Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1356359ybh; Mon, 13 Jul 2020 16:58:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZfr/MQFjVdNVqkNL8CoUKlhlebcANznEh1A2t4aV2Cbtbbq+RX0yRLEYHSzdMIYhk0AYN X-Received: by 2002:aa7:d802:: with SMTP id v2mr1784560edq.77.1594684714374; Mon, 13 Jul 2020 16:58:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594684714; cv=none; d=google.com; s=arc-20160816; b=WsOHvZ1h1mehlZtHCD4XkkqyhVSJovY5gIKvy1hK8dTRs8KUr+cuEQ6EqgLa1Hi3wI 7AOmHR9bFmRxCFmjQh+Yr+0e3LGbQ9EolcEwZuysK3VtwtmhlBlOmI7vW5kbQNLE7qaC mup6/C2fjVRrs8sfzmBlvxWFH6WxENb73XnRukA8WHmF3xRV2iWTTHU6Px24m9V6nIbd +xFA3V2M7PyudwuScHDbKZYu9MgbrTRVEF8Z9rKsVrCmvL3KaBle2GxUO4BwC6u8QdcC 1gTE3LLZ0rACGk06CjgwZdSrbugsjwg/t+7zLHixjkdRMa2eOezLSx5T1S11OhA5/p+L aTFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id :organization:subject:from:to:dkim-signature:dkim-filter; bh=yb8dGIgD5YauF7M5Wo+UlfZtuUvXGyYvDx1J8LYmyEo=; b=meiZTIk1CCNrtf9wGrtf/uUylB90I6i1EmMNOQuqDM8uyK71fNEtvew3ilI5jyeeyT Kg9+IAzptfmEpKMFRLU4dRm5Cnp4582Fka1Ihnxgfmo8seqTciGby7ogPgfLKdWmmGsA H5lxEadJPSyLO+H/uGw8s6915YRUqHYkZXIp5YnNRQNzIQ9EyRJAaloJWFBe7dPt08X7 zxMq3BrrA6gwzLAklITWUHEfcEl/zogGbfc1XdtEkgkfnrkJFA4UfbvjDu3Lfoq+pG1k nsgqFA1uUnrmoNKNCzUDkHJWdFTwKL9XSpRfYWchGjzm1dI/5Taw/kf8MGgnaV7qCrMo QGHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@candelatech.com header.s=default header.b=f3eub0dO; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=candelatech.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bq6si9219398ejb.108.2020.07.13.16.57.51; Mon, 13 Jul 2020 16:58:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@candelatech.com header.s=default header.b=f3eub0dO; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=candelatech.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726356AbgGMX53 (ORCPT + 99 others); Mon, 13 Jul 2020 19:57:29 -0400 Received: from mail2.candelatech.com ([208.74.158.173]:56872 "EHLO mail3.candelatech.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726339AbgGMX52 (ORCPT ); Mon, 13 Jul 2020 19:57:28 -0400 Received: from [192.168.254.5] (unknown [50.34.202.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail3.candelatech.com (Postfix) with ESMTPSA id 22FC013C2B0 for ; Mon, 13 Jul 2020 16:57:28 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com 22FC013C2B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1594684648; bh=rzbB0GpJXvzZKA5XtWvgLhPpwrGm2LQZ7Hq9FaLM+qo=; h=To:From:Subject:Date:From; b=f3eub0dOasunYcyBnjgX8UrRK88qLwCmMSOs5QhOIreLSOpsZUZzKeNBBgxUoK6PX 9uk7xoNuv1dxvFGncSrqutUoq0Yz+rwW3h7K+tzIDSdAg6mWa2DUo5IySD4HMAniq3 wHLQ5gj+ODrMJPLzlIKGH/FHqyepyrQkL+eHEncc= To: "linux-wireless@vger.kernel.org" From: Ben Greear Subject: ax200, fw crashes, and sdata-in-driver Organization: Candela Technologies Message-ID: Date: Mon, 13 Jul 2020 16:57:27 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-MW Content-Transfer-Encoding: 7bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hello, I larded up my 5.4 kernel with KASAN and lockdep, and ran some tests. This is with my patch that keeps from busy-spinning forever (see previous ignored patch). After a few restarts and FW crashes, the ax200 could not recover firmware. There were lots of sdata-in-driver errors, and then KASAN hit a use-after-free issue related to ax200 accessing sta object that was previously deleted. Now, I think I know why: In the ieee80211_handle_reconfig_failure(struct ieee80211_local *local) method, it will clear the SDATA_IN_DRIVER flag, and according to comments, this is run when firmware cannot be recovered. But, just because FW is dead does not mean that the driver itself has cleaned up its state. So question is, should ax200 (and all drivers) be responsible for cleaning up all state when FW cannot be recovered, or should instead mac80211 do cleanup in this case by, among other things, not clearing that flag (and probably not doing the ctx->driver_present = false; config as well)? Thanks, Ben -- Ben Greear Candela Technologies Inc http://www.candelatech.com