Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp5492922imw; Wed, 20 Jul 2022 06:51:38 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tycJVzfd0YyhBm+nIlD0ijjW0vanAYbP9F9bvINJHndjY9+OqVx1/3vO+M9JToX9EFD3zu X-Received: by 2002:a17:90b:3949:b0:1f2:1729:aa47 with SMTP id oe9-20020a17090b394900b001f21729aa47mr5636887pjb.153.1658325098495; Wed, 20 Jul 2022 06:51:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658325098; cv=none; d=google.com; s=arc-20160816; b=dOPsUOd79F+/Sir8GFpb6BkfLyGecESS4hExvCJaiq64YNJNexuq2oAB/x4Wr35CJ8 jJuYrLdhdRyH/hiqNPmDO9aJJjZ6Z3/FgkLpA8Gnpf5ibZMvHzTx9egvR0jNdVKgkTc9 Gy3WC9qlH9xl3RNsQGnaJXijJcmaTHfXyUH1iaVtly6Oa0hmxagyjYHMJXURHvlurMCE 55NixvUEgSTy235SL+RoOaEqPaGHIuQv2oxSTZaBu25vAcsQMgI1HgjtyquM7Lq9Ywmo YZXngyaI14tQseWl/ak5tDxaGywZ/V0Pu6laXCyTECrUU0SMa7lDK/OLw1VNAF1L47Vn od6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ye5tefTy1X225QVhTCepDtdPZKr6UoRcln7OB1HlSNY=; b=NAV9dPW04ury+rXPY/1zxx5XVS74ffIU5a/NsBcOMaIqIut7479JawtT1FK58WuHZY N//nIaSSa0IZYyQxBjI3t/+k3oA70+YZwHwV6W7j5lJccbvJIm33HIbQliD4c91Nu37f zLqB4cy4jW4JSzMmVRlmgUTFUv/jrk7PJTnA26VuWzZmbgG9C7Olxnk2ivnznC3NNh/g KIPc2+Wb8AcvZ7JuxcmdsasCYavwB/vSN2wmq4m4P1lteLevL+paArpAULShJAR2Kam/ aGZLSjd1zZ0GRibFbprtyezxbdcfPNHzqecRZvIjVjMi0RBPF73tBVRNfAiCG5z2O9qZ nNbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b="ewh1/bIk"; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f15-20020a631f0f000000b0041966e94e0fsi23069771pgf.811.2022.07.20.06.51.28; Wed, 20 Jul 2022 06:51:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b="ewh1/bIk"; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239046AbiGTNuX (ORCPT + 65 others); Wed, 20 Jul 2022 09:50:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237257AbiGTNuV (ORCPT ); Wed, 20 Jul 2022 09:50:21 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 056F12A97F for ; Wed, 20 Jul 2022 06:50:20 -0700 (PDT) Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26KDn6sI009050; Wed, 20 Jul 2022 13:50:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=Ye5tefTy1X225QVhTCepDtdPZKr6UoRcln7OB1HlSNY=; b=ewh1/bIkHfafr655cnl/AhW+ZJuHbxFBg7yW3xTplDCXcoxCnaCHmNT3BtOQ0KD/oSFY csf/m9QlebRBgaIo9taW7ErCgyOZoqpq8yPGcUUdyXO/q1UcgSD2e3uevGLS3t/21sMv Y0K5TVm73YzaHRZ4Gt9kUrH/WdMbZknTNruszP0MpOkFjStR6R3WCL0QWxJnT5Ocs+b+ eywTRHYkdT9WswHJ0v5xDh42CvEWr5HTSmeAKtINSYCoGWZ9fD7576O0mA7J3xeD58Sx WBCdMheNtZ1Tq9xDwNYsZqYfGlF9zvfehiwcbUr7us5TFZjyR2IPm/JtYChd6z5b2QPp iA== Received: from nasanppmta02.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3hebfv15ub-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Jul 2022 13:50:17 +0000 Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.47.97.222]) by NASANPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 26KDoGXR003632 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Jul 2022 13:50:16 GMT Received: from nalasex01a.na.qualcomm.com (10.47.209.196) by nasanex01c.na.qualcomm.com (10.47.97.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 20 Jul 2022 06:50:16 -0700 Received: from mpubbise-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 20 Jul 2022 06:50:14 -0700 From: Manikanta Pubbisetty To: CC: , Manikanta Pubbisetty Subject: [PATCH 1/4] ath11k: Fix double free issue during SRNG deinit Date: Wed, 20 Jul 2022 19:19:56 +0530 Message-ID: <20220720134959.15688-2-quic_mpubbise@quicinc.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220720134959.15688-1-quic_mpubbise@quicinc.com> References: <20220720134959.15688-1-quic_mpubbise@quicinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: Q2w1L2xL4CGZcWGTjqHdz9t7edGvLRjk X-Proofpoint-ORIG-GUID: Q2w1L2xL4CGZcWGTjqHdz9t7edGvLRjk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-20_08,2022-07-20_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxlogscore=780 impostorscore=0 malwarescore=0 clxscore=1015 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 suspectscore=0 mlxscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207200057 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Currently struct ath11k_hal::srng_config pointer is not assigned to NULL after freeing the memory in ath11k_hal_srng_deinit(). This could lead to double free issue in a scerario where ath11k_hal_srng_deinit() is invoked back to back. In the current code, although the chances are very low, the above said scenario could happen when hardware recovery has failed and then there is another FW assert where ath11k_hal_srng_deinit() is invoked once again as part of recovery. Addressing this issue is important when low power mode support is enabled in the driver (will be added by a future patch) where this scenario is likely. Fix this by assigning the struct ath11k_hal::srng_config pointer to NULL after freeing the memory. Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 Signed-off-by: Manikanta Pubbisetty --- drivers/net/wireless/ath/ath11k/hal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index bda71ab5a1f2..ebdf3b1a6661 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -1319,6 +1319,7 @@ void ath11k_hal_srng_deinit(struct ath11k_base *ab) ath11k_hal_free_cont_rdp(ab); ath11k_hal_free_cont_wrp(ab); kfree(hal->srng_config); + hal->srng_config = NULL; } EXPORT_SYMBOL(ath11k_hal_srng_deinit); -- 2.35.1