There is unbalanced napi_{enable,disable}() behavior as they
are being called from hif_snoc_{power_up/stop).
The fix is to call napi_enable() from ath10k_snoc_hif_start()
so that it matches with napi_disable() being called from
ath10k_snoc_hif_stop().
Signed-off-by: Govind Singh <[email protected]>
---
drivers/net/wireless/ath/ath10k/snoc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c
index ed52a6308f76..dd043b858c8e 100644
--- a/drivers/net/wireless/ath/ath10k/snoc.c
+++ b/drivers/net/wireless/ath/ath10k/snoc.c
@@ -919,6 +919,7 @@ static void ath10k_snoc_hif_stop(struct ath10k *ar)
static int ath10k_snoc_hif_start(struct ath10k *ar)
{
+ napi_enable(&ar->napi);
ath10k_snoc_irq_enable(ar);
ath10k_snoc_rx_post(ar);
@@ -1017,7 +1018,6 @@ static int ath10k_snoc_hif_power_up(struct ath10k *ar)
goto err_wlan_enable;
}
- napi_enable(&ar->napi);
return 0;
err_wlan_enable:
--
2.18.0
CE buffers are cleaned up prior to napi disable and this is causing
NULL pointer dereference due to "use after free".
Disable napi before resource cleanup to avoid "use after free".
Signed-off-by: Govind Singh <[email protected]>
---
drivers/net/wireless/ath/ath10k/snoc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c
index dd043b858c8e..6da951eea345 100644
--- a/drivers/net/wireless/ath/ath10k/snoc.c
+++ b/drivers/net/wireless/ath/ath10k/snoc.c
@@ -911,9 +911,9 @@ static void ath10k_snoc_buffer_cleanup(struct ath10k *ar)
static void ath10k_snoc_hif_stop(struct ath10k *ar)
{
ath10k_snoc_irq_disable(ar);
- ath10k_snoc_buffer_cleanup(ar);
napi_synchronize(&ar->napi);
napi_disable(&ar->napi);
+ ath10k_snoc_buffer_cleanup(ar);
ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif stop\n");
}
--
2.18.0
Govind Singh <[email protected]> wrote:
> There is unbalanced napi_{enable,disable}() behavior as they
> are being called from hif_snoc_{power_up/stop).
>
> The fix is to call napi_enable() from ath10k_snoc_hif_start()
> so that it matches with napi_disable() being called from
> ath10k_snoc_hif_stop().
>
> Signed-off-by: Govind Singh <[email protected]>
> Signed-off-by: Kalle Valo <[email protected]>
2 patches applied to ath-next branch of ath.git, thanks.
752ed2a229c6 ath10k: move napi_enable to hif_start for consistent pairing
393b9b0f830e ath10k: disable napi before resource cleanup to avoid "use after free"
--
https://patchwork.kernel.org/patch/10606859/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches