Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4394900ioa; Wed, 27 Apr 2022 02:56:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGp6b6fQ2Ph8R9e4AW999mkpEnuzI92lfA90qyJLhpoQMzTrQaXOUA2cAhw/mHtDvVrppt X-Received: by 2002:a17:902:f789:b0:156:5f56:ddff with SMTP id q9-20020a170902f78900b001565f56ddffmr28124129pln.116.1651053361533; Wed, 27 Apr 2022 02:56:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651053361; cv=none; d=google.com; s=arc-20160816; b=C03mIvqI2QOC0O4q8NAI7YsN4neR24b7df5DeSiw+t6sHilln9LUILnuG9GQSn0Cq7 fUQofInqT9nbOUYs8AYX2z5/Uxq4y8sZc423gVXyEb4krcK1Yhc0R+uMOPt6nzkM7s+Q kHM0FrA0LmvA5K3SKrsF6W3dbEV4g1QLf6kiGdbRQ+AB/xICkbEH9+1B4RBz3ZcbGi9v d0AZemXzXZWIn/qQ7hNbVizzQ3AqKgKAKQUQaMPtliZGs0Q6XJUN93OyYj3I7CA2hZMZ ERiYZTGWN5cNR9mCr29sfz1japGhgiAYidN2VtZSfRixznB4HXRh9yGv2R9GaqJkk8rT ZZ/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:message-id:user-agent:cc:to:references :in-reply-to:from:subject:content-transfer-encoding:mime-version :dkim-signature; bh=0xrJZnDqTJm5at89COZDH8pdCzwbeX9ysXMTbI2a9kA=; b=IU2u3o/0USewPBtY3ymoEsY9Jlpou9C0j8Bxl2D7bB5hYXzjBVqt+lkoF66JeVuVfq bKxVXOSj1KmJt/0bwOa/Jxkbk0JCC46HwVWdQWt7zb9EUMznYZTaY+MWQ0YsGNZ02DWq K6CLCrvWpI3P+TgoGqJdj/4aE8jN2rA0jjiM2urEVAGi7Mm9ZKHz1de62rrY8TGYU31a oA46nuNpFWlVVbgKzSzhWSqpym0ZjFlpHc0Vdk/Ni6hbw20am27jGFy4Ovh4acr3w1wR k63LuaXkjvq6hc+lHGyQ5ZeHgdTbUmZouRGynb4+YF5XcZaj3tiikPSBYQxbSS7tn4vs 84sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uZ0hEjsQ; spf=softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id a28-20020a631a1c000000b0039845840ff2si1023994pga.41.2022.04.27.02.56.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 02:56:01 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uZ0hEjsQ; spf=softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 133442BA9EB; Wed, 27 Apr 2022 02:25:40 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357780AbiD0FGH (ORCPT + 67 others); Wed, 27 Apr 2022 01:06:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240085AbiD0FGG (ORCPT ); Wed, 27 Apr 2022 01:06:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8546F7522B; Tue, 26 Apr 2022 22:02:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3325DB824AE; Wed, 27 Apr 2022 05:02:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4436C385A9; Wed, 27 Apr 2022 05:02:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1651035774; bh=Ryk8RyZobT8Xsk55rLKfasMQd9aoSfXpUoz9jmg9C1w=; h=Subject:From:In-Reply-To:References:To:Cc:Date:From; b=uZ0hEjsQhtn5NIRodXZVZEOb+b8NreursonsXHaa98ogCO1eR2y1Qdw/Bz4a6H/bT MAFQBSN/uY0BHKogTRpuh2TvhzbXim3yAY02An9d85IgHHXGVUB7qx9XmrFaq3i1Vp 1fE3I9VyOHtTwp4Qo5V1+NbL0OZ8K2LqDziwDk/Ej1tYw5+1Mwhv2Vvv48PkxZpjLA i8mIKRh1PkgJK3EC26UWP/QD2uZS/ESaUwdx28rccNERJJPxraJUobFwWbm8WOE+aR ATSfBKs8z+LxZaIJleuvIo265UtfeE553JU95tiQ7+0KsIuGWR7ghB4IZGVGHuM8GC iJptZkILu589Q== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: rtl818x: Prevent using not initialized queues From: Kalle Valo In-Reply-To: <20220422145228.7567-1-alexander@wetzel-home.de> References: <20220422145228.7567-1-alexander@wetzel-home.de> To: Alexander Wetzel Cc: linux-wireless@vger.kernel.org, Alexander Wetzel , stable@vger.kernel.org, pa@panix.com User-Agent: pwcli/0.1.0-git (https://github.com/kvalo/pwcli/) Python/3.7.3 Message-ID: <165103577076.18987.11755306741060093427.kvalo@kernel.org> Date: Wed, 27 Apr 2022 05:02:52 +0000 (UTC) X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Alexander Wetzel wrote: > Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. > Ignore the skb priority for those cards, they only have one tx queue. Pierre > Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: > > https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html > > He also confirmed that this patch fixes the issue. In summary this happened: > > After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a > "divide error: 0000" when connecting to an AP. Control port tx now tries to > use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in > 2.10. > > Since only the rtl8187se part of the driver supports QoS, the priority > of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185 > cards. > > rtl8180 is then unconditionally reading out the priority and finally crashes on > drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this > patch: > idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries > > "ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got > initialized. > > Cc: stable@vger.kernel.org > Reported-by: pa@panix.com > Tested-by: pa@panix.com > Signed-off-by: Alexander Wetzel Patch applied to wireless-next.git, thanks. 746285cf81dc rtl818x: Prevent using not initialized queues -- https://patchwork.kernel.org/project/linux-wireless/patch/20220422145228.7567-1-alexander@wetzel-home.de/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches