drivers: wifi: Add VIF locking to public APIs

krish2718 · rlubos · commit 4fb3ef38c222 · 2024-02-08T15:03:22.000+01:00
To fix crashes during interface de-init, add a lock + NULL check before
de-referencing FMAC handle and invoking FMAC APIs. As this is expected
during de-init only debug logs are used. Also, fix the NULL checks to
return early before the mutex lock to keep the code clean (And add
missing NULL checks too).

Ideally a locking mechanism like RCU is perfect for this and low
overhead, but we don't have that in Zephyr.

Fixes SHEL-2436.

Signed-off-by: Chaitanya Tata &lt;Chaitanya.Tata@nordicsemi.no&gt;
diff --git a/drivers/wifi/nrf700x/src/net_if.c b/drivers/wifi/nrf700x/src/net_if.c
@@ -199,8 +199,7 @@ int nrf_wifi_if_send(const struct device *dev,
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
-
-	if (!rpu_ctx_zep->rpu_ctx) {
+	if (!rpu_ctx_zep || !rpu_ctx_zep->rpu_ctx) {
 		goto unlock;
 	}
 
diff --git a/drivers/wifi/nrf700x/src/wifi_mgmt.c b/drivers/wifi/nrf700x/src/wifi_mgmt.c
@@ -36,20 +36,26 @@ int nrf_wifi_set_power_save(const struct device *dev,
 
 	if (!dev || !params) {
 		LOG_ERR("%s: dev or params is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	vif_ctx_zep = dev->data;
 
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
 
 	if (!rpu_ctx_zep) {
 		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
 		goto out;
 	}
 
@@ -123,6 +129,7 @@ int nrf_wifi_set_power_save(const struct device *dev,
 
 	ret = 0;
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 
@@ -137,14 +144,14 @@ int nrf_wifi_get_power_save_config(const struct device *dev,
 	int count = 0;
 
 	if (!dev || !ps_config) {
-		goto out;
+		return ret;
 	}
 
 	vif_ctx_zep = dev->data;
 
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	if ((vif_ctx_zep->if_type != NRF_WIFI_IFTYPE_STATION)
@@ -154,10 +161,21 @@ int nrf_wifi_get_power_save_config(const struct device *dev,
 	    ) {
 		LOG_ERR("%s: Operation supported only in STA enabled mode",
 			__func__);
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
+	if (!rpu_ctx_zep) {
+		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
+		goto out;
+	}
+
 	fmac_dev_ctx = rpu_ctx_zep->rpu_ctx;
 
 	if (!rpu_ctx_zep) {
@@ -194,6 +212,7 @@ int nrf_wifi_get_power_save_config(const struct device *dev,
 
 	ret = 0;
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 
@@ -401,15 +420,19 @@ int nrf_wifi_twt_teardown_flows(struct nrf_wifi_vif_ctx_zep *vif_ctx_zep,
 
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		ret = -1;
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
 
 	if (!rpu_ctx_zep) {
 		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
-		ret = -1;
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
 		goto out;
 	}
 
@@ -437,6 +460,7 @@ int nrf_wifi_twt_teardown_flows(struct nrf_wifi_vif_ctx_zep *vif_ctx_zep,
 	}
 
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 
@@ -450,20 +474,27 @@ int nrf_wifi_set_twt(const struct device *dev,
 	int ret = -1;
 
 	if (!dev || !twt_params) {
-		goto out;
+		LOG_ERR("%s: dev or twt_params is NULL", __func__);
+		return ret;
 	}
 
 	vif_ctx_zep = dev->data;
 
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
 
 	if (!rpu_ctx_zep) {
 		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
 		goto out;
 	}
 
@@ -553,6 +584,7 @@ int nrf_wifi_set_twt(const struct device *dev,
 
 	ret = 0;
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 
@@ -642,6 +674,12 @@ void nrf_wifi_event_proc_twt_sleep_zep(void *vif_ctx,
 		return;
 	}
 
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
+		goto out;
+	}
+
 	fmac_dev_ctx = rpu_ctx_zep->rpu_ctx;
 	def_dev_ctx = wifi_dev_priv(fmac_dev_ctx);
 	def_priv = wifi_fmac_priv(fmac_dev_ctx->fpriv);
@@ -684,6 +722,8 @@ void nrf_wifi_event_proc_twt_sleep_zep(void *vif_ctx,
 	default:
 	break;
 	}
+out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 }
 
 #ifdef CONFIG_NRF700X_SYSTEM_MODE
@@ -699,16 +739,27 @@ int nrf_wifi_mode(const struct device *dev,
 
 	if (!dev || !mode) {
 		LOG_ERR("%s: illegal input parameters", __func__);
-		goto out;
+		return ret;
 	}
 
 	vif_ctx_zep = dev->data;
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
+	if (!rpu_ctx_zep) {
+		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
+		goto out;
+	}
+
 	fmac_dev_ctx = rpu_ctx_zep->rpu_ctx;
 	def_dev_ctx = wifi_dev_priv(fmac_dev_ctx);
 
