This series contains three mt7921 fixes introduce with new runtime-pm rework
Lorenzo Bianconi (3):
mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
mt76: connac: do not schedule wake_work if the runtime-pm is disabled
mt76: connac: do not schedule mac_work if the device is not running
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 5 +++--
.../net/wireless/mediatek/mt76/mt76_connac.h | 6 ++++++
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 5 +++--
drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 17 ++++++++++-------
4 files changed, 22 insertions(+), 11 deletions(-)
--
2.30.2
Fix possible array out of bound access in mt7921_mcu_tx_rate_report.
Remove unnecessary varibable in mt7921_mcu_tx_rate_report
Fixes: 1c099ab44727c ("mt76: mt7921: add MCU support")
Signed-off-by: Lorenzo Bianconi <[email protected]>
---
drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7921/mcu.c
index 5f3d56d570a5..67dc4b4cc094 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mcu.c
@@ -402,20 +402,22 @@ static void
mt7921_mcu_tx_rate_report(struct mt7921_dev *dev, struct sk_buff *skb,
u16 wlan_idx)
{
- struct mt7921_mcu_wlan_info_event *wtbl_info =
- (struct mt7921_mcu_wlan_info_event *)(skb->data);
- struct rate_info rate = {};
- u8 curr_idx = wtbl_info->rate_info.rate_idx;
- u16 curr = le16_to_cpu(wtbl_info->rate_info.rate[curr_idx]);
- struct mt7921_mcu_peer_cap peer = wtbl_info->peer_cap;
+ struct mt7921_mcu_wlan_info_event *wtbl_info;
struct mt76_phy *mphy = &dev->mphy;
struct mt7921_sta_stats *stats;
+ struct rate_info rate = {};
struct mt7921_sta *msta;
struct mt76_wcid *wcid;
+ u8 idx;
if (wlan_idx >= MT76_N_WCIDS)
return;
+ wtbl_info = (struct mt7921_mcu_wlan_info_event *)skb->data;
+ idx = wtbl_info->rate_info.rate_idx;
+ if (idx >= ARRAY_SIZE(wtbl_info->rate_info.rate))
+ return;
+
rcu_read_lock();
wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]);
@@ -426,7 +428,8 @@ mt7921_mcu_tx_rate_report(struct mt7921_dev *dev, struct sk_buff *skb,
stats = &msta->stats;
/* current rate */
- mt7921_mcu_tx_rate_parse(mphy, &peer, &rate, curr);
+ mt7921_mcu_tx_rate_parse(mphy, &wtbl_info->peer_cap, &rate,
+ le16_to_cpu(wtbl_info->rate_info.rate[idx]));
stats->tx_rate = rate;
out:
rcu_read_unlock();
--
2.30.2
Fix the following crash due to a call to mt7921_pm_wake_work if the
device has pm disabled or does not support runtime-pm
[ 8.412590] mt7921e 0000:01:00.0: HW/SW Version: 0x8a108a10, Build
[ 8.413660] WARNING: CPU: 0 PID: 20 at __queue_delayed_work+0x84/0xb0
[ 8.481831] CPU: 0 PID: 20 Comm: kworker/u4:1 Not tainted 5.10.31 #0
[ 8.488175] Hardware name: MediaTek MT7622 RFB1 board (DT)
[ 8.493663] Workqueue: mt76 mt7921_pm_wake_work [mt7921e]
[ 8.499055] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)
[ 8.505052] pc : __queue_delayed_work+0x84/0xb0
[ 8.509574] lr : queue_delayed_work_on+0x54/0x78
[ 8.514180] sp : ffffffc010bcbd20
[ 8.517485] x29: ffffffc010bcbd20 x28: 0000000000000000
[ 8.522790] x27: ffffff800015a148 x26: ffffffc0108acae0
[ 8.528094] x25: 0000000000000000 x24: ffffff80056b4208
[ 8.533399] x23: ffffff80056b26e0 x22: ffffff80056b26e0
[ 8.538703] x21: ffffff80056b45f8 x20: ffffff80056b5dc8
[ 8.544006] x19: 0000000000000000 x18: 000000000000000e
[ 8.549310] x17: 0000000000000001 x16: 0000000000000019
[ 8.554614] x15: 0000000000000033 x14: ffffffffffffffff
[ 8.559919] x13: ffffffffffffffff x12: 0000000000000000
[ 8.565223] x11: 0000000000000040 x10: 0000000000000820
[ 8.570528] x9 : 0000b3c738feafd6 x8 : ffffff801feb7c80
[ 8.575832] x7 : ffffff80056b4808 x6 : 0000000000000000
[ 8.581136] x5 : ffffff80056b2888 x4 : 0000000fffffffe0
[ 8.586441] x3 : 000000000000003e x2 : ffffff80056b2868
[ 8.591745] x1 : 0000000000000000 x0 : 0000000000000002
[ 8.597049] Call trace:
[ 8.599488] __queue_delayed_work+0x84/0xb0
[ 8.603662] queue_delayed_work_on+0x54/0x78
[ 8.607947] ieee80211_queue_delayed_work+0x30/0x50 [mac80211]
[ 8.613774] mt7921_pm_wake_work+0xa0/0xe0 [mt7921e]
[ 8.618730] process_one_work+0x1fc/0x398
[ 8.622730] worker_thread+0x150/0x4e0
[ 8.626472] kthread+0x120/0x128
[ 8.629693] ret_from_fork+0x10/0x18
Fixes: 129fac01ffe85 ("mt76: connac: introduce wake counter for fw_pmctrl synchronization")
Signed-off-by: Lorenzo Bianconi <[email protected]>
---
drivers/net/wireless/mediatek/mt76/mt76_connac.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac.h b/drivers/net/wireless/mediatek/mt76/mt76_connac.h
index 6c889b90fd12..2b1150bf8d3d 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac.h
@@ -103,6 +103,9 @@ mt76_connac_pm_ref(struct mt76_phy *phy, struct mt76_connac_pm *pm)
{
bool ret = false;
+ if (!pm->enable)
+ return true;
+
spin_lock_bh(&pm->wake.lock);
if (test_bit(MT76_STATE_PM, &phy->state))
goto out;
@@ -118,6 +121,9 @@ mt76_connac_pm_ref(struct mt76_phy *phy, struct mt76_connac_pm *pm)
static inline void
mt76_connac_pm_unref(struct mt76_connac_pm *pm)
{
+ if (!pm->enable)
+ return;
+
spin_lock_bh(&pm->wake.lock);
pm->wake.count--;
pm->last_activity = jiffies;
--
2.30.2
Do not run ieee80211_queue_delayed_work for mac work if the worqueue is
not initialized yet
Fixes: b1bd7bb8121d ("mt76: connac: unschedule mac_work before going to sleep")
Signed-off-by: Lorenzo Bianconi <[email protected]>
---
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 5 +++--
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
index f81a17d56008..e2dcfee6be81 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
@@ -1912,8 +1912,9 @@ void mt7615_pm_wake_work(struct work_struct *work)
napi_schedule(&dev->mt76.napi[i]);
mt76_connac_pm_dequeue_skbs(mphy, &dev->pm);
mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_WM], false);
- ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
- MT7615_WATCHDOG_TIME);
+ if (test_bit(MT76_STATE_RUNNING, &mphy->state))
+ ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
+ MT7615_WATCHDOG_TIME);
}
ieee80211_wake_queues(mphy->hw);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index 214bd1859792..decf2d5f0ce3 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -1404,8 +1404,9 @@ void mt7921_pm_wake_work(struct work_struct *work)
napi_schedule(&dev->mt76.napi[i]);
mt76_connac_pm_dequeue_skbs(mphy, &dev->pm);
mt7921_tx_cleanup(dev);
- ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
- MT7921_WATCHDOG_TIME);
+ if (test_bit(MT76_STATE_RUNNING, &mphy->state))
+ ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
+ MT7921_WATCHDOG_TIME);
}
ieee80211_wake_queues(mphy->hw);
--
2.30.2
On 2021-04-23 16:27, Lorenzo Bianconi wrote:
> This series contains three mt7921 fixes introduce with new runtime-pm rework
>
> Lorenzo Bianconi (3):
> mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
> mt76: connac: do not schedule wake_work if the runtime-pm is disabled
> mt76: connac: do not schedule mac_work if the device is not running
For the series:
Reviewed-by: Felix Fietkau <[email protected]>
Kalle, could you please take these patches directly, they're all
regression fixes.
- Felix
Felix Fietkau <[email protected]> writes:
> On 2021-04-23 16:27, Lorenzo Bianconi wrote:
>> This series contains three mt7921 fixes introduce with new runtime-pm rework
>>
>> Lorenzo Bianconi (3):
>> mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
>> mt76: connac: do not schedule wake_work if the runtime-pm is disabled
>> mt76: connac: do not schedule mac_work if the device is not running
> For the series:
> Reviewed-by: Felix Fietkau <[email protected]>
>
> Kalle, could you please take these patches directly, they're all
> regression fixes.
