From: Ben Greear <greearb@candelatech.com>
To: Michal Kazior <michal.kazior@tieto.com>
Cc: "ath10k@lists.infradead.org" <ath10k@lists.infradead.org>,
linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH 1/3] ath10k: Ensure there are no stale ar->txqs entries.
Date: Fri, 19 Aug 2016 06:34:37 -0700 [thread overview]
Message-ID: <57B70AED.2010200@candelatech.com> (raw)
In-Reply-To: <CA+BoTQn0d1bEB662r-Yivmdk_21LhjCQjJP_GoPaj-WT2wA=1g@mail.gmail.com>
On 08/18/2016 11:59 PM, Michal Kazior wrote:
> On 19 August 2016 at 03:26, <greearb@candelatech.com> wrote:
>> From: Ben Greear <greearb@candelatech.com>
>>
>> I was seeing kernel crashes due to accessing freed memory
>> while debugging a 9984 firmware that was crashing often.
>>
>> This patch fixes the crashes. I am not certain if there
>> is a better way or not.
>>
>> Signed-off-by: Ben Greear <greearb@candelatech.com>
>> ---
>> drivers/net/wireless/ath/ath10k/mac.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
>> index 5659ef1..916119c 100644
>> --- a/drivers/net/wireless/ath/ath10k/mac.c
>> +++ b/drivers/net/wireless/ath/ath10k/mac.c
>> @@ -4172,8 +4172,10 @@ static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
>> static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
>> {
>> struct ath10k_txq *artxq = (void *)txq->drv_priv;
>> + struct ath10k_txq *tmp, *walker;
>> struct ath10k_skb_cb *cb;
>> struct sk_buff *msdu;
>> + struct ieee80211_txq *txq_tmp;
>> int msdu_id;
>>
>> if (!txq)
>> @@ -4182,6 +4184,14 @@ static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
>> spin_lock_bh(&ar->txqs_lock);
>> if (!list_empty(&artxq->list))
>> list_del_init(&artxq->list);
>> +
>> + /* Remove from ar->txqs in case it still exists there. */
>> + list_for_each_entry_safe(walker, tmp, &ar->txqs, list) {
>> + txq_tmp = container_of((void *)walker, struct ieee80211_txq,
>> + drv_priv);
>> + if (txq_tmp == txq)
>> + list_del(&walker->list);
>> + }
>
> How could this even happen? All artxq->list accesses (add/del) are
> protected by txqs_lock so this shouldn't happen, no?
>
> Do you perhaps have the logic around txqs reworked in your tree?
I don't have any significant changes as far as I can tell.
I can build you a buggy 9984 firmware to reproduce the problem if you want...
Maybe the upstream patch could WARN_ON in this case to see if anyone else
ever hits it?
I did see a comment in the mac80211 about some assumptions on the driver with
regard to station teardown...I am not 100% sure ath10k meets that assumption,
so maybe that is why I could see this problem.
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
WARNING: multiple messages have this Message-ID (diff)
From: Ben Greear <greearb@candelatech.com>
To: Michal Kazior <michal.kazior@tieto.com>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
"ath10k@lists.infradead.org" <ath10k@lists.infradead.org>
Subject: Re: [PATCH 1/3] ath10k: Ensure there are no stale ar->txqs entries.
Date: Fri, 19 Aug 2016 06:34:37 -0700 [thread overview]
Message-ID: <57B70AED.2010200@candelatech.com> (raw)
In-Reply-To: <CA+BoTQn0d1bEB662r-Yivmdk_21LhjCQjJP_GoPaj-WT2wA=1g@mail.gmail.com>
On 08/18/2016 11:59 PM, Michal Kazior wrote:
> On 19 August 2016 at 03:26, <greearb@candelatech.com> wrote:
>> From: Ben Greear <greearb@candelatech.com>
>>
>> I was seeing kernel crashes due to accessing freed memory
>> while debugging a 9984 firmware that was crashing often.
>>
>> This patch fixes the crashes. I am not certain if there
>> is a better way or not.