@@ -743,6 +794,7 @@ int nrf_wifi_mode(const struct device *dev,
 	}
 	ret = 0;
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 #endif
@@ -760,21 +812,32 @@ int nrf_wifi_channel(const struct device *dev,
 
 	if (!dev || !channel) {
 		LOG_ERR("%s: illegal input parameters", __func__);
-		goto out;
+		return ret;
 	}
 
 	vif_ctx_zep = dev->data;
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	if (vif_ctx_zep->authorized) {
 		LOG_ERR("%s: Cannot change channel when in station connected mode", __func__);
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
+	if (!rpu_ctx_zep) {
+		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
+		goto out;
+	}
+
 	fmac_dev_ctx = rpu_ctx_zep->rpu_ctx;
 	def_dev_ctx = wifi_dev_priv(fmac_dev_ctx);
 
@@ -797,6 +860,7 @@ int nrf_wifi_channel(const struct device *dev,
 	}
 	ret = 0;
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 #endif /* CONFIG_NRF700X_RAW_DATA_TX */
diff --git a/drivers/wifi/nrf700x/src/wifi_mgmt_scan.c b/drivers/wifi/nrf700x/src/wifi_mgmt_scan.c
@@ -56,17 +56,23 @@ int nrf_wifi_disp_scan_zep(const struct device *dev, struct wifi_scan_params *pa
 
 	if (!vif_ctx_zep) {
 		LOG_ERR("%s: vif_ctx_zep is NULL", __func__);
-		goto out;
+		return ret;
 	}
 
 	if (vif_ctx_zep->if_op_state != NRF_WIFI_FMAC_IF_OP_STATE_UP) {
 		LOG_ERR("%s: Interface not UP", __func__);
-		goto out;
+		return ret;
 	}
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
 	if (!rpu_ctx_zep) {
 		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return ret;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
 		goto out;
 	}
 
@@ -197,7 +203,7 @@ int nrf_wifi_disp_scan_zep(const struct device *dev, struct wifi_scan_params *pa
 	if (scan_info) {
 		k_free(scan_info);
 	}
-
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return ret;
 }
 
@@ -207,6 +213,16 @@ enum nrf_wifi_status nrf_wifi_disp_scan_res_get_zep(struct nrf_wifi_vif_ctx_zep
 	struct nrf_wifi_ctx_zep *rpu_ctx_zep = NULL;
 
 	rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;
+	if (!rpu_ctx_zep) {
+		LOG_ERR("%s: rpu_ctx_zep is NULL", __func__);
+		return NRF_WIFI_STATUS_FAIL;
+	}
+
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
+		goto out;
+	}
 
 	status = nrf_wifi_fmac_scan_res_get(rpu_ctx_zep->rpu_ctx,
 					    vif_ctx_zep->vif_idx,
@@ -219,6 +235,7 @@ enum nrf_wifi_status nrf_wifi_disp_scan_res_get_zep(struct nrf_wifi_vif_ctx_zep
 
 	status = NRF_WIFI_STATUS_SUCCESS;
 out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 	return status;
 }
 
@@ -368,6 +385,12 @@ void nrf_wifi_rx_bcn_prb_resp_frm(void *vif_ctx,
 		return;
 	}
 
+	k_mutex_lock(&vif_ctx_zep->vif_lock, K_FOREVER);
+	if (!rpu_ctx_zep->rpu_ctx) {
+		LOG_DBG("%s: RPU context not initialized", __func__);
+		goto out;
+	}
+
 	fmac_dev_ctx = rpu_ctx_zep->rpu_ctx;
 
 	frame_length = nrf_wifi_osal_nbuf_data_size(fmac_dev_ctx->fpriv->opriv,
@@ -397,5 +420,7 @@ void nrf_wifi_rx_bcn_prb_resp_frm(void *vif_ctx,
 	wifi_mgmt_raise_raw_scan_result_event(vif_ctx_zep->zep_net_if_ctx,
 					      &bcn_prb_resp_info);
 
+out:
+	k_mutex_unlock(&vif_ctx_zep->vif_lock);
 }
 #endif /* CONFIG_WIFI_MGMT_RAW_SCAN_RESULTS */
diff --git a/drivers/wifi/nrf700x/src/wpa_supp_if.c b/drivers/wifi/nrf700x/src/wpa_supp_if.c

Original file line number	Diff line number	Diff line change
`@@ -199,8 +199,7 @@ int nrf_wifi_if_send(const struct device *dev,`
`199`	`199`	`}`
`200`	`200`
`201`	`201`	`rpu_ctx_zep = vif_ctx_zep->rpu_ctx_zep;`
`202`		`-`
`203`		`- if (!rpu_ctx_zep->rpu_ctx) {`
	`202`	`+ if (!rpu_ctx_zep \|\| !rpu_ctx_zep->rpu_ctx) {`
`204`	`203`	`goto unlock;`
`205`	`204`	`}`
`206`	`205`