From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-lb0-f175.google.com ([209.85.217.175]:63716 "EHLO mail-lb0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752614AbaIDKqz (ORCPT ); Thu, 4 Sep 2014 06:46:55 -0400 Received: by mail-lb0-f175.google.com with SMTP id u10so11073843lbd.20 for ; Thu, 04 Sep 2014 03:46:53 -0700 (PDT) From: Michal Kazior To: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org, Michal Kazior Subject: [PATCH v3] ath10k: fix debugfs_create_dir() checking Date: Thu, 4 Sep 2014 12:36:45 +0200 Message-Id: <1409827005-3777-1-git-send-email-michal.kazior@tieto.com> (sfid-20140904_124700_157076_4321BBEE) Sender: linux-wireless-owner@vger.kernel.org List-ID: The function may return an -ENODEV if debugfs is disabled in kernel. This should originally be guarded by ath10k's Kconfig but it still makes sense to check for the non-NULL errno return value. Either this or a Kconfig patch prevents from a kernel oops due to invalid pointer dereference: BUG: unable to handle kernel NULL pointer dereference at 000000000000001d IP: [] relay_open_buf.part.9+0x1a3/0x2d0 PGD 0 Oops: 0000 [#1] SMP Modules linked in: ath10k_pci ath10k_core ath CPU: 1 PID: 6 Comm: kworker/u8:0 Tainted: G W 3.17.0-rc2-wl-ath+ #448 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: ath10k_wq ath10k_core_register_work [ath10k_core] task: ffff88001e94abc0 ti: ffff88001e988000 task.ti: ffff88001e988000 RIP: 0010:[] [] relay_open_buf.part.9+0x1a3/0x2d0 RSP: 0018:ffff88001e98bd40 EFLAGS: 00010286 RAX: ffffffffffffffed RBX: ffffc90000a01000 RCX: 0000000000001473 RDX: 0000000000000000 RSI: ffffffffffffffed RDI: ffff88001d4b1d00 RBP: ffff88001e98bd80 R08: 0000000000014860 R09: ffff88001fc94860 R10: ffffea0000752c40 R11: ffff88001e801700 R12: 0000000000000040 R13: 0000000000000200 R14: ffff88001d5b8800 R15: ffff88001d4b1e00 FS: 0000000000000000(0000) GS:ffff88001fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000000001d CR3: 000000001d4bd000 CR4: 00000000000006e0 Stack: 000000001e98bda8 0000000000000040 ffff88001d5b8800 ffff88001d5b8800 0000000000000000 0000000000000000 ffffffff81c96690 ffffffffa0025997 ffff88001e98bdc8 ffffffff810d47bf 0000000000000000 ffffffffffffffed Call Trace: [] relay_open+0x17f/0x2c0 [] ath10k_spectral_create+0x2f/0x40 [ath10k_core] [] ath10k_core_register_work+0x318/0x520 [ath10k_core] [] process_one_work+0x169/0x390 [] worker_thread+0x119/0x490 [] ? rescuer_thread+0x2b0/0x2b0 [] kthread+0xcd/0xf0 [] ? kthread_create_on_node+0x170/0x170 [] ret_from_fork+0x7c/0xb0 [] ? kthread_create_on_node+0x170/0x170 Code: 00 85 c0 74 2e 8b 55 c4 48 8b 7d d0 4c 89 fe e8 d4 fd ff ff 48 85 c0 0f 84 12 01 00 00 49 89 87 98 00 00 00 49 8b 97 d0 00 00 00 <48> 8b 40 30 48 89 50 50 8b 45 c4 be 01 00 00 00 4c 89 ff 41 89 RIP [] relay_open_buf.part.9+0x1a3/0x2d0 RSP CR2: 000000000000001d ---[ end trace 2eafd3e96c41b8e2 ]--- Note: Without a Kconfig patch ath10k with ATH10K_DEBUGFS && !DEBUG_FS will fail and refuse to register to mac80211. Reported-by: Matteo Croce Signed-off-by: Michal Kazior --- Notes: v2: * fix commit subject (sorry for the noise!) v3: * remove Kconfig patch (I accidentally amended something I shouldn't have, sorry for the noise again! I guess I need a break..) @Kalle: - this patch prevents kernel oops but ath10k will fail to load - Matteo's patch prevents kernel oops and ath10k will load fine Since mine is just an extra precaution feel free to drop all but the first paragraph of my commit message if you want to. drivers/net/wireless/ath/ath10k/debug.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/debug.c b/drivers/net/wireless/ath/ath10k/debug.c index d922ef4..ed192a5 100644 --- a/drivers/net/wireless/ath/ath10k/debug.c +++ b/drivers/net/wireless/ath/ath10k/debug.c @@ -1142,8 +1142,12 @@ int ath10k_debug_create(struct ath10k *ar) ar->debug.debugfs_phy = debugfs_create_dir("ath10k", ar->hw->wiphy->debugfsdir); - if (!ar->debug.debugfs_phy) { - ret = -ENOMEM; + if (IS_ERR_OR_NULL(ar->debug.debugfs_phy)) { + if (IS_ERR(ar->debug.debugfs_phy)) + ret = PTR_ERR(ar->debug.debugfs_phy); + else + ret = -ENOMEM; + goto err_free_fw_crash_data; } -- 1.8.5.3 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-la0-x22f.google.com ([2a00:1450:4010:c03::22f]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1XPUZQ-00057K-UF for ath10k@lists.infradead.org; Thu, 04 Sep 2014 10:47:17 +0000 Received: by mail-la0-f47.google.com with SMTP id el20so2933743lab.20 for ; Thu, 04 Sep 2014 03:46:54 -0700 (PDT) From: Michal Kazior Subject: [PATCH v3] ath10k: fix debugfs_create_dir() checking Date: Thu, 4 Sep 2014 12:36:45 +0200 Message-Id: <1409827005-3777-1-git-send-email-michal.kazior@tieto.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ath10k" Errors-To: ath10k-bounces+kvalo=adurom.com@lists.infradead.org To: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org, Michal Kazior The function may return an -ENODEV if debugfs is disabled in kernel. This should originally be guarded by ath10k's Kconfig but it still makes sense to check for the non-NULL errno return value. Either this or a Kconfig patch prevents from a kernel oops due to invalid pointer dereference: BUG: unable to handle kernel NULL pointer dereference at 000000000000001d IP: [] relay_open_buf.part.9+0x1a3/0x2d0 PGD 0 Oops: 0000 [#1] SMP Modules linked in: ath10k_pci ath10k_core ath CPU: 1 PID: 6 Comm: kworker/u8:0 Tainted: G W 3.17.0-rc2-wl-ath+ #448 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: ath10k_wq ath10k_core_register_work [ath10k_core] task: ffff88001e94abc0 ti: ffff88001e988000 task.ti: ffff88001e988000 RIP: 0010:[] [] relay_open_buf.part.9+0x1a3/0x2d0 RSP: 0018:ffff88001e98bd40 EFLAGS: 00010286 RAX: ffffffffffffffed RBX: ffffc90000a01000 RCX: 0000000000001473 RDX: 0000000000000000 RSI: ffffffffffffffed RDI: ffff88001d4b1d00 RBP: ffff88001e98bd80 R08: 0000000000014860 R09: ffff88001fc94860 R10: ffffea0000752c40 R11: ffff88001e801700 R12: 0000000000000040 R13: 0000000000000200 R14: ffff88001d5b8800 R15: ffff88001d4b1e00 FS: 0000000000000000(0000) GS:ffff88001fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000000001d CR3: 000000001d4bd000 CR4: 00000000000006e0 Stack: 000000001e98bda8 0000000000000040 ffff88001d5b8800 ffff88001d5b8800 0000000000000000 0000000000000000 ffffffff81c96690 ffffffffa0025997 ffff88001e98bdc8 ffffffff810d47bf 0000000000000000 ffffffffffffffed Call Trace: [] relay_open+0x17f/0x2c0 [] ath10k_spectral_create+0x2f/0x40 [ath10k_core] [] ath10k_core_register_work+0x318/0x520 [ath10k_core] [] process_one_work+0x169/0x390 [] worker_thread+0x119/0x490 [] ? rescuer_thread+0x2b0/0x2b0 [] kthread+0xcd/0xf0 [] ? kthread_create_on_node+0x170/0x170 [] ret_from_fork+0x7c/0xb0 [] ? kthread_create_on_node+0x170/0x170 Code: 00 85 c0 74 2e 8b 55 c4 48 8b 7d d0 4c 89 fe e8 d4 fd ff ff 48 85 c0 0f 84 12 01 00 00 49 89 87 98 00 00 00 49 8b 97 d0 00 00 00 <48> 8b 40 30 48 89 50 50 8b 45 c4 be 01 00 00 00 4c 89 ff 41 89 RIP [] relay_open_buf.part.9+0x1a3/0x2d0 RSP CR2: 000000000000001d ---[ end trace 2eafd3e96c41b8e2 ]--- Note: Without a Kconfig patch ath10k with ATH10K_DEBUGFS && !DEBUG_FS will fail and refuse to register to mac80211. Reported-by: Matteo Croce Signed-off-by: Michal Kazior --- Notes: v2: * fix commit subject (sorry for the noise!) v3: * remove Kconfig patch (I accidentally amended something I shouldn't have, sorry for the noise again! I guess I need a break..) @Kalle: - this patch prevents kernel oops but ath10k will fail to load - Matteo's patch prevents kernel oops and ath10k will load fine Since mine is just an extra precaution feel free to drop all but the first paragraph of my commit message if you want to. drivers/net/wireless/ath/ath10k/debug.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/debug.c b/drivers/net/wireless/ath/ath10k/debug.c index d922ef4..ed192a5 100644 --- a/drivers/net/wireless/ath/ath10k/debug.c +++ b/drivers/net/wireless/ath/ath10k/debug.c @@ -1142,8 +1142,12 @@ int ath10k_debug_create(struct ath10k *ar) ar->debug.debugfs_phy = debugfs_create_dir("ath10k", ar->hw->wiphy->debugfsdir); - if (!ar->debug.debugfs_phy) { - ret = -ENOMEM; + if (IS_ERR_OR_NULL(ar->debug.debugfs_phy)) { + if (IS_ERR(ar->debug.debugfs_phy)) + ret = PTR_ERR(ar->debug.debugfs_phy); + else + ret = -ENOMEM; + goto err_free_fw_crash_data; } -- 1.8.5.3 _______________________________________________ ath10k mailing list ath10k@lists.infradead.org http://lists.infradead.org/mailman/listinfo/ath10k