] ieee80211setbitratemask+0x4cc/0x8a0 [mac80211] ? _thiscpupreemptcheck+0x13/0x20 nl80211settxbitratemask+0x2bc/0x530 [cfg80211] ? nl80211parsetxbitratemask+0x2320/0x2320 [cfg80211] ? tracecontentionend+0xef/0x140 ? rtnlunlock+0x9/0x10 ? nl80211predoit+0x557/0x800 [cfg80211] genlfamilyrcvmsgdoit+0x1f0/0x2e0 ? genlfamilyrcvmsgattrsparse.isra.0+0x250/0x250 ? nscapable+0x57/0xd0 genlfamilyrcvmsg+0x34c/0x600 ? genlfamilyrcvmsgdumpit+0x310/0x310 ? _lockacquire+0xc62/0x1de0 ? hesetmcsmask.isra.0+0x8d0/0x8d0 [cfg80211] ? nl80211parsetxbitratemask+0x2320/0x2320 [cfg80211] ? cfg80211externalauthrequest+0x690/0x690 [cfg80211] genlrcvmsg+0xa0/0x130 netlinkrcvskb+0x14c/0x400 ? genlfamilyrcvmsg+0x600/0x600 ? netlinkack+0xd70/0xd70 ? rwsemoptimisticspin+0x4f0/0x4f0 ? genlrcv+0x14/0x40 ? downreadkillable+0x580/0x580 ? netlinkdelivertap+0x13e/0x350 ? _thiscpupreemptcheck+0x13/0x20 genlrcv+0x23/0x40 netlinkunicast+0x45e/0x790 ? netlinkattachskb+0x7f0/0x7f0 netlinksendmsg+0x7eb/0xdb0 ? netlinkunicast+0x790/0x790 ? _thiscpupreemptcheck+0x13/0x20 ? selinuxsocketsendmsg+0x31/0x40 ? netlinkunicast+0x790/0x790 _socksendmsg+0xc9/0x160 _syssendmsg+0x620/0x990 ? kernelsendmsg+0x30/0x30 ? copymsghdr+0x410/0x410 ? _kasancheckread+0x11/0x20 ? marklock+0xe6/0x1470 _syssendmsg+0xe9/0x170 ? copymsghdrfromuser+0x120/0x120 ? _lockacquire+0xc62/0x1de0 ? dofaultaround+0x2c6/0x4e0 ? douseraddrfault+0x8c1/0xde0 ? reacquireheldlocks+0x220/0x4d0 ? douseraddrfault+0x8c1/0xde0 ? _kasancheckread+0x11/0x20 ? _fdget+0x4e/0x1d0 ? sockfdlookuplight+0x1a/0x170 _syssendmsg+0xd2/0x180 ? _syssendmsgsock+0x20/0x20 ? reacquireheldlocks+0x4d0/0x4d0 ? debugsmpprocessorid+0x17/0x20 _x64syssendmsg+0x72/0xb0 ? lockdephardirqson+0x7d/0x100 x64syscall+0x894/0x9f0 dosyscall64+0x64/0x130 entrySYSCALL64after ---truncated---