* [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure
@ 2020-02-05 8:31 ` Venkateswara Rao Naralasetty
0 siblings, 0 replies; 4+ messages in thread
From: Venkateswara Rao Naralasetty @ 2020-02-05 8:31 UTC (permalink / raw)
To: ath11k; +Cc: linux-wireless, Vikas Patel, Venkateswara Naralasetty
From: Vikas Patel <vikpatel@codeaurora.org>
When there is WMI command failure, 'peer->sta' was not getting
cleaned up, and mac80211 frees the 'sta' memory, which is causing
the below page fault.
Cleaning up the sta pointer in ath11k whenever peer delete command
is sent.
Unable to handle kernel paging request at virtual address 200080000006a
pgd = ffffffc02a774000
[200080000006a] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
.
.
.
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1
Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT)
task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0
PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k]
LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k]
pc : [<ffffffbffcf8e544>] lr : [<ffffffbffcf8e518>] pstate: 60000145
sp : ffffffc000833a30
Signed-off-by: Vikas Patel <vikpatel@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 6640662..4868c83 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -2786,6 +2786,7 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw,
struct ath11k *ar = hw->priv;
struct ath11k_vif *arvif = ath11k_vif_to_arvif(vif);
struct ath11k_sta *arsta = (struct ath11k_sta *)sta->drv_priv;
+ struct ath11k_peer *peer;
int ret = 0;
/* cancel must be done outside the mutex to avoid deadlock */
@@ -2818,6 +2819,17 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw,
sta->addr, arvif->vdev_id);
ath11k_mac_dec_num_stations(arvif, sta);
+ spin_lock_bh(&ar->ab->base_lock);
+ peer = ath11k_peer_find(ar->ab, arvif->vdev_id, sta->addr);
+ if (peer && peer->sta == sta) {
+ ath11k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n",
+ vif->addr, arvif->vdev_id);
+ peer->sta = NULL;
+ list_del(&peer->list);
+ kfree(peer);
+ ar->num_peers--;
+ }
+ spin_unlock_bh(&ar->ab->base_lock);
kfree(arsta->tx_stats);
arsta->tx_stats = NULL;
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure
@ 2020-02-05 8:31 ` Venkateswara Rao Naralasetty
0 siblings, 0 replies; 4+ messages in thread
From: Venkateswara Rao Naralasetty @ 2020-02-05 8:31 UTC (permalink / raw)
To: ath11k; +Cc: Vikas Patel, linux-wireless, Venkateswara Naralasetty
From: Vikas Patel <vikpatel@codeaurora.org>
When there is WMI command failure, 'peer->sta' was not getting
cleaned up, and mac80211 frees the 'sta' memory, which is causing
the below page fault.
Cleaning up the sta pointer in ath11k whenever peer delete command
is sent.
Unable to handle kernel paging request at virtual address 200080000006a
pgd = ffffffc02a774000
[200080000006a] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
.
.
.
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1
Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT)
task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0
PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k]
LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k]
pc : [<ffffffbffcf8e544>] lr : [<ffffffbffcf8e518>] pstate: 60000145
sp : ffffffc000833a30
Signed-off-by: Vikas Patel <vikpatel@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 6640662..4868c83 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -2786,6 +2786,7 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw,
struct ath11k *ar = hw->priv;
struct ath11k_vif *arvif = ath11k_vif_to_arvif(vif);
struct ath11k_sta *arsta = (struct ath11k_sta *)sta->drv_priv;
+ struct ath11k_peer *peer;
int ret = 0;
/* cancel must be done outside the mutex to avoid deadlock */
@@ -2818,6 +2819,17 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw,
sta->addr, arvif->vdev_id);
ath11k_mac_dec_num_stations(arvif, sta);
+ spin_lock_bh(&ar->ab->base_lock);
+ peer = ath11k_peer_find(ar->ab, arvif->vdev_id, sta->addr);
+ if (peer && peer->sta == sta) {
+ ath11k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n",
+ vif->addr, arvif->vdev_id);
+ peer->sta = NULL;
+ list_del(&peer->list);
+ kfree(peer);
+ ar->num_peers--;
+ }
+ spin_unlock_bh(&ar->ab->base_lock);
kfree(arsta->tx_stats);
arsta->tx_stats = NULL;
--
2.7.4
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure
2020-02-05 8:31 ` Venkateswara Rao Naralasetty
(?)
@ 2020-02-11 18:35 ` Kalle Valo
-1 siblings, 0 replies; 4+ messages in thread
From: Kalle Valo @ 2020-02-11 18:35 UTC (permalink / raw)
To: Venkateswara Rao Naralasetty
Cc: ath11k, linux-wireless, Vikas Patel, Venkateswara Naralasetty
Venkateswara Rao Naralasetty <vnaralas@codeaurora.org> wrote:
> When there is WMI command failure, 'peer->sta' was not getting
> cleaned up, and mac80211 frees the 'sta' memory, which is causing
> the below page fault.
>
> Cleaning up the sta pointer in ath11k whenever peer delete command
> is sent.
>
> Unable to handle kernel paging request at virtual address 200080000006a
> pgd = ffffffc02a774000
> [200080000006a] *pgd=0000000000000000, *pud=0000000000000000
> Internal error: Oops: 96000004 [#1] PREEMPT SMP
> .
> .
> .
> CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1
> Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT)
> task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0
> PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k]
> LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k]
> pc : [<ffffffbffcf8e544>] lr : [<ffffffbffcf8e518>] pstate: 60000145
> sp : ffffffc000833a30
>
> Signed-off-by: Vikas Patel <vikpatel@codeaurora.org>
> Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
58595c9874c6 ath11k: Fixing dangling pointer issue upon peer delete failure
--
https://patchwork.kernel.org/patch/11365881/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure
2020-02-05 8:31 ` Venkateswara Rao Naralasetty
(?)
(?)
@ 2020-02-11 18:35 ` Kalle Valo
-1 siblings, 0 replies; 4+ messages in thread
From: Kalle Valo @ 2020-02-11 18:35 UTC (permalink / raw)
To: Venkateswara Rao Naralasetty; +Cc: Vikas Patel, linux-wireless, ath11k
Venkateswara Rao Naralasetty <vnaralas@codeaurora.org> wrote:
> When there is WMI command failure, 'peer->sta' was not getting
> cleaned up, and mac80211 frees the 'sta' memory, which is causing
> the below page fault.
>
> Cleaning up the sta pointer in ath11k whenever peer delete command
> is sent.
>
> Unable to handle kernel paging request at virtual address 200080000006a
> pgd = ffffffc02a774000
> [200080000006a] *pgd=0000000000000000, *pud=0000000000000000
> Internal error: Oops: 96000004 [#1] PREEMPT SMP
> .
> .
> .
> CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1
> Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT)
> task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0
> PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k]
> LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k]
> pc : [<ffffffbffcf8e544>] lr : [<ffffffbffcf8e518>] pstate: 60000145
> sp : ffffffc000833a30
>
> Signed-off-by: Vikas Patel <vikpatel@codeaurora.org>
> Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
58595c9874c6 ath11k: Fixing dangling pointer issue upon peer delete failure
--
https://patchwork.kernel.org/patch/11365881/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-02-11 18:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-05 8:31 [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure Venkateswara Rao Naralasetty
2020-02-05 8:31 ` Venkateswara Rao Naralasetty
2020-02-11 18:35 ` Kalle Valo
2020-02-11 18:35 ` Kalle Valo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.