Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp158427pxk; Wed, 9 Sep 2020 01:41:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGe73mu1fIcwnT5bCmvOl6AXKB0Wlg4ZnTyLBA/bWNTuaLgNce5DaQQduKP7BkT1IzB28I X-Received: by 2002:a05:6402:114d:: with SMTP id g13mr2898816edw.157.1599640903247; Wed, 09 Sep 2020 01:41:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599640903; cv=none; d=google.com; s=arc-20160816; b=PYTjTdNxcp0dFycePMGSXBFFoycu3P4SQBcW1CqbVB6cNNkb8r3zxUS9jhPSjVliBP FsUAh7cOhRYyZ3DmVxOirWcgRL1C95Za8DsCnD20hNAxT+ZtDgXdz+Y5EJlmDRaUJa/T 3mSvNJckSVLSwnZN+ZVNkYh3NLsWx/AsJBbCPMpsQf9N2KZMVi2t2Uuaq8a5WX9hIm8G P8QLDzrHgzZLxYqbQ7pN+awxhG1no5/0TmqKmjz6nxeBZw+CMtl4LDX9j6m/mR4Qo2o6 35cf06LWdbIxQYU9hgZ0PFiw2XHa6t7CTCRUopEGFQ7/UFz5WkObJ82SubyVU5jgEhah PKUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:feedback-id:mime-version:user-agent :message-id:in-reply-to:date:references:subject:cc:to:from :dmarc-filter:dkim-signature:dkim-signature; bh=BJQSbG0zrvl0owXHtxCfzg/53TSvNF8Fd5Tr6cMFCvE=; b=WuO0b7HgPTbVQ/j/cpWxhS4b9P/CFPUZWnh6TvfHjXBwkPNo/3nfVDA3LtTMjTGZ8m +xlUVwlp4G8l+DxAPdwd9L1HM/bY5Afa/hMMI6DuYoIustGEhJPQ3rPwmF/3Ta5LSnim Cway5e3o3QlzuATRPFhJ42XlF2jWua7hbtGGb+GDfvEqAMrnWKVTMDsL4Mm6P4cHWOWZ V0bnKYOjU+6oxksSSG5JFdLW1Fzx2G0O81ooaJR4h1A3decdVlaIlDbSd+HVOm2aM5s0 qyGXzVans5bj4x5TXk22wfw/GtY0upOHEnSb58dKnMrxMueHjajeGkiNtarAlvz2HQNX UMMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=zsmsymrwgfyinv5wlfyidntwsjeeldzt header.b=Toyu5HT3; dkim=pass header.i=@amazonses.com header.s=hsbnp7p3ensaochzwyq5wwmceodymuwv header.b=ai9w4kCR; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t6si979966ejs.530.2020.09.09.01.41.08; Wed, 09 Sep 2020 01:41:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=zsmsymrwgfyinv5wlfyidntwsjeeldzt header.b=Toyu5HT3; dkim=pass header.i=@amazonses.com header.s=hsbnp7p3ensaochzwyq5wwmceodymuwv header.b=ai9w4kCR; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728214AbgIIIis (ORCPT + 99 others); Wed, 9 Sep 2020 04:38:48 -0400 Received: from a27-188.smtp-out.us-west-2.amazonses.com ([54.240.27.188]:47448 "EHLO a27-188.smtp-out.us-west-2.amazonses.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726605AbgIIIip (ORCPT ); Wed, 9 Sep 2020 04:38:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=zsmsymrwgfyinv5wlfyidntwsjeeldzt; d=codeaurora.org; t=1599640725; h=From:To:Cc:Subject:References:Date:In-Reply-To:Message-ID:MIME-Version:Content-Type; bh=ZJN7Gn0C64KReZ80V9CMdw/44QfuEcVHRZoW4KgBD6c=; b=Toyu5HT3rCMRrDTMgbwcZD6Hfn4m1vCi3vTdQLpyXaX4aLhW70XzdAldA03sORLw LJsDMLQsK0obDL7g2a+KfOb4ZrY3A1UL4hvwlBMUNevEZGJ6x0veFE6rJ9MrlBx/g+h gzPVvKPUsx4A42k+H2ZVNeGHVnKGJg04Gi8a/ucw= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=hsbnp7p3ensaochzwyq5wwmceodymuwv; d=amazonses.com; t=1599640725; h=From:To:Cc:Subject:References:Date:In-Reply-To:Message-ID:MIME-Version:Content-Type:Feedback-ID; bh=ZJN7Gn0C64KReZ80V9CMdw/44QfuEcVHRZoW4KgBD6c=; b=ai9w4kCRR5YoK3N69lcv4PiFLmJg+rZEUXI8CL6uVVv6EZQtE9wmPs+Ssw+RMDCn q16NzN2IklCxbo2CAo1PuAG8/eTRdK4ozdLKhBfqvbXWIxvfoz6BGcqXipbglndMjyA fkGXs0Rw1tCj0iqT6fsWdyfc847QmR2uNjSzH3bo= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=ALL_TRUSTED,BAYES_00,SPF_FAIL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org CC835C433FE Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=fail smtp.mailfrom=kvalo@codeaurora.org From: Kalle Valo To: Wen Gong Cc: Pradeep Kumar Chitrapu , linux-wireless@vger.kernel.org, ath11k@lists.infradead.org Subject: Re: [PATCH v5 8/8] ath11k: Add support for 6g scan hint References: <20200603001724.12161-1-pradeepc@codeaurora.org> <20200603001724.12161-9-pradeepc@codeaurora.org> Date: Wed, 9 Sep 2020 08:38:44 +0000 In-Reply-To: (Wen Gong's message of "Mon, 24 Aug 2020 11:29:42 +0800") Message-ID: <01010174720465b2-fea2e548-95b2-488a-ae51-8f2a501f838e-000000@us-west-2.amazonses.