Right now wcn->hal_buf is allocated in wcn36xx_start(). This is a problem
since we should have setup all of the buffers we required by the time
ieee80211_register_hw() is called.
struct ieee80211_ops callbacks may run prior to mac_start() and therefore
wcn->hal_buf must be initialized.
This is easily remediated by moving the allocation to probe() taking the
opportunity to tidy up freeing memory by using devm_kmalloc().
Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680
hardware')
Signed-off-by: Bryan O'Donoghue <[email protected]>
---
drivers/net/wireless/ath/wcn36xx/main.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c
index 84e117e0546c..2ccf7a8924a0 100644
--- a/drivers/net/wireless/ath/wcn36xx/main.c
+++ b/drivers/net/wireless/ath/wcn36xx/main.c
@@ -296,23 +296,16 @@ static int wcn36xx_start(struct ieee80211_hw *hw)
goto out_free_dxe_pool;
}
- wcn->hal_buf = kmalloc(WCN36XX_HAL_BUF_SIZE, GFP_KERNEL);
- if (!wcn->hal_buf) {
- wcn36xx_err("Failed to allocate smd buf\n");
- ret = -ENOMEM;
- goto out_free_dxe_ctl;
- }
-
ret = wcn36xx_smd_load_nv(wcn);
if (ret) {
wcn36xx_err("Failed to push NV to chip\n");
- goto out_free_smd_buf;
+ goto out_free_dxe_ctl;
}
ret = wcn36xx_smd_start(wcn);
if (ret) {
wcn36xx_err("Failed to start chip\n");
- goto out_free_smd_buf;
+ goto out_free_dxe_ctl;
}
if (!wcn36xx_is_fw_version(wcn, 1, 2, 2, 24)) {
@@ -339,8 +332,6 @@ static int wcn36xx_start(struct ieee80211_hw *hw)
out_smd_stop:
wcn36xx_smd_stop(wcn);
-out_free_smd_buf:
- kfree(wcn->hal_buf);
out_free_dxe_ctl:
wcn36xx_dxe_free_ctl_blks(wcn);
out_free_dxe_pool:
@@ -375,8 +366,6 @@ static void wcn36xx_stop(struct ieee80211_hw *hw)
wcn36xx_dxe_free_mem_pools(wcn);
wcn36xx_dxe_free_ctl_blks(wcn);
-
- kfree(wcn->hal_buf);
}
static void wcn36xx_change_ps(struct wcn36xx *wcn, bool enable)
@@ -1499,6 +1488,12 @@ static int wcn36xx_probe(struct platform_device *pdev)
mutex_init(&wcn->hal_mutex);
mutex_init(&wcn->scan_lock);
+ wcn->hal_buf = devm_kmalloc(wcn->dev, WCN36XX_HAL_BUF_SIZE, GFP_KERNEL);
+ if (!wcn->hal_buf) {
+ ret = -ENOMEM;
+ goto out_wq;
+ }
+
ret = dma_set_mask_and_coherent(wcn->dev, DMA_BIT_MASK(32));
if (ret < 0) {
wcn36xx_err("failed to set DMA mask: %d\n", ret);
--
2.30.1
Bryan O'Donoghue <[email protected]> writes:
> Right now wcn->hal_buf is allocated in wcn36xx_start(). This is a problem
> since we should have setup all of the buffers we required by the time
> ieee80211_register_hw() is called.
>
> struct ieee80211_ops callbacks may run prior to mac_start() and therefore
> wcn->hal_buf must be initialized.
>
> This is easily remediated by moving the allocation to probe() taking the
> opportunity to tidy up freeing memory by using devm_kmalloc().
>
> Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680
> hardware')
Fixes tag is wrong, it should be like this and all in one line:
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
I fixed it in the pending branch, no need to resend.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
On Sat 05 Jun 12:33 CDT 2021, Bryan O'Donoghue wrote:
> Right now wcn->hal_buf is allocated in wcn36xx_start(). This is a problem
> since we should have setup all of the buffers we required by the time
> ieee80211_register_hw() is called.
>
> struct ieee80211_ops callbacks may run prior to mac_start() and therefore
> wcn->hal_buf must be initialized.
