Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp35311ybv; Wed, 5 Feb 2020 00:33:48 -0800 (PST) X-Google-Smtp-Source: APXvYqwaPNL+ZZgOgq+BJ7X7NIBBGDceg8f1sTPx8UspWwxCBykslz77E+gL3OJnnPOaqcG1Dc0I X-Received: by 2002:a9d:3b09:: with SMTP id z9mr25290487otb.195.1580891628152; Wed, 05 Feb 2020 00:33:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580891628; cv=none; d=google.com; s=arc-20160816; b=mX4nRJ8mNuWWHUUb0RtziQG8pXHdrORU19UCvI7TinWORnWd7iNgtenfxeGDFI73lz lN9+kU+5sJ0cAllCctooC0FjnyLaifpsogXlb9985uCTOo/NnpRqkYGZrdbTwKrhWeVQ HTg1MCNTwoYeTc8hDO6QQHhM1vHynjFZy0QE758W9B6SeUZ1hSqDt4s1C66FoUylNH6f WF4tgezaRMcknZdEGJh4tlqPAjuVwLnrypzsDbCE5yMggyjQNK3uwpVWP5wkjoIFPBNN zywB6sPGQaJNidK4qHlFyNTHLBmdp/viceugsa0jQex+wsMhdggDmY4ezzIS3FU5IWhR B+ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dmarc-filter:dkim-signature; bh=jYeXu8Bq1N/yKhVNgvvndQG64TjmW7ULdklQC4cBpwk=; b=hwLpUurpOJIXBuEGu4eTbspgGiR5qAwQZTmuPBX30UiJdz9+zqIreWDo2E9RHDsr48 x08a5FG79lMf9IF68ZjDolWXsBYB98qtwxWQnU3qe9zKAGn9VQeuE5hA3i1qW4JRskoG Vf7fJ3791a5heu/21Bly+Jtq4/IKhDXLHsBv9kCDuOWzv1vhhhZz09mnJBg/+1lMaerO X12zJn71WGFIXpuVnv5E8COr5j20ob4gPnQvWba1E6NwC6rGMr6lreQbbikVrx/Dv14W 57QrzMAeyKuUL5y3+SR4bZEQYiscf2v8NK0jrmHS8UgFcrhCCsPRbmNzbNNrUQyYuvMR iwqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@mg.codeaurora.org header.s=smtp header.b="pRDaZ/3D"; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 65si12474246oif.14.2020.02.05.00.33.28; Wed, 05 Feb 2020 00:33:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@mg.codeaurora.org header.s=smtp header.b="pRDaZ/3D"; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728088AbgBEIc0 (ORCPT + 99 others); Wed, 5 Feb 2020 03:32:26 -0500 Received: from mail26.static.mailgun.info ([104.130.122.26]:63850 "EHLO mail26.static.mailgun.info" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728079AbgBEIc0 (ORCPT ); Wed, 5 Feb 2020 03:32:26 -0500 DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt; s=smtp; t=1580891545; h=Message-Id: Date: Subject: Cc: To: From: Sender; bh=jYeXu8Bq1N/yKhVNgvvndQG64TjmW7ULdklQC4cBpwk=; b=pRDaZ/3DgApP3mACjKm/HC24tpoS9YPMp8OA6aeROuXZqg36zzvBtGXUfk+sV9dBbWdvOy3D 5x+81U+aWo40Uch8asQLy1q7q3JFLoI4+bnH8uaP/P8FpMJfGpqu0q6aKW4gSqY25ZWeY73Y G0gctC2cFod5zuOm6C665Pe353M= X-Mailgun-Sending-Ip: 104.130.122.26 X-Mailgun-Sid: WyI3YTAwOSIsICJsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5vcmciLCAiYmU5ZTRhIl0= Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by mxa.mailgun.org with ESMTP id 5e3a7d8e.7f52ee421110-smtp-out-n01; Wed, 05 Feb 2020 08:32:14 -0000 (UTC) Received: by smtp.codeaurora.org (Postfix, from userid 1001) id 56441C433A2; Wed, 5 Feb 2020 08:32:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=2.0 tests=ALL_TRUSTED,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.0 Received: from vnaralas-linux.qualcomm.com (blr-c-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: vnaralas) by smtp.codeaurora.org (Postfix) with ESMTPSA id 3AD42C43383; Wed, 5 Feb 2020 08:32:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 3AD42C43383 Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=none smtp.mailfrom=vnaralas@codeaurora.org From: Venkateswara Rao Naralasetty To: ath11k@lists.infradead.org Cc: linux-wireless@vger.kernel.org, Vikas Patel , Venkateswara Naralasetty Subject: [PATCH] ath11k: Fixing dangling pointer issue upon peer delete failure Date: Wed, 5 Feb 2020 14:01:55 +0530 Message-Id: <1580891515-15054-1-git-send-email-vnaralas@codeaurora.org> X-Mailer: git-send-email 2.7.4 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Vikas Patel When there is WMI command failure, 'peer->sta' was not getting cleaned up, and mac80211 frees the 'sta' memory, which is causing the below page fault. Cleaning up the sta pointer in ath11k whenever peer delete command is sent. Unable to handle kernel paging request at virtual address 200080000006a pgd = ffffffc02a774000 [200080000006a] *pgd=0000000000000000, *pud=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP . . . CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1 Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT) task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0 PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k] LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k] pc : [] lr : [] pstate: 60000145 sp : ffffffc000833a30 Signed-off-by: Vikas Patel Signed-off-by: Venkateswara Naralasetty --- drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c index 6640662..4868c83 100644 --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c @@ -2786,6 +2786,7 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw, struct ath11k *ar = hw->priv; struct ath11k_vif *arvif = ath11k_vif_to_arvif(vif); struct ath11k_sta *arsta = (struct ath11k_sta *)sta->drv_priv; + struct ath11k_peer *peer; int ret = 0; /* cancel must be done outside the mutex to avoid deadlock */ @@ -2818,6 +2819,17 @@ static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw, sta->addr, arvif->vdev_id); ath11k_mac_dec_num_stations(arvif, sta); + spin_lock_bh(&ar->ab->base_lock); + peer = ath11k_peer_find(ar->ab, arvif->vdev_id, sta->addr); + if (peer && peer->sta == sta) { + ath11k_warn(ar->ab, "Found peer entry %pM n vdev %i after it was supposedly removed\n", + vif->addr, arvif->vdev_id); + peer->sta = NULL; + list_del(&peer->list); + kfree(peer); + ar->num_peers--; + } + spin_unlock_bh(&ar->ab->base_lock); kfree(arsta->tx_stats); arsta->tx_stats = NULL; -- 2.7.4