linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kalle Valo <kvalo@codeaurora.org>
To: Wen Gong <wgong@codeaurora.org>
Cc: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>,
	linux-wireless@vger.kernel.org, ath11k@lists.infradead.org
Subject: Re: [PATCH v5 8/8] ath11k: Add support for 6g scan hint
Date: Wed, 9 Sep 2020 08:38:44 +0000	[thread overview]
Message-ID: <01010174720465b2-fea2e548-95b2-488a-ae51-8f2a501f838e-000000@us-west-2.amazonses.com> (raw)
In-Reply-To: <a9525954a6bd3055350cf4c3f29bab55@codeaurora.org> (Wen Gong's message of "Mon, 24 Aug 2020 11:29:42 +0800")

Wen Gong <wgong@codeaurora.org> writes:

> On 2020-06-03 08:17, Pradeep Kumar Chitrapu wrote:
> ...
>> @@ -2126,6 +2136,68 @@ int ath11k_wmi_send_scan_start_cmd(struct
>> ath11k *ar,
>>
>>  	ptr += extraie_len_with_pad;
>>
>> +	if (params->num_hint_s_ssid) {
>> +		len = params->num_hint_s_ssid * sizeof(struct hint_short_ssid);
>> +		tlv = ptr;
>> +		tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) |
>> +			      FIELD_PREP(WMI_TLV_LEN, len);
>> +		ptr += TLV_HDR_SIZE;
>> +		s_ssid = ptr;
>> +		for (i = 0; i < params->num_hint_s_ssid; ++i) {
>> +			s_ssid->freq_flags = params->hint_s_ssid[i].freq_flags;
>> +			s_ssid->short_ssid = params->hint_s_ssid[i].short_ssid;
>> +			s_ssid++;
>> +		}
>> +		ptr += len;
>> +	}
>> +
>> +	if (params->num_hint_bssid) {
>> +		len = params->num_hint_bssid * sizeof(struct hint_bssid);
>> +		tlv = ptr;
>> +		tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) |
>> +			      FIELD_PREP(WMI_TLV_LEN, len);
>> +		ptr += TLV_HDR_SIZE;
>> +		hint_bssid = ptr;
>> +		for (i = 0; i < params->num_hint_bssid; ++i) {
>> +			hint_bssid->freq_flags =
>> +				params->hint_bssid[i].freq_flags;
>> +			ether_addr_copy(&params->hint_bssid[i].bssid.addr[0],
>> +					&hint_bssid->bssid.addr[0]);
>> +			hint_bssid++;
>> +		}
>> +	}
>> +
>> +	len = params->num_hint_s_ssid * sizeof(struct hint_short_ssid);
>> +	tlv = ptr;
>> +	tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) |
>> +		      FIELD_PREP(WMI_TLV_LEN, len);
>> +	ptr += TLV_HDR_SIZE;
>> +	if (params->num_hint_s_ssid) {
>> +		s_ssid = ptr;
>> +		for (i = 0; i < params->num_hint_s_ssid; ++i) {
>> +			s_ssid->freq_flags = params->hint_s_ssid[i].freq_flags;
>> +			s_ssid->short_ssid = params->hint_s_ssid[i].short_ssid;
>> +			s_ssid++;
>> +		}
>> +	}
>> +	ptr += len;
>> +
>> +	len = params->num_hint_bssid * sizeof(struct hint_bssid);
>> +	tlv = ptr;
>> +	tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) |
>> +		      FIELD_PREP(WMI_TLV_LEN, len);
>> +	ptr += TLV_HDR_SIZE;
>> +	if (params->num_hint_bssid) {
>> +		hint_bssid = ptr;
>> +		for (i = 0; i < params->num_hint_bssid; ++i) {
>> +			hint_bssid->freq_flags =
>> +				params->hint_bssid[i].freq_flags;
>> +			ether_addr_copy(&params->hint_bssid[i].bssid.addr[0],
>> +					&hint_bssid->bssid.addr[0]);
>> +			hint_bssid++;
>> +		}
>> +	}
>> +
> It handle num_hint_bssid/ num_hint_s_ssid twice, and lead skb overflow
> and lead crash
> Removed one then not crash by my test.
>
> [  333.887631] ath11k_pci 0000:05:00.0: ath11k_wmi_send_scan_start_cmd
> 2 skb null 0
> ,pK:ffff921f6fd85400,llx:ffff921f6fd85400,px:ffff921f6fd85400,p:000000008d8d8abe
> [  333.887633] ath11k_pci 0000:05:00.0: ath11k_wmi_send_scan_start_cmd
> 2 skb
> len:372,end:448,tail:448,head:ffff921f6d7a3140,data:ffff921f6d7a318c