>
> This is easily remediated by moving the allocation to probe() taking the
> opportunity to tidy up freeing memory by using devm_kmalloc().
>
> Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680
> hardware')
>
I don't think you're supposed to have an empty line between your Fixes
and S-o-b. That said, this looks good and your reasoning is sound.
Reviewed-by: Bjorn Andersson <[email protected]>
Regards,
Bjorn
> Signed-off-by: Bryan O'Donoghue <[email protected]>
> ---
> drivers/net/wireless/ath/wcn36xx/main.c | 21 ++++++++-------------
> 1 file changed, 8 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c
> index 84e117e0546c..2ccf7a8924a0 100644
> --- a/drivers/net/wireless/ath/wcn36xx/main.c
> +++ b/drivers/net/wireless/ath/wcn36xx/main.c
> @@ -296,23 +296,16 @@ static int wcn36xx_start(struct ieee80211_hw *hw)
> goto out_free_dxe_pool;
> }
>
> - wcn->hal_buf = kmalloc(WCN36XX_HAL_BUF_SIZE, GFP_KERNEL);
> - if (!wcn->hal_buf) {
> - wcn36xx_err("Failed to allocate smd buf\n");
> - ret = -ENOMEM;
> - goto out_free_dxe_ctl;
> - }
> -
> ret = wcn36xx_smd_load_nv(wcn);
> if (ret) {
> wcn36xx_err("Failed to push NV to chip\n");
> - goto out_free_smd_buf;
> + goto out_free_dxe_ctl;
> }
>
> ret = wcn36xx_smd_start(wcn);
> if (ret) {
> wcn36xx_err("Failed to start chip\n");
> - goto out_free_smd_buf;
> + goto out_free_dxe_ctl;
> }
>
> if (!wcn36xx_is_fw_version(wcn, 1, 2, 2, 24)) {
> @@ -339,8 +332,6 @@ static int wcn36xx_start(struct ieee80211_hw *hw)
>
> out_smd_stop:
> wcn36xx_smd_stop(wcn);
> -out_free_smd_buf:
> - kfree(wcn->hal_buf);
> out_free_dxe_ctl:
> wcn36xx_dxe_free_ctl_blks(wcn);
> out_free_dxe_pool:
> @@ -375,8 +366,6 @@ static void wcn36xx_stop(struct ieee80211_hw *hw)
>
> wcn36xx_dxe_free_mem_pools(wcn);
> wcn36xx_dxe_free_ctl_blks(wcn);
> -
> - kfree(wcn->hal_buf);
> }
>
> static void wcn36xx_change_ps(struct wcn36xx *wcn, bool enable)
> @@ -1499,6 +1488,12 @@ static int wcn36xx_probe(struct platform_device *pdev)
> mutex_init(&wcn->hal_mutex);
> mutex_init(&wcn->scan_lock);
>
> + wcn->hal_buf = devm_kmalloc(wcn->dev, WCN36XX_HAL_BUF_SIZE, GFP_KERNEL);
> + if (!wcn->hal_buf) {
> + ret = -ENOMEM;
> + goto out_wq;
> + }
> +
> ret = dma_set_mask_and_coherent(wcn->dev, DMA_BIT_MASK(32));
> if (ret < 0) {
> wcn36xx_err("failed to set DMA mask: %d\n", ret);
> --
> 2.30.1
>
Bryan O'Donoghue <[email protected]> wrote:
> Right now wcn->hal_buf is allocated in wcn36xx_start(). This is a problem
> since we should have setup all of the buffers we required by the time
> ieee80211_register_hw() is called.
>
> struct ieee80211_ops callbacks may run prior to mac_start() and therefore
> wcn->hal_buf must be initialized.
>
> This is easily remediated by moving the allocation to probe() taking the
> opportunity to tidy up freeing memory by using devm_kmalloc().
>
> Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
> Signed-off-by: Bryan O'Donoghue <[email protected]>
> Signed-off-by: Kalle Valo <[email protected]>
Patch applied to ath-next branch of ath.git, thanks.
ef48667557c5 wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches