2022-12-22 11:49:18

by Arend Van Spriel

[permalink] [raw]
Subject: Re: [PATCH] wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()



On 12/22/2022 12:35 PM, shaozhengchao wrote:
>
>
> -----Original Message-----
> From: Arend van Spriel [mailto:[email protected]]
> Sent: Thursday, December 22, 2022 7:00 PM
> To: shaozhengchao <[email protected]>; Kalle Valo <[email protected]>; Sebastian Andrzej Siewior <[email protected]>
> Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; weiyongjun (A) <[email protected]>; yuehaibing <[email protected]>
> Subject: Re: [PATCH] wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
>
> On 12/22/2022 9:52 AM, shaozhengchao wrote:
>>
>>
>> On 2022/12/22 16:46, Kalle Valo wrote:
>>> Sebastian Andrzej Siewior <[email protected]> writes:
>>>
>>>> On 2022-12-21 18:33:06 [+0000], Kalle Valo wrote:
>>>>> Zhengchao Shao <[email protected]> wrote:
>>>>>
>>>>>> After the DMA buffer is mapped to a physical address, address is
>>>>>> stored
>>>>>> in pktids in brcmf_msgbuf_alloc_pktid(). Then, pktids is parsed in
>>>>>> brcmf_msgbuf_get_pktid()/brcmf_msgbuf_release_array() to obtain
>>>>>> physaddr
>>>>>> and later unmap the DMA buffer. But when count is always equal to
>>>>>> pktids->array_size, physaddr isn't stored in pktids and the DMA buffer
>>>>>> will not be unmapped anyway.
>>>>>>
>>>>>> Fixes: 9a1bb60250d2 ("brcmfmac: Adding msgbuf protocol.")
>>>>>> Signed-off-by: Zhengchao Shao <[email protected]>
>>>>>
>>>>> Can someone review this?
>>>>
>>>> After looking at the code, that skb is mapped but not inserted into the
>>>> ringbuffer in this condition. The function returns with an error and the
>>>> caller will free that skb (or add to a list for later). Either way the
>>>> skb remains mapped which is wrong. The unmap here is the right thing to
>>>> do.
>>>>
>>>> Reviewed-by: Sebastian Andrzej Siewior <[email protected]>
>>>
>>> Thanks for the review, very much appreciated.
>>>
>>
>> Thank you very much.
>
>> Good catch. Has this path been observed or is this found by inspecting
>> the code? Just curious.
>
>> Regards,
>> Arend
>
> Hi Arend:
> I review code and find the bug.


Much appreciated.

Regards,
Arend

> Zhengchao Shao


Attachments:
smime.p7s (4.12 kB)
S/MIME Cryptographic Signature