* [PATCH 1/3] mwifiex: code rearrangement in suspend handler
@ 2016-06-27 8:46 Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 2/3] mwifiex: clear scan_aborting flag Amitkumar Karwar
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Amitkumar Karwar @ 2016-06-27 8:46 UTC (permalink / raw)
To: linux-wireless
Cc: Nishant Sarmukadam, Wei-Ning Huang, Cathy Luo, Amitkumar Karwar
We will derive sta_priv at the beginning of suspend handler.
This will be useful for next patch in this series.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index 81ff8bb..31f7b79 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -3311,6 +3311,8 @@ static int mwifiex_cfg80211_suspend(struct wiphy *wiphy,
struct mwifiex_ds_hs_cfg hs_cfg;
int i, ret = 0, retry_num = 10;
struct mwifiex_private *priv;
+ struct mwifiex_private *sta_priv =
+ mwifiex_get_priv(adapter, MWIFIEX_BSS_ROLE_STA);
for (i = 0; i < adapter->priv_num; i++) {
priv = adapter->priv[i];
@@ -3343,15 +3345,13 @@ static int mwifiex_cfg80211_suspend(struct wiphy *wiphy,
return 0;
}
- priv = mwifiex_get_priv(adapter, MWIFIEX_BSS_ROLE_STA);
-
- if (!priv->media_connected && !wowlan->nd_config) {
+ if (!sta_priv->media_connected && !wowlan->nd_config) {
mwifiex_dbg(adapter, ERROR,
"Can not configure WOWLAN in disconnected state\n");
return 0;
}
- ret = mwifiex_set_mef_filter(priv, wowlan);
+ ret = mwifiex_set_mef_filter(sta_priv, wowlan);
if (ret) {
mwifiex_dbg(adapter, ERROR, "Failed to set MEF filter\n");
return ret;
@@ -3363,19 +3363,19 @@ static int mwifiex_cfg80211_suspend(struct wiphy *wiphy,
if (wowlan->nd_config) {
mwifiex_dbg(adapter, INFO, "Wake on net detect\n");
hs_cfg.conditions |= HS_CFG_COND_MAC_EVENT;
- mwifiex_cfg80211_sched_scan_start(wiphy, priv->netdev,
+ mwifiex_cfg80211_sched_scan_start(wiphy, sta_priv->netdev,
wowlan->nd_config);
}
if (wowlan->disconnect) {
hs_cfg.conditions |= HS_CFG_COND_MAC_EVENT;
- mwifiex_dbg(priv->adapter, INFO, "Wake on device disconnect\n");
+ mwifiex_dbg(sta_priv->adapter, INFO, "Wake on device disconnect\n");
}
hs_cfg.is_invoke_hostcmd = false;
hs_cfg.gpio = adapter->hs_cfg.gpio;
hs_cfg.gap = adapter->hs_cfg.gap;
- ret = mwifiex_set_hs_params(priv, HostCmd_ACT_GEN_SET,
+ ret = mwifiex_set_hs_params(sta_priv, HostCmd_ACT_GEN_SET,
MWIFIEX_SYNC_CMD, &hs_cfg);
if (ret) {
mwifiex_dbg(adapter, ERROR,
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/3] mwifiex: clear scan_aborting flag
2016-06-27 8:46 [PATCH 1/3] mwifiex: code rearrangement in suspend handler Amitkumar Karwar
@ 2016-06-27 8:46 ` Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 3/3] mwifiex: fix NULL pointer dereference during suspend Amitkumar Karwar
2016-07-08 9:59 ` [1/3] mwifiex: code rearrangement in suspend handler Kalle Valo
2 siblings, 0 replies; 4+ messages in thread
From: Amitkumar Karwar @ 2016-06-27 8:46 UTC (permalink / raw)
To: linux-wireless
Cc: Nishant Sarmukadam, Wei-Ning Huang, Cathy Luo, Amitkumar Karwar
The flag should be cleaned along with other scan operation variables.
