Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1205392pxb; Fri, 21 Jan 2022 12:12:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJwC0Wnx0Wz1ns7jCjSRVKEzru0hvfogHMT3VjjRozZ9Nj3hM+W3tJu5+p97396XaV3thi+d X-Received: by 2002:a17:902:da8a:b0:14b:2e7b:b557 with SMTP id j10-20020a170902da8a00b0014b2e7bb557mr799834plx.72.1642795966722; Fri, 21 Jan 2022 12:12:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642795966; cv=none; d=google.com; s=arc-20160816; b=nN0ZvXD6EtlyndP71WzD7qWF8BHpjt6kRDzY6nyOmHhmPuXVJoR5fEjO9kU8oeVjhr 1CS9lgZ5zx6D2a5xBrjP6fe1cbo5jZuIF2wNZqBl8lZf5zX8nlQkvQLPp8gB3a5x7ujD xFTt5NQo2uRNz0wy92BsaQ3N/UuIQhKt8HWc1MARBua8rycLr+oSiY6oeIsO0baV8Sqy gYc5LnrAxxq3Y89Va2bR8hVTjbwqF8B8E3Atz5mOdtF46F/MyVqG5RaP83U9t8DtQ0Sy 9sDfGGIGo4guTIx/uafM+t3bKZ47EexUe5I/Jv4Al4dHpcTN1dBKoEyE71OVrJELOrE6 Bhfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9YlhDwZwhJdseLFri8B+QmEyJ1DKDdqZmCn1rJgVyQ8=; b=lW5GxKPqPNsUilb8h+xGJnIxAUCM5C5tkAB9qh0hGfyamfjALG4UaIpc3MKuZTIayb tfIMMRlgWaReq8neoA09uKeBo1fLVg1N9WCBRUAl3jUUIAuXhgPfl0upFvMNuhKGX8h+ JCgJHtQcJXwpUOrw7wj4gSbgOUOxvFI7P6z6ckhJyq7EYqM1DPVG6zodmcgU7vqZNST9 lUgmVp3a89554IKwKg6z22aSye7LLHR4D+bAnGJldPBdearP0dYJhSAdfEFgHb6PQ5cn TGzKfiubz5e5FcrHF/6z05SByw8vNnzOsdWZ4vJmwZ0ncZnFyirt8+9WlMepgFl0JPCy HY3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=M+Qx+tUa; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c23si841991pgl.253.2022.01.21.12.12.37; Fri, 21 Jan 2022 12:12:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=M+Qx+tUa; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344545AbiASXfC (ORCPT + 70 others); Wed, 19 Jan 2022 18:35:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232430AbiASXfC (ORCPT ); Wed, 19 Jan 2022 18:35:02 -0500 Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A69DDC061574; Wed, 19 Jan 2022 15:35:01 -0800 (PST) Received: by mail-wm1-x335.google.com with SMTP id e9-20020a05600c4e4900b0034d23cae3f0so9266122wmq.2; Wed, 19 Jan 2022 15:35:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9YlhDwZwhJdseLFri8B+QmEyJ1DKDdqZmCn1rJgVyQ8=; b=M+Qx+tUaIlaog0g0TlMl8WptFfR4UZgFar8XgUCC4h2Ve+b4eZIsBzPqhjBFs3KSjM QIEeT7O6VSswkKrGMtxAJs07R5OR1tZUDjmQvj+QeznNS9H73YuaxSajdOiyXyzJy8zx k1MKUZEzJvOIkzjMqprp80dSOtJmZwzthzYuJCBP9kUSIa2bBDQ3PjisY7j0TUem+JEk 1RLe4tpcW1ckQg5jlipopAmDxpBewqrWDhpVky052r1dZIqLR5kxHxwEYUOuZWerq3Qg wm9PEjV33eTIgBHG4BVKoyAFz3Ihg7lLFj/ikkFm+KUfvvKdZkU6KOxOlU/2TQ0zAqbt mJNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9YlhDwZwhJdseLFri8B+QmEyJ1DKDdqZmCn1rJgVyQ8=; b=ewNhdmmeDmUx+0ui3dxuiZoacOrYuwTCfkBrUnYhEoyQ1Z+CGoMftkm//XWYC9pcBt tbsJCbcoNCZgv435jMdjh6bEQzaX9MSsGM/rjO0AGNtUBzG+ANilDi6RuOGkOcI4R6Z0 +g9rKXJobEfNz3iWPDycFEL0pamDNSSulvjZQjsLk8OPD28i2szu3kkWHPiwvm2Jl3jg VUimwGGdvoOA0Q+vj6YdpziMWAN7KjBI8hOQfpFvUstBL5Mg7UQzx+L5ZmmZNP1vvq41 rr6cJc9P9vZzQjhuTSyaEZ5HM1asZ3qxIuRqSS+h+pcZZfdw5XZiDfRNjEdbb0+VNdh3 VrWw== X-Gm-Message-State: AOAM530PK9SLdn44rWX2MO5AS/v/bm+Uu32LfUN8O/+TKx37JUunycci EaJj2Sez2gqHR4FjDOKX+Q8Pnuo3hoohp9EQ7VuepuKWF56xBA== X-Received: by 2002:adf:fa8d:: with SMTP id h13mr7838453wrr.154.1642635300064; Wed, 19 Jan 2022 15:35:00 -0800 (PST) MIME-Version: 1.0 References: <20220117115440.60296-1-miquel.raynal@bootlin.com> <20220117115440.60296-18-miquel.raynal@bootlin.com> <20220119235600.48173f5b@xps13> In-Reply-To: <20220119235600.48173f5b@xps13> From: Alexander Aring Date: Wed, 19 Jan 2022 18:34:49 -0500 Message-ID: Subject: Re: [PATCH v3 17/41] net: ieee802154: at86rf230: Call the complete helper when a transmission is over To: Miquel Raynal Cc: Stefan Schmidt , linux-wpan - ML , "open list:NETWORKING [GENERAL]" , "linux-wireless@vger.kernel.org Wireless" , David Girault , Romuald Despres , Frederic Blain , Nicolas Schodet , Michael Hennerich , Jakub Kicinski , Varka Bhadram , Xue Liu , Alan Ott , Thomas Petazzoni Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi, On Wed, 19 Jan 2022 at 17:56, Miquel Raynal wrote: > > Hi Alexander, > > alex.aring@gmail.com wrote on Mon, 17 Jan 2022 19:36:39 -0500: > > > Hi, > > > > On Mon, 17 Jan 2022 at 19:34, Alexander Aring wrote: > > > > > > Hi, > > > > > > On Mon, 17 Jan 2022 at 06:55, Miquel Raynal wrote: > > > > > > > > ieee802154_xmit_complete() is the right helper to call when a > > > > transmission is over. The fact that it completed or not is not really a > > > > question, but drivers must tell the core that the completion is over, > > > > even if it was canceled. Do not call ieee802154_wake_queue() manually, > > > > in order to let full control of this task to the core. > > > > > > > > By using the complete helper we also avoid leacking the skb structure. > > > > > > > > Signed-off-by: Miquel Raynal > > > > --- > > > > drivers/net/ieee802154/at86rf230.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/net/ieee802154/at86rf230.c b/drivers/net/ieee802154/at86rf230.c > > > > index 583f835c317a..1941e1f3d2ef 100644 > > > > --- a/drivers/net/ieee802154/at86rf230.c > > > > +++ b/drivers/net/ieee802154/at86rf230.c > > > > @@ -343,7 +343,7 @@ at86rf230_async_error_recover_complete(void *context) > > > > if (ctx->free) > > > > kfree(ctx); > > > > > > > > - ieee802154_wake_queue(lp->hw); > > > > + ieee802154_xmit_complete(lp->hw, lp->tx_skb, false); > > > > > > also this lp->tx_skb can be a dangled pointer, after xmit_complete() > > > we need to set it to NULL in a xmit_error() we can check on NULL > > > before calling kfree_skb(). > > > > > > > forget the NULL checking, it's already done by core. However in some > > cases this is called with a dangled pointer on lp->tx_skb. > > Actually I don't see why tx_skb is dangling? > > There is no function that could accesses lp->tx_skb between the free > operation and the next call to ->xmit() which does a lp->tx_skb = skb. > Am I missing something? > look into at86rf230_sync_state_change() it is a sync over async and the function "at86rf230_async_error_recover_complete()" is a generic error handling to recover from a state change. It's e.g. being used in e.g. at86rf230_start() which can occur in cases which are not xmit related. Indeed there is no dangled pointer in the irq handling, sorry. I thought maybe the receive handling but the transceiver is doing a lot of its own state change handling because of some framebuffer protection which is not the case. - Alex