From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26C68C282DC for ; Wed, 22 May 2019 19:46:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E30CD20856 for ; Wed, 22 May 2019 19:46:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558554394; bh=KUHFrstY9xKfRid6AIdvydrKVOVwZMyZqRJWK+U/rYY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=qJX4UCsvlc5Btlm2ApqzLNs1Lg4tJ07nSiCTzw8ZZ00mHlLGt68Y4tJWIa8DpU0z6 /u/RSneTSTGexFIuZ7m6TWxZraU6XchlLmULAHLKfjAzVfbQhzlCiGSUMyFudcjb3X YxsRmIpTl3fle8GYaMnTtacthCDtF8e3uhLVtrig= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732397AbfEVT1s (ORCPT ); Wed, 22 May 2019 15:27:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:50174 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730048AbfEVT1r (ORCPT ); Wed, 22 May 2019 15:27:47 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2A15120675; Wed, 22 May 2019 19:27:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558553266; bh=KUHFrstY9xKfRid6AIdvydrKVOVwZMyZqRJWK+U/rYY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WEvs/MArc0AWbBNK9Ru8zmz5thQrKrNOq0fjKVYyPFfk1SjV15ffVOLEnZrF+gLIM r4WVgHllTCka0DeQma0/73DS5Upx+6rplS4aQXdythI09mkLthcOvuWCXkPifoVozg sPNy9OynTDb/CwPqgQ9vPvkywOK5LdvIp9r4wU3w= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Johannes Berg , Luca Coelho , Sasha Levin , linux-wireless@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 043/244] iwlwifi: pcie: don't crash on invalid RX interrupt Date: Wed, 22 May 2019 15:23:09 -0400 Message-Id: <20190522192630.24917-43-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190522192630.24917-1-sashal@kernel.org> References: <20190522192630.24917-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Johannes Berg [ Upstream commit 30f24eabab8cd801064c5c37589d803cb4341929 ] If for some reason the device gives us an RX interrupt before we're ready for it, perhaps during device power-on with misconfigured IRQ causes mapping or so, we can crash trying to access the queues. Prevent that by checking that we actually have RXQs and that they were properly allocated. Signed-off-by: Johannes Berg Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c index b2905f01b7df3..6dcd5374d9b4d 100644 --- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c +++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c @@ -1388,10 +1388,15 @@ static struct iwl_rx_mem_buffer *iwl_pcie_get_rxb(struct iwl_trans *trans, static void iwl_pcie_rx_handle(struct iwl_trans *trans, int queue) { struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); - struct iwl_rxq *rxq = &trans_pcie->rxq[queue]; + struct iwl_rxq *rxq; u32 r, i, count = 0; bool emergency = false; + if (WARN_ON_ONCE(!trans_pcie->rxq || !trans_pcie->rxq[queue].bd)) + return; + + rxq = &trans_pcie->rxq[queue]; + restart: spin_lock(&rxq->lock); /* uCode's read index (stored in shared DRAM) indicates the last Rx -- 2.20.1