> [  333.887635] ath11k_pci 0000:05:00.0: ath11k_wmi_send_scan_start_cmd
> 2 shinfo nr_frags 19 null 0,pk:ffff921f6d7a3300,llx:ffff921f6d7a3300
> [  333.887638] ath11k_pci 0000:05:00.0: ath11k_wmi_cmd_send_nowait 1
> skb null 0
> ,pK:ffff921f6fd85400,llx:ffff921f6fd85400,px:ffff921f6fd85400,p:000000008d8d8abe
> [  333.887640] ath11k_pci 0000:05:00.0: ath11k_wmi_cmd_send_nowait 1
> skb
> len:376,end:448,tail:448,head:ffff921f6d7a3140,data:ffff921f6d7a3188
> [  333.887642] ath11k_pci 0000:05:00.0: ath11k_wmi_cmd_send_nowait
> shinfo nr_frags 19 null 0,pk:ffff921f6d7a3300,llx:ffff921f6d7a3300
> [  333.887644] ath11k_pci 0000:05:00.0: htc ep 2 consumed 1 credits
> (total 1)
> [  333.887649] ath11k_pci 0000:05:00.0: ath11k_ce_send 1 write_index
> 6, skb null 0
> ,pK:ffff921f6fd85400,llx:ffff921f6fd85400,px:ffff921f6fd85400,p:000000008d8d8abe
> [  333.887650] ath11k_pci 0000:05:00.0: ath11k_ce_send 1 skb
> len:384,end:448,tail:448,head:ffff921f6d7a3140,data:ffff921f6d7a3180
> [  333.887652] ath11k_pci 0000:05:00.0: ath11k_ce_send shinfo nr_frags
> 19 null 0,pk:ffff921f6d7a3300,llx:ffff921f6d7a3300
> [  333.887654] ath11k_pci 0000:05:00.0: wmi cmd send 0x3001 ret 0
> [  333.887729] general protection fault, probably for non-canonical
> address 0x2e676e69746e756f: 0000 [#1] SMP PTI
> [  333.887734] CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G
> W  OE     5.8.0-rc1+ #3
> [  333.887735] Hardware name: LENOVO 418065C/418065C, BIOS 83ET63WW
> (1.33 ) 07/29/2011
> [  333.887741] RIP: 0010:skb_release_data+0x66/0x170
> [  333.887744] Code: 41 0f c1 44 24 20 39 c2 0f 85 ff 00 00 00 31 db
> 41 80 7c 24 02 00 48 89 fd 74 39 48 63 c3 48 83 c0 03 48 c1 e0 04 49
> 8b 3c 04 <48> 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa 66 66 66 66 90 f0
> ff 4f
> [  333.887746] RSP: 0018:ffffb3204010ce48 EFLAGS: 00010206
> [  333.887748] RAX: 0000000000000030 RBX: 0000000000000000 RCX:
> 000000000000466e
> [  333.887749] RDX: 0000000000000011 RSI: 0000000000000001 RDI:
> 2e676e69746e756f
> [  333.887751] RBP: ffff921f6fd85400 R08: ffff921f7e5dc9b8 R09:
> ffff921f7e5cb000
> [  333.887752] R10: 000000000000000c R11: 0000000000001142 R12:
> ffff921f6d7a3300
> [  333.887754] R13: 0000000000000013 R14: ffff921f68d41658 R15:
> ffff921f68d42e68
> [  333.887756] FS:  0000000000000000(0000) GS:ffff921f7a240000(0000)
> knlGS:0000000000000000
> [  333.887757] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  333.887759] CR2: 00007f73be694b58 CR3: 000000008f40a004 CR4:
> 00000000000606e0
> [  333.887760] Call Trace:
> [  333.887763]  <IRQ>
> [  333.887766]  consume_skb+0x27/0xb0
> [  333.887780]  ath11k_ce_send_done_cb+0x2a2/0x2c0 [ath11k]
> [  333.887789]  ath11k_ce_per_engine_service+0x50/0x3b0 [ath11k]
> [  333.887796]  ? ath11k_info+0x56/0x60 [ath11k]
> [  333.887799]  ? __irq_put_desc_unlock+0x18/0x50
> [  333.887802]  ath11k_pci_ce_tasklet+0x2f/0x50 [ath11k_pci]
> [  333.887806]  tasklet_action_common.isra.21+0xee/0x110
> [  333.887809]  __do_softirq+0xfd/0x2bb
> [  333.887814]  asm_call_on_stack+0x12/0x20
> [  333.887815]  </IRQ>
> [  333.887819]  do_softirq_own_stack+0x39/0x50
> [  333.887821]  irq_exit_rcu+0x9e/0xa0
> [  333.887825]  common_interrupt+0xa4/0x140
> [  333.887828]  asm_common_interrupt+0x1e/0x40
> [  333.887832] RIP: 0010:cpuidle_enter_state+0xc6/0x420

