Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3587122pxb; Mon, 24 Jan 2022 12:54:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJw+oR2TDQsWc63YoGwkMlFU4BEY8aONLS63eU9QJzqspd8Rc0dAxMU1hRCGJy+Jlvia2bC+ X-Received: by 2002:a17:902:be0e:b0:149:512a:c2b3 with SMTP id r14-20020a170902be0e00b00149512ac2b3mr16120542pls.71.1643057678387; Mon, 24 Jan 2022 12:54:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643057678; cv=none; d=google.com; s=arc-20160816; b=u6nUYDXhpmFGDCwa4aaW369OwBO5PYsUbmY5aNIrFRsy8wlNToCLiEWuTu2691IyFM eg4M8kZj0Blr7BR3LIxhBhjfhaNmblMOH8y435HsDrmjp4YCRkbF2kvwRzD3q8d0kM9I OIkk1J3v8xOqG7ushTnObz4WDGqNI63TWNRP4OOM3XIzJ94Op5p+2DrovgEx8r2CKX0e n3HfgurObpH/WSYvvmZDpmOsVYXGhrPJrWhUd67ZrKKZwa/yUcRO4ezlnL7n3UgfU6+J RuZZLJ8MKLfrx6DuENVpJx4LeVaHQVel7yh9NNnsLxi0bZMMkDnQOTuGxgnr4hFfhaEt bxDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=R30PrJSjuGLj0K5Tq1ABHz1JwJohZcoHy3+rrJoVJB0=; b=iv5igtOhNJUIRnXM9lPjhXQmREOyDrZ2l0Dw2ZAWp1LVQacrqqBkqLP5Co9q4+9XYu V95EHjfPRcBCUBq97M5qbdfOk67Ims02NiLzPZylLG7jxoPPzmbRNT/OLgtVud93fVrS NWbLr5j8uAsshtqqWCULiJibl803xZ9b4fkVDDMfV7y7cb+lGVnGwOyC4I16N87IHK08 vIAXZZl4q1WmqIkRto2nl5MDRiaGQ7AN3Gjh54fgQTYof2oy8mKc0DX0rsIoxuMpXw2J O5Ek3uUhyTEIIordK5wd1gEQMu2l/bcxRJVmq/xVKbtMR5PpyfeHTS1eMG/EEqnA+Rrq sPzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="g7Rh/k4R"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u6si3459205ple.60.2022.01.24.12.54.26; Mon, 24 Jan 2022 12:54:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="g7Rh/k4R"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380432AbiAXUQT (ORCPT + 99 others); Mon, 24 Jan 2022 15:16:19 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:41894 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351767AbiAXT4t (ORCPT ); Mon, 24 Jan 2022 14:56:49 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7DB13B8119E; Mon, 24 Jan 2022 19:56:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A80F3C340E5; Mon, 24 Jan 2022 19:56:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643054207; bh=P0NElVdu2k+uYeRLYxTnbs9lZbPTnq+Y0IUJpc7myYE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g7Rh/k4RVmh4nUIv989hgfByffXEveEyZoG2Stth9lHDKaDV+DinDN1Ol+8fk4VXY nhi7Iu4jw19r+u6PaDsRw7dToEVbQQ+kgqZQyuHvmUlebYudmkqHQ3Svu9jbsnw+Hd +9WC977enmzWNTkdrP5+s05ExXAkS13kM13l7Kqg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Baochen Qiang , Kalle Valo , Sasha Levin Subject: [PATCH 5.10 312/563] ath11k: Fix crash caused by uninitialized TX ring Date: Mon, 24 Jan 2022 19:41:17 +0100 Message-Id: <20220124184035.222561707@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124184024.407936072@linuxfoundation.org> References: <20220124184024.407936072@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Baochen Qiang [ Upstream commit 273703ebdb01b6c5f1aaf4b98fb57b177609055c ] Commit 31582373a4a8 ("ath11k: Change number of TCL rings to one for QCA6390") avoids initializing the other entries of dp->tx_ring cause the corresponding TX rings on QCA6390/WCN6855 are not used, but leaves those ring masks in ath11k_hw_ring_mask_qca6390.tx unchanged. Normally