>>
>> Signed-off-by: Ben Greear <greearb@candelatech.com>
>> ---
>> drivers/net/wireless/ath/ath10k/mac.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
>> index 5659ef1..916119c 100644
>> --- a/drivers/net/wireless/ath/ath10k/mac.c
>> +++ b/drivers/net/wireless/ath/ath10k/mac.c
>> @@ -4172,8 +4172,10 @@ static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
>> static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
>> {
>> struct ath10k_txq *artxq = (void *)txq->drv_priv;
>> + struct ath10k_txq *tmp, *walker;
>> struct ath10k_skb_cb *cb;
>> struct sk_buff *msdu;
>> + struct ieee80211_txq *txq_tmp;
>> int msdu_id;
>>
>> if (!txq)
>> @@ -4182,6 +4184,14 @@ static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
>> spin_lock_bh(&ar->txqs_lock);
>> if (!list_empty(&artxq->list))
>> list_del_init(&artxq->list);
>> +
>> + /* Remove from ar->txqs in case it still exists there. */
>> + list_for_each_entry_safe(walker, tmp, &ar->txqs, list) {
>> + txq_tmp = container_of((void *)walker, struct ieee80211_txq,
>> + drv_priv);
>> + if (txq_tmp == txq)
>> + list_del(&walker->list);
>> + }
>
> How could this even happen? All artxq->list accesses (add/del) are
> protected by txqs_lock so this shouldn't happen, no?
>
> Do you perhaps have the logic around txqs reworked in your tree?
I don't have any significant changes as far as I can tell.
I can build you a buggy 9984 firmware to reproduce the problem if you want...
Maybe the upstream patch could WARN_ON in this case to see if anyone else
ever hits it?
I did see a comment in the mac80211 about some assumptions on the driver with
regard to station teardown...I am not 100% sure ath10k meets that assumption,
so maybe that is why I could see this problem.
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
next prev parent reply other threads:[~2016-08-19 13:34 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-19 1:26 [PATCH 1/3] ath10k: Ensure there are no stale ar->txqs entries greearb
2016-08-19 1:26 ` greearb
2016-08-19 1:26 ` [PATCH 2/3] ath10k: Grab rcu_read_lock before the txqs spinlock greearb
2016-08-19 1:26 ` greearb
2016-08-19 3:01 ` Manoharan, Rajkumar
2016-08-19 3:01 ` Manoharan, Rajkumar
2016-08-19 3:28 ` Ben Greear
2016-08-19 3:28 ` Ben Greear
2016-09-09 13:36 ` Valo, Kalle
2016-09-09 13:36 ` Valo, Kalle
2016-09-09 14:47 ` Ben Greear
2016-09-09 14:47 ` Ben Greear
2016-09-12 6:41 ` Johannes Berg
2016-09-12 6:41 ` Johannes Berg
2016-09-12 16:37 ` Ben Greear
2016-09-12 16:37 ` Ben Greear
2016-08-19 1:26 ` [PATCH 3/3] ath10k: Improve logging message greearb
2016-08-19 1:26 ` greearb
2016-08-19 6:35 ` Mohammed Shafi Shajakhan
2016-08-19 6:35 ` Mohammed Shafi Shajakhan
2016-09-09 13:30 ` Valo, Kalle
2016-09-09 13:30 ` Valo, Kalle
2016-09-13 12:29 ` [3/3] " Kalle Valo
2016-09-13 12:29 ` Kalle Valo
2016-08-19 6:59 ` [PATCH 1/3] ath10k: Ensure there are no stale ar->txqs entries Michal Kazior
2016-08-19 6:59 ` Michal Kazior
2016-08-19 13:34 ` Ben Greear [this message]
2016-08-19 13:34 ` Ben Greear
2016-12-01 22:52 ` Ben Greear
2016-12-01 22:52 ` Ben Greear
2016-12-02 0:24 ` Ben Greear
2016-12-02 0:24 ` Ben Greear
2016-12-05 8:50 ` Michal Kazior
2016-12-05 8:50 ` Michal Kazior
2016-12-05 18:19 ` Ben Greear
2016-12-05 18:19 ` Ben Greear
2016-09-09 17:25 ` Felix Fietkau
2016-09-09 17:25 ` Felix Fietkau
2016-09-09 17:46 ` Ben Greear
2016-09-09 17:46 ` Ben Greear
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57B70AED.2010200@candelatech.com \
--to=greearb@candelatech.com \
--cc=ath10k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=michal.kazior@tieto.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.