This was missing at some places.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
---
drivers/net/wireless/marvell/mwifiex/scan.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index e331122..96d0d86 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -1960,6 +1960,7 @@ static void mwifiex_check_next_scan_command(struct mwifiex_private *priv)
"info: notifying scan done\n");
cfg80211_scan_done(priv->scan_request, 0);
priv->scan_request = NULL;
+ priv->scan_aborting = false;
} else {
priv->scan_aborting = false;
mwifiex_dbg(adapter, INFO,
@@ -1981,6 +1982,7 @@ static void mwifiex_check_next_scan_command(struct mwifiex_private *priv)
"info: aborting scan\n");
cfg80211_scan_done(priv->scan_request, 1);
priv->scan_request = NULL;
+ priv->scan_aborting = false;
} else {
priv->scan_aborting = false;
mwifiex_dbg(adapter, INFO,
@@ -2022,6 +2024,7 @@ void mwifiex_cancel_scan(struct mwifiex_adapter *adapter)
"info: aborting scan\n");
cfg80211_scan_done(priv->scan_request, 1);
priv->scan_request = NULL;
+ priv->scan_aborting = false;
}
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/3] mwifiex: fix NULL pointer dereference during suspend
2016-06-27 8:46 [PATCH 1/3] mwifiex: code rearrangement in suspend handler Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 2/3] mwifiex: clear scan_aborting flag Amitkumar Karwar
@ 2016-06-27 8:46 ` Amitkumar Karwar
2016-07-08 9:59 ` [1/3] mwifiex: code rearrangement in suspend handler Kalle Valo
2 siblings, 0 replies; 4+ messages in thread
From: Amitkumar Karwar @ 2016-06-27 8:46 UTC (permalink / raw)
To: linux-wireless
Cc: Nishant Sarmukadam, Wei-Ning Huang, Cathy Luo, Amitkumar Karwar
This patch fixes below NULL pointer dereference observed in suspend
stress test. When scan is cancelled during system suspend, we may end
up aceesing "priv->scan_request" in corner case.
[ 3035.304682] BUG: KASAN: null-ptr-deref on address 0000000000000008
[ 3035.304704] Read of size 4 by task ksdioirqd/mmc2/1183
[ 3035.304744] CPU: 0 PID: 1183 Comm: ksdioirqd/mmc2 Tainted: G W 3.18.0 #1169
[ 3035.304772] Call trace:
[ 3035.304825] [<ffffffc00020a520>] dump_backtrace+0x0/0x190
[ 3035.304864] [<ffffffc00020a6cc>] show_stack+0x1c/0x28
[ 3035.304901] [<ffffffc000b36db8>] dump_stack+0xa0/0xf8
[ 3035.304940] [<ffffffc00039c494>] kasan_report+0x120/0x4fc
[ 3035.304975] [<ffffffc00039b6b4>] __asan_load4+0x20/0x80
[ 3035.305546] [<ffffffbffc1f5aec>] mwifiex_check_next_scan_command+0x1a4/0x588 [mwifiex]
[ 3035.306091] [<ffffffbffc1f7aec>] mwifiex_handle_event_ext_scan_report+0x304/0x370 [mwifiex]
[ 3035.306735] [<ffffffbffc206bb8>] mwifiex_process_sta_event+0x6c0/0xf10 [mwifiex]
[ 3035.307200] [<ffffffbffc1e609c>] mwifiex_process_event+0x2f4/0x358 [mwifiex]
[ 3035.307612] [<ffffffbffc1e25c8>] mwifiex_main_process+0x3cc/0x80c [mwifiex]
[ 3035.307737] [<ffffffbffc2523a0>] mwifiex_sdio_interrupt+0x198/0x1c0 [mwifiex_sdio]
[ 3035.307785] [<ffffffc0008d9250>] process_sdio_pending_irqs+0x15c/0x1d4
[ 3035.307826] [<ffffffc0008d93f0>] sdio_irq_thread+0xd8/0x288
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 18 ++++++++++--------
drivers/net/wireless/marvell/mwifiex/scan.c | 3 ++-
drivers/net/wireless/marvell/mwifiex/sta_event.c | 2 +-
3 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index 31f7b79..dfe264b 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -3314,6 +3314,7 @@ static int mwifiex_cfg80211_suspend(struct wiphy *wiphy,
struct mwifiex_private *sta_priv =
mwifiex_get_priv(adapter, MWIFIEX_BSS_ROLE_STA);
+ sta_priv->scan_aborting = true;
for (i = 0; i < adapter->priv_num; i++) {
priv = adapter->priv[i];
mwifiex_abort_cac(priv);