this is OK because we will only get interrupts from the first TX ring on these chips and thus only the first entry of dp->tx_ring is involved. In case of one MSI vector, all DP rings share the same IRQ. For each interrupt, all rings have to be checked, which means the other entries of dp->tx_ring are involved. However since they are not initialized, system crashes. Fix this issue by simply removing those ring masks. crash stack: [ 102.907438] BUG: kernel NULL pointer dereference, address: 0000000000000028 [ 102.907447] #PF: supervisor read access in kernel mode [ 102.907451] #PF: error_code(0x0000) - not-present page [ 102.907453] PGD 1081f0067 P4D 1081f0067 PUD 1081f1067 PMD 0 [ 102.907460] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 102.907465] CPU: 0 PID: 3511 Comm: apt-check Kdump: loaded Tainted: G E 5.15.0-rc4-wt-ath+ #20 [ 102.907470] Hardware name: AMD Celadon-RN/Celadon-RN, BIOS RCD1005E 10/08/2020 [ 102.907472] RIP: 0010:ath11k_dp_tx_completion_handler+0x201/0x830 [ath11k] [ 102.907497] Code: 3c 24 4e 8d ac 37 10 04 00 00 4a 8d bc 37 68 04 00 00 48 89 3c 24 48 63 c8 89 83 84 18 00 00 48 c1 e1 05 48 03 8b 78 18 00 00 <8b> 51 08 89 d6 83 e6 07 89 74 24 24 83 fe 03 74 04 85 f6 75 63 41 [ 102.907501] RSP: 0000:ffff9b7340003e08 EFLAGS: 00010202 [ 102.907505] RAX: 0000000000000001 RBX: ffff8e21530c0100 RCX: 0000000000000020 [ 102.907508] RDX: 0000000000000000 RSI: 00000000fffffe00 RDI: ffff8e21530c1938 [ 102.907511] RBP: ffff8e21530c0000 R08: 0000000000000001 R09: 0000000000000000 [ 102.907513] R10: ffff8e2145534c10 R11: 0000000000000001 R12: ffff8e21530c2938 [ 102.907515] R13: ffff8e21530c18e0 R14: 0000000000000100 R15: ffff8e21530c2978 [ 102.907518] FS: 00007f5d4297e740(0000) GS:ffff8e243d600000(0000) knlGS:0000000000000000 [ 102.907521] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.907524] CR2: 0000000000000028 CR3: 00000001034ea000 CR4: 0000000000350ef0 [ 102.907527] Call Trace: [ 102.907531] [ 102.907537] ath11k_dp_service_srng+0x5c/0x2f0 [ath11k] [ 102.907556] ath11k_pci_ext_grp_napi_poll+0x21/0x70 [ath11k_pci] [ 102.907562] __napi_poll+0x2c/0x160 [ 102.907570] net_rx_action+0x251/0x310 [ 102.907576] __do_softirq+0x107/0x2fc [ 102.907585] irq_exit_rcu+0x74/0x90 [ 102.907593] common_interrupt+0x83/0xa0 [ 102.907600] [ 102.907601] asm_common_interrupt+0x1e/0x40 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1 Signed-off-by: Baochen Qiang Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20211026011605.58615-1-quic_bqiang@quicinc.com Signed-off-by: Sasha Levin --- drivers/net/wireless/ath/ath11k/hw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/hw.c b/drivers/net/wireless/ath/ath11k/hw.c index 66331da350129..f6282e8702923 100644 --- a/drivers/net/wireless/ath/ath11k/hw.c +++ b/drivers/net/wireless/ath/ath11k/hw.c @@ -246,8 +246,6 @@ const struct ath11k_hw_ring_mask ath11k_hw_ring_mask_ipq8074 = { const struct ath11k_hw_ring_mask ath11k_hw_ring_mask_qca6390 = { .tx = { ATH11K_TX_RING_MASK_0, - ATH11K_TX_RING_MASK_1, - ATH11K_TX_RING_MASK_2, }, .rx_mon_status = { 0, 0, 0, 0, -- 2.34.1