Ok, I assigned this series to me on patchwork.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
> Fix the following crash due to a call to mt7921_pm_wake_work if the
> device has pm disabled or does not support runtime-pm
>
> [ 8.412590] mt7921e 0000:01:00.0: HW/SW Version: 0x8a108a10, Build
> [ 8.413660] WARNING: CPU: 0 PID: 20 at __queue_delayed_work+0x84/0xb0
> [ 8.481831] CPU: 0 PID: 20 Comm: kworker/u4:1 Not tainted 5.10.31 #0
> [ 8.488175] Hardware name: MediaTek MT7622 RFB1 board (DT)
> [ 8.493663] Workqueue: mt76 mt7921_pm_wake_work [mt7921e]
> [ 8.499055] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)
> [ 8.505052] pc : __queue_delayed_work+0x84/0xb0
> [ 8.509574] lr : queue_delayed_work_on+0x54/0x78
> [ 8.514180] sp : ffffffc010bcbd20
> [ 8.517485] x29: ffffffc010bcbd20 x28: 0000000000000000
> [ 8.522790] x27: ffffff800015a148 x26: ffffffc0108acae0
> [ 8.528094] x25: 0000000000000000 x24: ffffff80056b4208
> [ 8.533399] x23: ffffff80056b26e0 x22: ffffff80056b26e0
> [ 8.538703] x21: ffffff80056b45f8 x20: ffffff80056b5dc8
> [ 8.544006] x19: 0000000000000000 x18: 000000000000000e
> [ 8.549310] x17: 0000000000000001 x16: 0000000000000019
> [ 8.554614] x15: 0000000000000033 x14: ffffffffffffffff
> [ 8.559919] x13: ffffffffffffffff x12: 0000000000000000
> [ 8.565223] x11: 0000000000000040 x10: 0000000000000820
> [ 8.570528] x9 : 0000b3c738feafd6 x8 : ffffff801feb7c80
> [ 8.575832] x7 : ffffff80056b4808 x6 : 0000000000000000
> [ 8.581136] x5 : ffffff80056b2888 x4 : 0000000fffffffe0
> [ 8.586441] x3 : 000000000000003e x2 : ffffff80056b2868
> [ 8.591745] x1 : 0000000000000000 x0 : 0000000000000002
> [ 8.597049] Call trace:
> [ 8.599488] __queue_delayed_work+0x84/0xb0
> [ 8.603662] queue_delayed_work_on+0x54/0x78
> [ 8.607947] ieee80211_queue_delayed_work+0x30/0x50 [mac80211]
> [ 8.613774] mt7921_pm_wake_work+0xa0/0xe0 [mt7921e]
> [ 8.618730] process_one_work+0x1fc/0x398
> [ 8.622730] worker_thread+0x150/0x4e0
> [ 8.626472] kthread+0x120/0x128
> [ 8.629693] ret_from_fork+0x10/0x18
>
> Fixes: 129fac01ffe85 ("mt76: connac: introduce wake counter for fw_pmctrl synchronization")
> Signed-off-by: Lorenzo Bianconi <[email protected]>
> ---
> drivers/net/wireless/mediatek/mt76/mt76_connac.h | 6 ++++++
> 1 file changed, 6 insertions(+)
Hi Kalle,
can you please drop this patch from the series and get the patch below instead? Thanks.
https://patchwork.kernel.org/project/linux-wireless/patch/3ff8e1901f38a943c4ca487a93d036ed368b46e1.1619543861.git.lorenzo@kernel.org/
Regards,
Lorenzo
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac.h b/drivers/net/wireless/mediatek/mt76/mt76_connac.h
> index 6c889b90fd12..2b1150bf8d3d 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt76_connac.h
> +++ b/drivers/net/wireless/mediatek/mt76/mt76_connac.h
> @@ -103,6 +103,9 @@ mt76_connac_pm_ref(struct mt76_phy *phy, struct mt76_connac_pm *pm)
> {
> bool ret = false;
>
> + if (!pm->enable)
> + return true;
> +
> spin_lock_bh(&pm->wake.lock);
> if (test_bit(MT76_STATE_PM, &phy->state))
> goto out;
> @@ -118,6 +121,9 @@ mt76_connac_pm_ref(struct mt76_phy *phy, struct mt76_connac_pm *pm)
> static inline void
> mt76_connac_pm_unref(struct mt76_connac_pm *pm)
> {
> + if (!pm->enable)
> + return;
> +
> spin_lock_bh(&pm->wake.lock);
> pm->wake.count--;
> pm->last_activity = jiffies;
> --
> 2.30.2
>
Lorenzo Bianconi <[email protected]> wrote:
> Fix the following crash due to a call to mt7921_pm_wake_work if the
> device has pm disabled or does not support runtime-pm
>
> [ 8.412590] mt7921e 0000:01:00.0: HW/SW Version: 0x8a108a10, Build
> [ 8.413660] WARNING: CPU: 0 PID: 20 at __queue_delayed_work+0x84/0xb0
> [ 8.481831] CPU: 0 PID: 20 Comm: kworker/u4:1 Not tainted 5.10.31 #0
> [ 8.488175] Hardware name: MediaTek MT7622 RFB1 board (DT)
> [ 8.493663] Workqueue: mt76 mt7921_pm_wake_work [mt7921e]
> [ 8.499055] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)
> [ 8.505052] pc : __queue_delayed_work+0x84/0xb0
> [ 8.509574] lr : queue_delayed_work_on+0x54/0x78
> [ 8.514180] sp : ffffffc010bcbd20
> [ 8.517485] x29: ffffffc010bcbd20 x28: 0000000000000000
> [ 8.522790] x27: ffffff800015a148 x26: ffffffc0108acae0
> [ 8.528094] x25: 0000000000000000 x24: ffffff80056b4208
> [ 8.533399] x23: ffffff80056b26e0 x22: ffffff80056b26e0
> [ 8.538703] x21: ffffff80056b45f8 x20: ffffff80056b5dc8
> [ 8.544006] x19: 0000000000000000 x18: 000000000000000e
> [ 8.549310] x17: 0000000000000001 x16: 0000000000000019
> [ 8.554614] x15: 0000000000000033 x14: ffffffffffffffff
> [ 8.559919] x13: ffffffffffffffff x12: 0000000000000000
> [ 8.565223] x11: 0000000000000040 x10: 0000000000000820
> [ 8.570528] x9 : 0000b3c738feafd6 x8 : ffffff801feb7c80
> [ 8.575832] x7 : ffffff80056b4808 x6 : 0000000000000000
> [ 8.581136] x5 : ffffff80056b2888 x4 : 0000000fffffffe0
> [ 8.586441] x3 : 000000000000003e x2 : ffffff80056b2868
> [ 8.591745] x1 : 0000000000000000 x0 : 0000000000000002
> [ 8.597049] Call trace:
> [ 8.599488] __queue_delayed_work+0x84/0xb0
> [ 8.603662] queue_delayed_work_on+0x54/0x78
> [ 8.607947] ieee80211_queue_delayed_work+0x30/0x50 [mac80211]
> [ 8.613774] mt7921_pm_wake_work+0xa0/0xe0 [mt7921e]
> [ 8.618730] process_one_work+0x1fc/0x398
> [ 8.622730] worker_thread+0x150/0x4e0
> [ 8.626472] kthread+0x120/0x128
> [ 8.629693] ret_from_fork+0x10/0x18
>
> Fixes: 129fac01ffe85 ("mt76: connac: introduce wake counter for fw_pmctrl synchronization")
> Signed-off-by: Lorenzo Bianconi <[email protected]>
Dropped patch 2 per Lorenzo's request.
Patch set to Changes Requested.
--
https://patchwork.kernel.org/project/linux-wireless/patch/aad9ade1a25f45084cbc2aa66e5ff9a268043ff3.1619187875.git.lorenzo@kernel.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Lorenzo Bianconi <[email protected]> wrote:
> Fix possible array out of bound access in mt7921_mcu_tx_rate_report.
> Remove unnecessary varibable in mt7921_mcu_tx_rate_report
>
> Fixes: 1c099ab44727c ("mt76: mt7921: add MCU support")
> Signed-off-by: Lorenzo Bianconi <[email protected]>
2 patches applied to wireless-drivers.git, thanks.
d874e6c06952 mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
6061fcf4820a mt76: connac: do not schedule mac_work if the device is not running
--
https://patchwork.kernel.org/project/linux-wireless/patch/91a1e8f6b6a3e6a929de560ed68132f6eb421720.1619187875.git.lorenzo@kernel.org/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches