From patchwork Wed Feb 5 08:31:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkateswara Naralasetty X-Patchwork-Id: 11365879 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 387B31395 for ; Wed, 5 Feb 2020 08:32:24 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1616A20730 for ; Wed, 5 Feb 2020 08:32:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="imEcy7Nr"; dkim=fail reason="key not found in DNS" (0-bit key) header.d=mg.codeaurora.org header.i=@mg.codeaurora.org header.b="WwPkiUFS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1616A20730 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=ath11k-bounces+patchwork-ath11k=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=hPvErZAkvkmHFCFV5+RgY7YPJvZpT5nONIh2pf9zx6Q=; b=imE cy7Nrs8ljIQXNPZwGvdITrTE011E2SA8BABjEzQ5QEfbHBPh9iPOMlFpiFqRgIhHt5CBb666LEV9k u2Hr52ASO7igrIoxHdOmYO010wWuMA/BpBIwqkeyDEcr3Ge5DKsEbNOYKrZaJFffnW/qBvzL5jquG Ir4lloeMcpygyAHyjYlps3Cp8Aybs3suuwcq/yMLg1Npu1fxoXbfvSSwTr68AnlymlUh8enxlyXxJ IsVFmwoUjTQZ8QAURxNpx/b1iSw9UAm/ds0hy3lCCEXj2j+V3EXE3pMERZf2TerfcjZGcJN0LEMcj fyK+l0IxTw4fgs06zXIpn16n+kICfbQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izG6g-0004ty-50; Wed, 05 Feb 2020 08:32:22 +0000 Received: from mail26.static.mailgun.info ([104.130.122.26]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1izG6c-0004ta-8g for ath11k@lists.infradead.org; Wed, 05 Feb 2020 08:32:20 +0000 DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt; s=smtp; t=1580891539; h=Message-Id: Date: Subject: Cc: To: From: Sender; bh=jYeXu8Bq1N/yKhVNgvvndQG64TjmW7ULdklQC4cBpwk=; b=WwPkiUFSFUfQJm3jKlrM5nkQlWiVsMexsAogwRoWLRawa+Sitn64WQYWbVp/MJPRyt7xw91F TH91plnC3enFSW8kivoLIGvNQJy3MmW2PsELiqP4PiE8KtMLAYIj/0O8Gajpj2rSgbijKGNo F8aT4RRqKzSHHj2kjl3KI45B7qs= X-Mailgun-Sending-Ip: 104.130.122.26 X-Mailgun-Sid: WyJmOGQ2ZiIsICJhdGgxMWtAbGlzdHMuaW5mcmFkZWFkLm9yZyIsICJiZTllNGEiXQ== Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by mxa.mailgun.org with ESMTP id 5e3a7d8e.7fa81e5167d8-smtp-out-n01; Wed, 05 Feb 2020 08:32:14 -0000 (UTC) Received: by smtp.codeaurora.org (Postfix, from userid 1001) id 29E24C433CB; Wed, 5 Feb 2020 08:32:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=2.0 tests=ALL_TRUSTED,SPF_NONE autolearn=ham autolearn_force=no version=3.4.0 Received: from vnaralas-linux.qualcomm.com (blr-c-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: vnaralas) by smtp.codeaurora.org (Postfix) with ESMTPSA id 3AD42C43383; Wed, 5 Feb 2020 08:32:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 3AD42C43383 Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=none smtp.mailfrom=vnaralas@codeaurora.org From: Venkateswara Rao Naralasetty To: ath11k@lists.infradead.org Subject: [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure Date: Wed, 5 Feb 2020 14:01:55 +0530 Message-Id: <1580891515-15054-1-git-send-email-vnaralas@codeaurora.org> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200205_003219_498776_E4980E5F X-CRM114-Status: GOOD ( 10.30 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [104.130.122.26 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [104.130.122.26 listed in wl.mailspike.net] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: ath11k@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Vikas Patel , linux-wireless@vger.kernel.org, Venkateswara Naralasetty MIME-Version: 1.0 Sender: "ath11k" Errors-To: ath11k-bounces+patchwork-ath11k=patchwork.kernel.org@lists.infradead.org From: Vikas Patel When there is WMI command failure, 'peer->sta' was not getting cleaned up, and mac80211 frees the 'sta' memory, which is causing the below page fault. Cleaning up the sta pointer in ath11k whenever peer delete command is sent. Unable to handle kernel paging request at virtual address 200080000006a pgd = ffffffc02a774000 [200080000006a] *pgd=0000000000000000, *pud=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP . . . CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1 Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT) task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0 PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k] LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k] pc : [] lr : [] pstate: 60000145 sp : ffffffc000833a30 Signed-off-by: Vikas Patel Signed-off-by: Venkateswara Naralasetty --- drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c index 6640662..4868c83 100644 --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c @@ -2786,6 +2786,7 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw, struct ath11k *ar = hw->priv; struct ath11k_vif *arvif = ath11k_vif_to_arvif(vif); struct ath11k_sta *arsta = (struct ath11k_sta *)sta->drv_priv; + struct ath11k_peer *peer; int ret = 0; /* cancel must be done outside the mutex to avoid deadlock */ @@ -2818,6 +2819,17 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw, sta->addr, arvif->vdev_id); ath11k_mac_dec_num_stations(arvif, sta); + spin_lock_bh(&ar->ab->base_lock); + peer = ath11k_peer_find(ar->ab, arvif->vdev_id, sta->addr); + if (peer && peer->sta == sta) { + ath11k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n", + vif->addr, arvif->vdev_id); + peer->sta = NULL; + list_del(&peer->list); + kfree(peer); + ar->num_peers--; + } + spin_unlock_bh(&ar->ab->base_lock); kfree(arsta->tx_stats); arsta->tx_stats = NULL;