From patchwork Tue Apr 26 16:05:48 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akolli@qti.qualcomm.com X-Patchwork-Id: 8940651 Return-Path: X-Original-To: patchwork-ath10k@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 472B9BF29F for ; Tue, 26 Apr 2016 16:03:37 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 71813201E4 for ; Tue, 26 Apr 2016 16:03:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 26A4B20219 for ; Tue, 26 Apr 2016 16:03:34 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1av5SM-0002jR-QE; Tue, 26 Apr 2016 16:03:22 +0000 Received: from wolverine01.qualcomm.com ([199.106.114.254]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1av5SD-0002Kb-P8 for ath10k@lists.infradead.org; Tue, 26 Apr 2016 16:03:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1461686593; x=1493222593; h=from:to:cc:subject:date:message-id:mime-version; bh=tl35Xm7H3HxFn0JINcD2U3ue8QxlNiPg2jXLf3ACWHQ=; b=kH/CapaqVAqy2RVl6YeX5trwpQ2UlC9wyXYK9XpjYqxQ/5UGWQhiOaUr j4qDbfCV4wJgtzAZaZefg6dm9xfs3nO9AmCRuoChrCkfwvAjwxYB0qSyJ ZhgmbD+uT/X9B7PixLo36ArlBlpzD9m42EzMa7996YeEA3C8JFx7Ii+82 U=; X-IronPort-AV: E=Sophos;i="5.24,537,1455004800"; d="scan'208";a="188560905" Received: from ironmsg03-l-new.qualcomm.com (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Apr 2016 09:02:52 -0700 X-IronPort-AV: E=McAfee;i="5700,7163,8147"; a="1138880919" Received: from nasanexm02e.na.qualcomm.com ([10.85.0.86]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 26 Apr 2016 09:02:52 -0700 Received: from aphydexm01a.ap.qualcomm.com (10.252.127.10) by nasanexm02e.na.qualcomm.com (10.85.0.86) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 26 Apr 2016 09:02:51 -0700 Received: from localhost (10.80.80.8) by aphydexm01a.ap.qualcomm.com (10.252.127.10) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 26 Apr 2016 21:32:19 +0530 From: To: Subject: [PATCH] ath10k: fix kernel panic, move arvifs list head init before htt init Date: Tue, 26 Apr 2016 21:35:48 +0530 Message-ID: <1461686748-862-1-git-send-email-akolli@qti.qualcomm.com> X-Mailer: git-send-email 1.7.9.5 MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: NASANEXM01F.na.qualcomm.com (10.85.0.32) To aphydexm01a.ap.qualcomm.com (10.252.127.10) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160426_090313_932010_866DFA8B X-CRM114-Status: GOOD ( 10.09 ) X-Spam-Score: -8.0 (--------) X-BeenThere: ath10k@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Anilkumar Kolli , akolli@codeaurora.org, linux-wireless@vger.kernel.org, stable@vger.kernel.org Sender: "ath10k" Errors-To: ath10k-bounces+patchwork-ath10k=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Anilkumar Kolli It is observed that while loading and unloading ath10k modules in an infinite loop, before ath10k_core_start() completion HTT rx frames are received, while processing these frames, dereferencing the arvifs list code is getting hit before initilizing the arvifs list, causing a kernel panic. This patch initilizes the arvifs list before initilizing htt. Fixes the below issue: [] (ath10k_htt_rx_pktlog_completion_handler+0x278/0xd08 [ath10k_core]) [] (ath10k_htt_rx_pktlog_completion_handler [ath10k_core]) [] (ath10k_htt_txrx_compl_task+0x5f4/0xeb0 [ath10k_core]) [] (ath10k_htt_txrx_compl_task [ath10k_core]) [] (tasklet_action+0x8c/0xec) [] (tasklet_action) [] (__do_softirq+0xf8/0x228) [] (__do_softirq) [] (run_ksoftirqd+0x30/0x90) Code: e5954ad8 e2899008 e1540009 0a00000d (e5943008) ---[ end trace 71de5c2e011dbf56 ]--- Kernel panic - not syncing: Fatal exception in interrupt Fixes: 500ff9f9389d ("ath10k: implement chanctx API") Cc: stable@vger.kernel.org Signed-off-by: Anilkumar Kolli --- drivers/net/wireless/ath/ath10k/core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/core.c b/drivers/net/wireless/ath/ath10k/core.c index b2c7fe3d30a4..83e02f292828 100644 --- a/drivers/net/wireless/ath/ath10k/core.c +++ b/drivers/net/wireless/ath/ath10k/core.c @@ -1822,6 +1822,10 @@ int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode) goto err_hif_stop; } + ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1; + + INIT_LIST_HEAD(&ar->arvifs); + /* we don't care about HTT in UTF mode */ if (mode == ATH10K_FIRMWARE_MODE_NORMAL) { status = ath10k_htt_setup(&ar->htt); @@ -1835,10 +1839,6 @@ int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode) if (status) goto err_hif_stop; - ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1; - - INIT_LIST_HEAD(&ar->arvifs); - return 0; err_hif_stop: