CVE-2024-47724

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: use work queue to process beacon tx event<br /> <br /> Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")<br /> from Feb 28, 2024 (linux-next), leads to the following Smatch static<br /> checker warning:<br /> <br /> drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie()<br /> warn: sleeping in atomic context<br /> <br /> The reason is that ath11k_bcn_tx_status_event() will directly call might<br /> sleep function ath11k_wmi_cmd_send() during RCU read-side critical<br /> sections. The call trace is like:<br /> <br /> ath11k_bcn_tx_status_event()<br /> -&gt; rcu_read_lock()<br /> -&gt; ath11k_mac_bcn_tx_event()<br /> -&gt; ath11k_mac_setup_bcn_tmpl()<br /> ……<br /> -&gt; ath11k_wmi_bcn_tmpl()<br /> -&gt; ath11k_wmi_cmd_send()<br /> -&gt; rcu_read_unlock()<br /> <br /> Commit 886433a98425 ("ath11k: add support for BSS color change") added the<br /> ath11k_mac_bcn_tx_event(), commit 01e782c89108 ("ath11k: fix warning<br /> of RCU usage for ath11k_mac_get_arvif_by_vdev_id()") added the RCU lock<br /> to avoid warning but also introduced this BUG.<br /> <br /> Use work queue to avoid directly calling ath11k_mac_bcn_tx_event()<br /> during RCU critical sections. No need to worry about the deletion of vif<br /> because cancel_work_sync() will drop the work if it doesn&amp;#39;t start or<br /> block vif deletion until the running work is done.<br /> <br /> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30