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SES-Outgoing: 2020.09.09-54.240.27.188 Feedback-ID: 1.us-west-2.CZuq2qbDmUIuT3qdvXlRHZZCpfZqZ4GtG9v3VKgRyF0=:AmazonSES Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Wen Gong writes: > On 2020-06-03 08:17, Pradeep Kumar Chitrapu wrote: > ... >> @@ -2126,6 +2136,68 @@ int ath11k_wmi_send_scan_start_cmd(struct >> ath11k *ar, >> >> ptr += extraie_len_with_pad; >> >> + if (params->num_hint_s_ssid) { >> + len = params->num_hint_s_ssid * sizeof(struct hint_short_ssid); >> + tlv = ptr; >> + tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) | >> + FIELD_PREP(WMI_TLV_LEN, len); >> + ptr += TLV_HDR_SIZE; >> + s_ssid = ptr; >> + for (i = 0; i < params->num_hint_s_ssid; ++i) { >> + s_ssid->freq_flags = params->hint_s_ssid[i].freq_flags; >> + s_ssid->short_ssid = params->hint_s_ssid[i].short_ssid; >> + s_ssid++; >> + } >> + ptr += len; >> + } >> + >> + if (params->num_hint_bssid) { >> + len = params->num_hint_bssid * sizeof(struct hint_bssid); >> + tlv = ptr; >> + tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) | >> + FIELD_PREP(WMI_TLV_LEN, len); >> + ptr += TLV_HDR_SIZE; >> + hint_bssid = ptr; >> + for (i = 0; i < params->num_hint_bssid; ++i) { >> + hint_bssid->freq_flags = >> + params->hint_bssid[i].freq_flags; >> + ether_addr_copy(¶ms->hint_bssid[i].bssid.addr[0], >> + &hint_bssid->bssid.addr[0]); >> + hint_bssid++; >> + } >> + } >> + >> + len = params->num_hint_s_ssid * sizeof(struct hint_short_ssid); >> + tlv = ptr; >> + tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) | >> + FIELD_PREP(WMI_TLV_LEN, len); >> + ptr += TLV_HDR_SIZE; >> + if (params->num_hint_s_ssid) { >> + s_ssid = ptr; >> + for (i = 0; i < params->num_hint_s_ssid; ++i) { >> + s_ssid->freq_flags = params->hint_s_ssid[i].freq_flags; >> + s_ssid->short_ssid = params->hint_s_ssid[i].short_ssid; >> + s_ssid++; >> + } >> + } >> + ptr += len; >> + >> + len = params->num_hint_bssid * sizeof(struct hint_bssid); >> + tlv = ptr; >> + tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_FIXED_STRUCT) | >> + FIELD_PREP(WMI_TLV_LEN, len); >> + ptr += TLV_HDR_SIZE; >> + if (params->num_hint_bssid) { >> + hint_bssid = ptr; >> + for (i = 0; i < params->num_hint_bssid; ++i) { >> + hint_bssid->freq_flags = >> + params->hint_bssid[i].freq_flags; >> + ether_addr_copy(¶ms->hint_bssid[i].bssid.addr[0], >> + &hint_bssid->bssid.addr[0]); >> + hint_bssid++; >> + } >> + } >> + > It handle num_hint_bssid/ num_hint_s_ssid twice, and lead skb overflow > and lead crash > Removed one then not crash by my test. > > [ 333.887631] ath11k_pci 0000:05:00.0: ath11k_wmi_send_scan_start_cmd > 2 skb null 0 > ,pK:ffff921f6fd85400,llx:ffff921f6fd85400,px:ffff921f6fd85400,p:000000008d8d8abe > [ 333.887633] ath11k_pci 0000:05:00.0: ath11k_wmi_send_scan_start_cmd > 2 skb > len:372,end:448,tail:448,head:ffff921f6d7a3140,data:ffff921f6d7a318c > [ 333.887635] ath11k_pci 0000:05:00.0: ath11k_wmi_send_scan_start_cmd > 2 shinfo nr_frags 19 null 0,pk:ffff921f6d7a3300,llx:ffff921f6d7a3300 > [ 333.887638] ath11k_pci 0000:05:00.0: ath11k_wmi_cmd_send_nowait 1 > skb null 0 > ,pK:ffff921f6fd85400,llx:ffff921f6fd85400,px:ffff921f6fd85400,p:000000008d8d8abe > [ 333.887640] ath11k_pci 0000:05:00.0: ath11k_wmi_cmd_send_nowait 1 > skb > len:376,end:448,tail:448,head:ffff921f6d7a3140,data:ffff921f6d7a3188 > [ 333.887642] ath11k_pci 0000:05:00.0: ath11k_wmi_cmd_send_nowait > shinfo nr_frags 19 null 0,pk:ffff921f6d7a3300,llx:ffff921f6d7a3300 > [ 333.887644] ath11k_pci 0000:05:00.0: htc ep 2 consumed 1 credits > (total 1) > [ 333.887649] ath11k_pci 0000:05:00.0: ath11k_ce_send 1 write_index > 6, skb null 0 > ,pK:ffff921f6fd85400,llx:ffff921f6fd85400,px:ffff921f6fd85400,p:000000008d8d8abe > [ 333.887650] ath11k_pci 0000:05:00.0: ath11k_ce_send 1 skb > len:384,end:448,tail:448,head:ffff921f6d7a3140,data:ffff921f6d7a3180 > [ 333.887652] ath11k_pci 0000:05:00.0: ath11k_ce_send shinfo nr_frags > 19 null 0,pk:ffff921f6d7a3300,llx:ffff921f6d7a3300 > [ 333.887654] ath11k_pci 0000:05:00.0: wmi cmd send 0x3001 ret 0 > [ 333.887729] general protection fault, probably for non-canonical > address 0x2e676e69746e756f: 0000 [#1] SMP PTI > [ 333.887734] CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G > W OE 5.8.0-rc1+ #3 > [ 333.887735] Hardware name: LENOVO 418065C/418065C, BIOS 83ET63WW > (1.33 ) 07/29/2011 > [ 333.887741] RIP: 0010:skb_release_data+0x66/0x170 > [ 333.887744] Code: 41 0f c1 44 24 20 39 c2 0f 85 ff 00 00 00 31 db > 41 80 7c 24 02 00 48 89 fd 74 39 48 63 c3 48 83 c0 03 48 c1 e0 04 49 > 8b 3c 04 <48> 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa 66 66 66 66 90 f0 > ff 4f > [ 333.887746] RSP: 0018:ffffb3204010ce48 EFLAGS: 00010206 > [ 333.887748] RAX: 0000000000000030 RBX: 0000000000000000 RCX: > 000000000000466e > [ 333.887749] RDX: 0000000000000011 RSI: 0000000000000001 RDI: > 2e676e69746e756f > [ 333.887751] RBP: ffff921f6fd85400 R08: ffff921f7e5dc9b8 R09: > ffff921f7e5cb000 > [ 333.887752] R10: 000000000000000c R11: 0000000000001142 R12: > ffff921f6d7a3300 > [ 333.887754] R13: 0000000000000013 R14: ffff921f68d41658 R15: > ffff921f68d42e68 > [ 333.887756] FS: 0000000000000000(0000) GS:ffff921f7a240000(0000) > knlGS:0000000000000000 > [ 333.887757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 333.887759] CR2: 00007f73be694b58 CR3: 000000008f40a004 CR4: > 00000000000606e0 > [ 333.887760] Call Trace: > [ 333.887763] > [ 333.887766] consume_skb+0x27/0xb0 > [ 333.887780] ath11k_ce_send_done_cb+0x2a2/0x2c0 [ath11k] > [ 333.887789] ath11k_ce_per_engine_service+0x50/0x3b0 [ath11k] > [ 333.887796] ? ath11k_info+0x56/0x60 [ath11k] > [ 333.887799] ? __irq_put_desc_unlock+0x18/0x50 > [ 333.887802] ath11k_pci_ce_tasklet+0x2f/0x50 [ath11k_pci] > [ 333.887806] tasklet_action_common.isra.21+0xee/0x110 > [ 333.887809] __do_softirq+0xfd/0x2bb > [ 333.887814] asm_call_on_stack+0x12/0x20 > [ 333.887815] > [ 333.887819] do_softirq_own_stack+0x39/0x50 > [ 333.887821] irq_exit_rcu+0x9e/0xa0 > [ 333.887825] common_interrupt+0xa4/0x140 > [ 333.887828] asm_common_interrupt+0x1e/0x40 > [ 333.887832] RIP: 0010:cpuidle_enter_state+0xc6/0x420 Pradeep, do you have a fix for this crash? -- https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches