diff mbox series

mt76: fix uninitialized mutex access setting rts threshold

Message ID 1cfa6dca73f1d81595f061ded6275293c6e96b75.1541847014.git.lorenzo.bianconi@redhat.com (mailing list archive)
State Accepted
Commit 1770f0fa978ed691a454fa9d3ba903d5a70630cc
Delegated to: Kalle Valo
Headers show
Series mt76: fix uninitialized mutex access setting rts threshold | expand

Commit Message

Lorenzo Bianconi Nov. 10, 2018, 11:03 a.m. UTC 
Fix following crash due to a leftover uninitialized mutex access
in mt76x2_set_rts_threshold routine.

[   31.018059] Call Trace:
[   31.018341]  register_lock_class+0x51f/0x530
[   31.018828]  __lock_acquire+0x6c/0x1580
[   31.019247]  lock_acquire+0x88/0x120
[   31.021089]  __mutex_lock+0x4a/0x4f0
[   31.023343]  mt76x2_set_rts_threshold+0x28/0x50
[   31.023831]  ieee80211_set_wiphy_params+0x16d/0x4e0
[   31.024344]  nl80211_set_wiphy+0x72b/0xbc0
[   31.024781]  genl_family_rcv_msg+0x192/0x3a0
[   31.025233]  genl_rcv_msg+0x42/0x89
[   31.026079]  netlink_rcv_skb+0x38/0x100
[   31.026475]  genl_rcv+0x1f/0x30
[   31.026804]  netlink_unicast+0x19c/0x250
[   31.027212]  netlink_sendmsg+0x1ed/0x390
[   31.027615]  sock_sendmsg+0x31/0x40
[   31.027973]  ___sys_sendmsg+0x23c/0x280
[   31.030414]  __sys_sendmsg+0x42/0x80
[   31.030783]  do_syscall_64+0x4a/0x170
[   31.031160]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.031677] RIP: 0033:0x7f3498b39ba7
[   31.033953] RSP: 002b:00007fffe19675b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   31.034883] RAX: ffffffffffffffda RBX: 00000000012d5350 RCX: 00007f3498b39ba7
[   31.035756] RDX: 0000000000000000 RSI: 00007fffe19675f0 RDI: 0000000000000003
[   31.036587] RBP: 00000000012da740 R08: 0000000000000002 R09: 0000000000000000
[   31.037422] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000012da880
[   31.038252] R13: 00007fffe19675f0 R14: 00007fffe19678c0 R15: 00000000012da880

Fixes: 108a4861ef19 ("mt76: create new mt76x02-lib module for common
mt76x{0,2} code")
Reported-by: lorenzo.trisolini@fluidmesh.com
Reported-by: luca.bisti@fluidmesh.com
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
This patch is for 4.20
---
 drivers/net/wireless/mediatek/mt76/mt76x02.h         | 1 -
 drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

Comments

Kalle Valo Nov. 12, 2018, 5:50 a.m. UTC | #1 
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> writes:

> Fix following crash due to a leftover uninitialized mutex access
> in mt76x2_set_rts_threshold routine.
>
> [   31.018059] Call Trace:
> [   31.018341]  register_lock_class+0x51f/0x530
> [   31.018828]  __lock_acquire+0x6c/0x1580
> [   31.019247]  lock_acquire+0x88/0x120
> [   31.021089]  __mutex_lock+0x4a/0x4f0
> [   31.023343]  mt76x2_set_rts_threshold+0x28/0x50
> [   31.023831]  ieee80211_set_wiphy_params+0x16d/0x4e0
> [   31.024344]  nl80211_set_wiphy+0x72b/0xbc0
> [   31.024781]  genl_family_rcv_msg+0x192/0x3a0
> [   31.025233]  genl_rcv_msg+0x42/0x89
> [   31.026079]  netlink_rcv_skb+0x38/0x100
> [   31.026475]  genl_rcv+0x1f/0x30
> [   31.026804]  netlink_unicast+0x19c/0x250
> [   31.027212]  netlink_sendmsg+0x1ed/0x390
> [   31.027615]  sock_sendmsg+0x31/0x40
> [   31.027973]  ___sys_sendmsg+0x23c/0x280
> [   31.030414]  __sys_sendmsg+0x42/0x80
> [   31.030783]  do_syscall_64+0x4a/0x170
> [   31.031160]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> [   31.031677] RIP: 0033:0x7f3498b39ba7
> [   31.033953] RSP: 002b:00007fffe19675b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> [   31.034883] RAX: ffffffffffffffda RBX: 00000000012d5350 RCX: 00007f3498b39ba7
> [   31.035756] RDX: 0000000000000000 RSI: 00007fffe19675f0 RDI: 0000000000000003
> [   31.036587] RBP: 00000000012da740 R08: 0000000000000002 R09: 0000000000000000
> [   31.037422] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000012da880
> [   31.038252] R13: 00007fffe19675f0 R14: 00007fffe19678c0 R15: 00000000012da880
>
> Fixes: 108a4861ef19 ("mt76: create new mt76x02-lib module for common
> mt76x{0,2} code")
> Reported-by: lorenzo.trisolini@fluidmesh.com
> Reported-by: luca.bisti@fluidmesh.com
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

This should be v2, but no need to resend.

> This patch is for 4.20

Ok, I'll queue this for that release.
Kalle Valo Nov. 16, 2018, 1:16 p.m. UTC | #2 
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote:

> Fix following crash due to a leftover uninitialized mutex access
> in mt76x2_set_rts_threshold routine.
> 
> [   31.018059] Call Trace:
> [   31.018341]  register_lock_class+0x51f/0x530
> [   31.018828]  __lock_acquire+0x6c/0x1580
> [   31.019247]  lock_acquire+0x88/0x120
> [   31.021089]  __mutex_lock+0x4a/0x4f0
> [   31.023343]  mt76x2_set_rts_threshold+0x28/0x50
> [   31.023831]  ieee80211_set_wiphy_params+0x16d/0x4e0
> [   31.024344]  nl80211_set_wiphy+0x72b/0xbc0
> [   31.024781]  genl_family_rcv_msg+0x192/0x3a0
> [   31.025233]  genl_rcv_msg+0x42/0x89
> [   31.026079]  netlink_rcv_skb+0x38/0x100
> [   31.026475]  genl_rcv+0x1f/0x30
> [   31.026804]  netlink_unicast+0x19c/0x250
> [   31.027212]  netlink_sendmsg+0x1ed/0x390
> [   31.027615]  sock_sendmsg+0x31/0x40
> [   31.027973]  ___sys_sendmsg+0x23c/0x280
> [   31.030414]  __sys_sendmsg+0x42/0x80
> [   31.030783]  do_syscall_64+0x4a/0x170
> [   31.031160]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> [   31.031677] RIP: 0033:0x7f3498b39ba7
> [   31.033953] RSP: 002b:00007fffe19675b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> [   31.034883] RAX: ffffffffffffffda RBX: 00000000012d5350 RCX: 00007f3498b39ba7
> [   31.035756] RDX: 0000000000000000 RSI: 00007fffe19675f0 RDI: 0000000000000003
> [   31.036587] RBP: 00000000012da740 R08: 0000000000000002 R09: 0000000000000000
> [   31.037422] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000012da880
> [   31.038252] R13: 00007fffe19675f0 R14: 00007fffe19678c0 R15: 00000000012da880
> 
> Fixes: 108a4861ef19 ("mt76: create new mt76x02-lib module for common mt76x{0,2} code")
> Reported-by: lorenzo.trisolini@fluidmesh.com
> Reported-by: luca.bisti@fluidmesh.com
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

Patch applied to wireless-drivers.git, thanks.

1770f0fa978e mt76: fix uninitialized mutex access setting rts threshold
diff mbox series

Patch

diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02.h b/drivers/net/wireless/mediatek/mt76/mt76x02.h
index 47c42c607964..7806963b1905 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x02.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02.h
@@ -71,7 +71,6 @@  struct mt76x02_dev {
 	struct mac_address macaddr_list[8];
 
 	struct mutex phy_mutex;
-	struct mutex mutex;
 
 	u8 txdone_seq;
 	DECLARE_KFIFO_PTR(txstatus_fifo, struct mt76x02_tx_status);
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c b/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c
index 034a06295668..3f001bd6806c 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c
@@ -272,9 +272,9 @@  mt76x2_set_rts_threshold(struct ieee80211_hw *hw, u32 val)
 	if (val != ~0 && val > 0xffff)
 		return -EINVAL;
 
-	mutex_lock(&dev->mutex);
+	mutex_lock(&dev->mt76.mutex);
 	mt76x2_mac_set_tx_protection(dev, val);
-	mutex_unlock(&dev->mutex);
+	mutex_unlock(&dev->mt76.mutex);
 
 	return 0;
 }