Pradeep, do you have a fix for this crash?

-- 
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

  reply	other threads:[~2020-09-09  8:38 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-03  0:17 [PATCH v5 0/8] add 6GHz radio support in ath11k driver Pradeep Kumar Chitrapu
2020-06-03  0:17 ` [PATCH v5 1/8] ath11k: add 6G frequency list supported by driver Pradeep Kumar Chitrapu
2020-06-08 15:41   ` Kalle Valo
2020-06-11  5:06   ` Kalle Valo
2020-06-03  0:17 ` [PATCH v5 2/8] ath11k: add support for 6GHz radio in driver Pradeep Kumar Chitrapu
2020-09-15 11:16   ` Wen Gong
2020-09-15 12:32     ` Wen Gong
2020-09-15 23:07       ` Pradeep Kumar Chitrapu
2020-09-16  2:33         ` Wen Gong
2020-09-16  3:56   ` Wen Gong
2020-06-03  0:17 ` [PATCH v5 3/8] ath11k: Use freq instead of channel number in rx path Pradeep Kumar Chitrapu
2020-06-03  0:17 ` [PATCH v5 4/8] ath11k: extend peer_assoc_cmd for 6GHz band Pradeep Kumar Chitrapu
2020-06-03  0:17 ` [PATCH v5 5/8] ath11k: set psc channel flag when sending channel list to firmware Pradeep Kumar Chitrapu
2020-06-03  0:17 ` [PATCH v5 6/8] ath11k: Add 6G scan dwell time parameter in scan request command Pradeep Kumar Chitrapu
2020-06-03  0:17 ` [PATCH v5 7/8] ath11k: Send multiple scan_chan_list messages if required Pradeep Kumar Chitrapu
2020-06-09  6:37   ` Kalle Valo
2020-06-03  0:17 ` [PATCH v5 8/8] ath11k: Add support for 6g scan hint Pradeep Kumar Chitrapu
2020-08-24  3:29   ` Wen Gong
2020-09-09  8:38     ` Kalle Valo [this message]
2020-06-03 13:12 ` [PATCH v5 0/8] add 6GHz radio support in ath11k driver Kalle Valo
2020-06-03 17:50   ` Pradeep Kumar Chitrapu
2020-06-08 11:04     ` Kalle Valo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=01010174720465b2-fea2e548-95b2-488a-ae51-8f2a501f838e-000000@us-west-2.amazonses.com \
    --to=kvalo@codeaurora.org \
    --cc=ath11k@lists.infradead.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=pradeepc@codeaurora.org \
    --cc=wgong@codeaurora.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).