@@ -3342,19 +3343,21 @@ static int mwifiex_cfg80211_suspend(struct wiphy *wiphy,
if (!wowlan) {
mwifiex_dbg(adapter, ERROR,
"None of the WOWLAN triggers enabled\n");
- return 0;
+ ret = 0;
+ goto done;
}
if (!sta_priv->media_connected && !wowlan->nd_config) {
mwifiex_dbg(adapter, ERROR,
"Can not configure WOWLAN in disconnected state\n");
- return 0;
+ ret = 0;
+ goto done;
}
ret = mwifiex_set_mef_filter(sta_priv, wowlan);
if (ret) {
mwifiex_dbg(adapter, ERROR, "Failed to set MEF filter\n");
- return ret;
+ goto done;
}
memset(&hs_cfg, 0, sizeof(hs_cfg));
@@ -3377,12 +3380,11 @@ static int mwifiex_cfg80211_suspend(struct wiphy *wiphy,
hs_cfg.gap = adapter->hs_cfg.gap;
ret = mwifiex_set_hs_params(sta_priv, HostCmd_ACT_GEN_SET,
MWIFIEX_SYNC_CMD, &hs_cfg);
- if (ret) {
- mwifiex_dbg(adapter, ERROR,
- "Failed to set HS params\n");
- return ret;
- }
+ if (ret)
+ mwifiex_dbg(adapter, ERROR, "Failed to set HS params\n");
+done:
+ sta_priv->scan_aborting = false;
return ret;
}
diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index 96d0d86..87e7000 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -1896,7 +1896,8 @@ mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv)
u8 id = 0;
struct mwifiex_user_scan_cfg *user_scan_cfg;
- if (adapter->active_scan_triggered || !priv->scan_request) {
+ if (adapter->active_scan_triggered || !priv->scan_request ||
+ priv->scan_aborting) {
adapter->active_scan_triggered = false;
return 0;
}
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_event.c b/drivers/net/wireless/marvell/mwifiex/sta_event.c
index 0cefd40..7c01778 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_event.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_event.c
@@ -708,7 +708,7 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
case EVENT_EXT_SCAN_REPORT:
mwifiex_dbg(adapter, EVENT, "event: EXT_SCAN Report\n");
- if (adapter->ext_scan)
+ if (adapter->ext_scan && !priv->scan_aborting)
ret = mwifiex_handle_event_ext_scan_report(priv,
adapter->event_skb->data);
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [1/3] mwifiex: code rearrangement in suspend handler
2016-06-27 8:46 [PATCH 1/3] mwifiex: code rearrangement in suspend handler Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 2/3] mwifiex: clear scan_aborting flag Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 3/3] mwifiex: fix NULL pointer dereference during suspend Amitkumar Karwar
@ 2016-07-08 9:59 ` Kalle Valo
2 siblings, 0 replies; 4+ messages in thread
From: Kalle Valo @ 2016-07-08 9:59 UTC (permalink / raw)
To: Amitkumar Karwar
Cc: linux-wireless, Nishant Sarmukadam, Wei-Ning Huang, Cathy Luo,
Amitkumar Karwar
Amitkumar Karwar <akarwar@marvell.com> wrote:
> We will derive sta_priv at the beginning of suspend handler.
> This will be useful for next patch in this series.
>
> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Thanks, 3 patches applied to wireless-drivers-next.git:
322397b268f7 mwifiex: code rearrangement in suspend handler
09e672a16b92 mwifiex: clear scan_aborting flag
16d25da94f3d mwifiex: fix NULL pointer dereference during suspend
--
Sent by pwcli
https://patchwork.kernel.org/patch/9200033/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-08 9:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-27 8:46 [PATCH 1/3] mwifiex: code rearrangement in suspend handler Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 2/3] mwifiex: clear scan_aborting flag Amitkumar Karwar
2016-06-27 8:46 ` [PATCH 3/3] mwifiex: fix NULL pointer dereference during suspend Amitkumar Karwar
2016-07-08 9:59 ` [1/3] mwifiex: code rearrangement in suspend handler Kalle Valo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.